DDOS Attacks over a period of months off and on - what can I do?

[Donny]

Hey all,

I have a situation. A couple of my forums are under constant DDoS attacks at the minute. And this seems to happen on and off every few months.

I've switched to a decent hosting provider with Arbour protection, use CloudFlare, and have various systems and processes in place. But every now and again when I weaken security (to enable things like tapatalk to work again etc) it isn't too many weeks before the attacks start again. It knocks off all my websites, and we turn on all the strict rules again, and it damages a % of natural genuine traffic.

I'm trying to find who to report such a situation to in the UK. But there literally appears to be nobody. At least not without receiving a threat for ransom of some sort along with it. SOCA or whatever they're called in the UK now only want to know about it if it's part of a much bigger attack in some way, and don't really care if it's just attacking my sites. Local police can't do anything without a thread of some kind.

Are there any ways (above or underground) that I can try and trace the attackers? Does anybody have this issue and has managed to report it to somebody?

Can anybody help at all? Or at least give me somebody to chat to..?

Yours

Donny.

 

[rdn]

I can suggest a solid protection.

Use Sucuri instead of Cloudflare.
https://sucuri.net/website-firewall/signup
Choose PRO plan.

Use a decent Dedicated Server with built in protection like OVH.

Be sure your IP is not leaking thru:

• Email Headers
• Image and Link Proxy
• Disable all remote file upload like avatars and media gallery

Problem solve

 

[Alpha1]

Another approach is to switch from Apache to LiteSpeed Web Server as that will automatically block any IP / user that initiates more than X connections per minute and will also serve up a cache to guests instead of generating new pages. LSWS will increase your server capacity a lot.

You can also use LSWS in combination with securi.

 

[Donny]

Thanks guys.

Looks like I have some work to do. I'm just checking in with the server management firm to see how/what they're attacking lately.

Keep the suggestions coming if anybody else has more to add.

 

[m1ne]

OVH and ReliableSite offers very good ddos protection. Pair it with Cloudflare Pro and CSF and you've got a very solid layer of protection.
You can get a RS server and Cloudflare Pro for under $100/month combined.

 

[Donny]

Is OVH OVH.co.uk? Is it just a control panel software?

 

[m1ne]

They offer dedicated servers with ddos protection. Or a VPS if your budget is tight.

 

[Donny]

Currently with online.net which have Arbour built in. Is it basically the same as that?

 

[rdn]

Use free, fast, light, and reliable Web Server Nginx .
With full page caching: https://xenforo.com/community/threa...fastcgi_cache-full-page-guest-caching.110806/

CSF by the way is useless if you are using Cloudflare or Sucuri.

 

[Donny]

Already on Nginx.

 

[rdn]

With full page caching: https://xenforo.com/community/threa...fastcgi_cache-full-page-guest-caching.110806/

? That can help a lot with minor attacks.

 

[Donny]

CloudFlare does our caching, is this any different?

 

[orange7]

Email Headers

How do you stop that?

Image and Link Proxy

So these should not be used?

 

[Donny]

I not only do most of the above. I've even switched to Amazon aws for bulk emails. And Google web apps for business for domain related emails (and forum new user verification emails) as those were leaking IP.

 

[rdn]

CloudFlare does our caching, is this any different?

Cloudflare only does Static Caching, not full page caching (except when you force it on page rules but that will not work on every page).

How do you stop that?

Use a separate email server that do not expose your source server IP.
Like Amazon Ses (I use http://mailinabox.email/).

So these should not be used?

Yes or run it thru proxy: https://xenforo.com/community/threads/untrusted-http-client.112944/#post-1041812