1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DDOS Attacks over a period of months off and on - what can I do?

Discussion in 'Forum Management' started by Donny, May 27, 2016.

  1. Donny

    Donny Active Member

    Hey all,

    I have a situation. A couple of my forums are under constant DDoS attacks at the minute. And this seems to happen on and off every few months.

    I've switched to a decent hosting provider with Arbour protection, use CloudFlare, and have various systems and processes in place. But every now and again when I weaken security (to enable things like tapatalk to work again etc) it isn't too many weeks before the attacks start again. It knocks off all my websites, and we turn on all the strict rules again, and it damages a % of natural genuine traffic.

    I'm trying to find who to report such a situation to in the UK. But there literally appears to be nobody. At least not without receiving a threat for ransom of some sort along with it. SOCA or whatever they're called in the UK now only want to know about it if it's part of a much bigger attack in some way, and don't really care if it's just attacking my sites. Local police can't do anything without a thread of some kind.

    Are there any ways (above or underground) that I can try and trace the attackers? Does anybody have this issue and has managed to report it to somebody?

    Can anybody help at all? Or at least give me somebody to chat to..?


  2. RoldanLT

    RoldanLT Well-Known Member

    I can suggest a solid protection.

    Use Sucuri instead of Cloudflare.
    Choose PRO plan.

    Use a decent Dedicated Server with built in protection like OVH.

    Be sure your IP is not leaking thru:
    • Email Headers
    • Image and Link Proxy
    • Disable all remote file upload like avatars and media gallery

    Problem solve (y)
    orange7 and Donny like this.
  3. Alfa1

    Alfa1 Well-Known Member

    Another approach is to switch from Apache to LiteSpeed Web Server as that will automatically block any IP / user that initiates more than X connections per minute and will also serve up a cache to guests instead of generating new pages. LSWS will increase your server capacity a lot.

    You can also use LSWS in combination with securi.
    Donny likes this.
  4. Donny

    Donny Active Member

    Thanks guys.

    Looks like I have some work to do. I'm just checking in with the server management firm to see how/what they're attacking lately.

    Keep the suggestions coming if anybody else has more to add.
  5. Solidus

    Solidus Well-Known Member

    OVH and ReliableSite offers very good ddos protection. Pair it with Cloudflare Pro and CSF and you've got a very solid layer of protection.
    You can get a RS server and Cloudflare Pro for under $100/month combined.
  6. Donny

    Donny Active Member

    Is OVH OVH.co.uk? Is it just a control panel software?
  7. Solidus

    Solidus Well-Known Member

    They offer dedicated servers with ddos protection. Or a VPS if your budget is tight.
    Donny likes this.
  8. Donny

    Donny Active Member

    Currently with online.net which have Arbour built in. Is it basically the same as that?
  9. RoldanLT

    RoldanLT Well-Known Member

    Donny likes this.
  10. Donny

    Donny Active Member

    Already on Nginx.
    RoldanLT likes this.
  11. RoldanLT

    RoldanLT Well-Known Member

    Alfa1 and Donny like this.
  12. Donny

    Donny Active Member

    CloudFlare does our caching, is this any different?
  13. orange7

    orange7 Active Member

    How do you stop that?

    So these should not be used?
  14. Donny

    Donny Active Member

    I not only do most of the above. I've even switched to Amazon aws for bulk emails. And Google web apps for business for domain related emails (and forum new user verification emails) as those were leaking IP.
  15. RoldanLT

    RoldanLT Well-Known Member

    Cloudflare only does Static Caching, not full page caching (except when you force it on page rules but that will not work on every page).

    Use a separate email server that do not expose your source server IP.
    Like Amazon Ses (I use http://mailinabox.email/).

    Yes or run it thru proxy: https://xenforo.com/community/threads/untrusted-http-client.112944/#post-1041812

Share This Page