1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DeDos - Anti DOS - Lock out spam bot/scrapers/tors [Paid] [Deleted]

Discussion in 'Add-on Releases' started by tenants, Jun 8, 2014.

  1. tenants

    tenants Well-Known Member

    This adds 0 extra queries to threads/forums/index/etc (It makes use of session and the global cache)
    On kicking bots out, the page the bots then visit is a low Kb page which makes use of the global cache (low query)



    tenants submitted a new resource:

    DeDos - Anti DOS for spam bot/scrapers - Reduce DOS resource usage from Scrapers / Spam Bots / Simple DOS attacks

    Read more about this resource...
     
    Last edited: Jun 9, 2014
  2. Stuart Wright

    Stuart Wright Well-Known Member

    @tenants On install:
    Error
    Callback Tac_CustomImgCaptcha_CronEntry_CleanUp::runWeeklyCleanUp is invalid (Invalid Class).

    and I'm getting a 401 every time I try to access the front end !!!
    and I can't uninstall the addon because it didn't install


    So AVForums is effectively down right now. Trust me for being the first!
    [Edit] deleted the library/tac/DeDos folder and we're back.
     
    Last edited: Jun 8, 2014
  3. tenants

    tenants Well-Known Member

    I can fix the first error, that's just a school boy error (pointing to the wrong cron)


    Was there anything in your dedos logs that might have told you why (it might just have been due to an incomplete install)?

    I've installed it on 3 forums, tested for a few days, no issues (but they did all have CustomImgCaptcha, so I would never have seen the error)

    I'll make a fix and update soon
     
    Last edited: Jun 8, 2014
  4. Stuart Wright

    Stuart Wright Well-Known Member

    Thanks. I don't have a DeDos log option in the Tools page because it didn't successfully install. Or because I deleted the folder.
    CuteFTP reported that all the files uploaded ok.
     
  5. tenants

    tenants Well-Known Member

  6. tenants

    tenants Well-Known Member

    Fixed the cron issue, let me know how it goes. In testing this, I've never seen an incomplete install, so it could have caused the other issue
     
  7. Stuart Wright

    Stuart Wright Well-Known Member

    Ok I uploaded the latest version, but then when I go to the admin page, all I get is a huge logo in the middle of the screen and nothing else. So basically I can't access the admin pages.
    On the front end, the forum index is empty http://www.avforums.com/
    Things are well screwed up.
    [Edit] Again, everything fixed if I delete the DeDos folder which I have had to do.
     
  8. tenants

    tenants Well-Known Member

    Is there any reason this wouldn't work on your server:

    $stringIP = (isset($_SERVER['REMOTE_ADDR']) ? (string)$_SERVER['REMOTE_ADDR'] : '0');

    Basically, you would only get the 401 if this happened:

    Code:
            $dd_known_dos = XenForo_Application::getSimpleCacheData('dd_known_dos');
        
            if($dd_known_dos)
            {
                if(array_key_exists($stringIP, $dd_known_dos) && ($dd_known_dos[$stringIP] > $timenow - $ddMaliciousCacheTime))
                {
                    // send the user a 401
                    $this->maliciousEvent();
                }
            }
    
    Since it's unlikely that you are DOS attacking your own site (and I've seen it myself on your site, so I know this isn't the case), the only other reason is that $stringIP is set to 0 or the same IP for all users, and that has been cached.

    Do you use cloudflare? (I can imagine that would cause an issue, since all users could have the same IP address)
     
  9. Stuart Wright

    Stuart Wright Well-Known Member

    I have no idea whether
    $stringIP = (isset($_SERVER['REMOTE_ADDR']) ? (string)$_SERVER['REMOTE_ADDR'] : '0');
    would work or not. How would I find out? I can do any DB query you like.
    And I have never heard of cloudflare.
    At this point the addon seems to have half installed. It's not in the addons list.
    [Edit] I don't know if it makes any difference, but I have to connect to the server via its VPN in order to FTP, and I'm connected that way.
     
  10. tenants

    tenants Well-Known Member

    Okay, so it's still in the semi installed state (which is probably why it's still not working and causing issues)
    If you have never heard of cloudfalre, then it's unlikely to be the cause.

    This is a little tricky, but if you turn debug mode on, DeDos will no longer call the 401 (so you can place the files back install/uninstall/reinstall 1.0.8 and no one will see the 401)
    -If you need help (need me to look) let me know

    To turn on debug mode (temporarily), see: http://xenforo.com/community/threads/frequently-asked-questions.5183/#post-248490

    But don't forget to turn off debug mode once you're done. You usually shouldn't need to do this (unless you test DOSing your own site, in which case turning on debug mode allows you to gain access to the ACP).

    I believe the issues you are seeing are likely to be due to the incomplete install, are there any other server error logs?
     
    Last edited: Jun 9, 2014
  11. Stuart Wright

    Stuart Wright Well-Known Member

    I set the system up to automatically go into debug mode when I connect to the VPN.
    I got several of these
    and two of these
    and one of these
     
  12. tenants

    tenants Well-Known Member

    I've now figured out why this would happen on an incomplete install:

    Code:
            if($maliciousRequestCount >= $options->ddMalMaxRequests)
            {               
                // call the 401     
                $this->maliciousEvent();
            }
    
    Well that's an interesting one... since it's an incomplete install $options->ddMalMaxRequest = 0, so the 401 will always be called. I'm going to add a fix for that, but incomplete installs should be rare (although, I don't want anyone running into this again, so I'll add the fix)
     
  13. Stuart Wright

    Stuart Wright Well-Known Member

     
  14. tenants

    tenants Well-Known Member

    All of those errors would have happened when you deleted the files, are there new errors after turning on debug mode and putting the files back

    You do need to manually turn on debug mode if the 401 occurs and prevents you from getting in

    I've intentionaly added the dubug mode as a work around to avoid 401s (if admins lock their own accounts when testing the product)
     
    Last edited: Jun 8, 2014
  15. Stuart Wright

    Stuart Wright Well-Known Member

    Debug mode is always on, though, by editing the config file.
    Something different is happening this time... I got in and it's installing...
     
  16. Stuart Wright

    Stuart Wright Well-Known Member

    We have a dual server setup. I wonder whether the FTP uploads to one and the installation runs on the other? This isn't the first time this kind of thing has happened.
    [Edit] Phew, ok it installed ok this time. Thanks for your patience and attention!
    I have a page full of locked out IPs though from when I first tried to install it at 6:27pm.
    Actually I have 40 pages worth of locked out IPs. The order of them seems to be backward. Normally I would expect them to be in date descending order, but they are in date ascending.
    @tenants assuming the IP list was largely created in error, I'm wondering whether I ought to disable DeDOS until I can clear the IP list.
     
    Last edited: Jun 8, 2014
  17. UnitySoft

    UnitySoft Member

    Awesome Add On, great author :)
     
  18. tenants

    tenants Well-Known Member

  19. tenants

    tenants Well-Known Member

    There is a button at the top to clear the cache (ACP>> Tools >> lockd out IPs >> Clear cache)
    I didn't think it would ever be used, but I never had foreseen an incomplete install... and I certainly never saw the consequences of an incomplete install)... click it and the cache will be cleared. Well, I've patched it up so even an incomplete install shouldn't cause too many issues (other than it being an incomplete install)

    Code:
            if($maliciousRequestCount >= $options->ddMalMaxRequests && ($options->ddMalMaxRequests))
            {          
                    // do the 401 stuff, but this is never reached if $options->ddMalMaxRequests is null/0 (so no issues on incomplete installs)
                    $this->maliciousEvent();
            }
    
    upload_2014-6-8_20-22-16.png
     
    Last edited: Jun 8, 2014
  20. The Forum Heroes

    The Forum Heroes Well-Known Member

    Mike, this is great! One question though. Will things that auto-refresh like shoutbox or livepage cause a trigger for refreshing too often?
     
    UnitySoft likes this.

Share This Page