XF 1.1 Forums Going Offline Due to Spammers

[System0]

Over the last few days my forums have went offline on two occasions. The incidents happened shortly after I moved to a new host, so my initial assumption was that it was the host's fault for them being offline.

What is strange is that after my three forums come back online, one of them displays a server error message, which makes the forum unusable. Repairing the database seemed to fix this.

The same thing happened on the second occasion. My forums went offline and when they came back online, one particular forum (the same one) had the server error message.

They have advised that my forums have been attacked by the IP 99.15.234.88. I checked an IP lookup service and it states that it is a known spam source.

As I upgraded my forums on the same day, I am not sure if this is a security vulnerability of my new host, of XenForo 1.1.5 (I was previously on 1.1.2), or if it is just a combination of coincidence and bad luck that this happened on the same day I moved host and upgraded.

Does anyone know what is causing this?

Kevin

 

[Paul B]

Has your host explained what it was that caused the forums to go offline?
Was it a DDoS attack?

The server error logs may help with that, as will checking the stat's with regards to traffic, etc.

What is the server error message displayed?

 

[System0]

Thanks for getting back to me on this Brogan.

I just emailed them that question and he replied:

There's nothing in the error logs. Just lots of connections from the same IP.

That sounds more like a DDOS attack.

 

[Paul B]

Sounds like it to me.
Your host should implement some sort of protection or mitigation for that.

 

[Lone Wolf]

Are you sure it's XenForo? We were DDOS'd a couple of weeks back but it turned out to be due to a WordPress vulnerability.

 

[tenants]

Where exactly were they connecting to?

Can you look at your server access logs, was it just the index page (or the registration page)

 

[System0]

Sounds like it to me.
Your host should implement some sort of protection or mitigation for that.

We've agreed to leave it until tomorrow to see if anything changes. Reading between the lines, he has made some changes.

Are you sure it's XenForo? We were DDOS'd a couple of weeks back but it turned out to be due to a WordPress vulnerability.

100% it is not a WordPress issue as that hosting account only has 3 websites on it: all of them XenForo forums

Where exactly were they connecting to?

Can you look at your server access logs, was it just the index page (or the registration page)

He noted there was nothing in the error logs, it was just lots of connections from the one IP.

 

[tenants]

Not the error logs, the server access logs. They have to be connected to somewhere

 

[System0]

There are lots of errors there at the time such as:

Mysqli statement execute error : Incorrect key file for table './....../xf_session.MYI'; try to repair it

Too many connections