• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

DDOS Attacks over a period of months off and on - what can I do?

Donny

Active member
#1
Hey all,

I have a situation. A couple of my forums are under constant DDoS attacks at the minute. And this seems to happen on and off every few months.

I've switched to a decent hosting provider with Arbour protection, use CloudFlare, and have various systems and processes in place. But every now and again when I weaken security (to enable things like tapatalk to work again etc) it isn't too many weeks before the attacks start again. It knocks off all my websites, and we turn on all the strict rules again, and it damages a % of natural genuine traffic.

I'm trying to find who to report such a situation to in the UK. But there literally appears to be nobody. At least not without receiving a threat for ransom of some sort along with it. SOCA or whatever they're called in the UK now only want to know about it if it's part of a much bigger attack in some way, and don't really care if it's just attacking my sites. Local police can't do anything without a thread of some kind.

Are there any ways (above or underground) that I can try and trace the attackers? Does anybody have this issue and has managed to report it to somebody?

Can anybody help at all? Or at least give me somebody to chat to..?

Yours

Donny.
 

Alfa1

Well-known member
#3
Another approach is to switch from Apache to LiteSpeed Web Server as that will automatically block any IP / user that initiates more than X connections per minute and will also serve up a cache to guests instead of generating new pages. LSWS will increase your server capacity a lot.

You can also use LSWS in combination with securi.
 

Donny

Active member
#4
Thanks guys.

Looks like I have some work to do. I'm just checking in with the server management firm to see how/what they're attacking lately.

Keep the suggestions coming if anybody else has more to add.
 

Solidus

Well-known member
#5
OVH and ReliableSite offers very good ddos protection. Pair it with Cloudflare Pro and CSF and you've got a very solid layer of protection.
You can get a RS server and Cloudflare Pro for under $100/month combined.
 

Donny

Active member
#14
I not only do most of the above. I've even switched to Amazon aws for bulk emails. And Google web apps for business for domain related emails (and forum new user verification emails) as those were leaking IP.
 

RoldanLT

Well-known member
#15
CloudFlare does our caching, is this any different?
Cloudflare only does Static Caching, not full page caching (except when you force it on page rules but that will not work on every page).

How do you stop that?
Use a separate email server that do not expose your source server IP.
Like Amazon Ses (I use http://mailinabox.email/).

So these should not be used?
Yes or run it thru proxy: https://xenforo.com/community/threads/untrusted-http-client.112944/#post-1041812