Recommended Server Admins Who Handle XF Boards - Site Down - Unknown Issue

Wesker

Wesker

Well-known member
Around 4 hours ago, our site just crashed with what appeared to be a potential denial service attack. No changes were being made to the server. What we have done so far:

  • Turned on all firewall filters
  • Rebooted servers
  • Still reviewing logs
  • Requested assistance from host
  • Turned off all plugins

Despite all efforts, we still have not been able to fix this issue. Last month we had issues with this which by swapping the IPs out fixed this issue - https://xenforo.com/community/threads/syn-flood-attack.179382/#post-1419407

These have been ongoing problems with constant attacks and downtime.

Short term we're looking for some assistance to get us back online. Long term we're looking for recommendations from the community on assistance with handling our servers. We're in the process of moving to a new host as recommended here - https://xenforo.com/community/threads/hosting-recommendations.176927/ but at the same time we need assistance maintaining our servers and fixing urgent downtime issues like this as our current team who handles this is not available.

More than willing to pay whatever costs are needed we just need to look for solutions out there short and long term.
 
Mr. Jinx said:
If your current host does not provide DDoS protection, then the easiest and quickest way is to setup a cloudflare account and use this as a frontdoor to your website, without moving to another host.
Click to expand...

They're bypassing CF and our current host using Voxality who has never been able to mitigate any of these attack. Yes I am aware we need to make patches to ensure they cannot bypass CF but our existing host is unable to do anything in terms of mitigating these attacks when they do bypass cloudflare which is why we're in the process of moving hosts.
 
Do you have a fully managed service with a WAF? I used to work for a web host and trying to stop a ddos is a challenging tasks even when you know what is going on, you can't just give the customer free equipment or make changes they don't pay for.

At the very least, you can limit the number of simultaneous connections from a single ip, there are synflood protections and you can also setup rules inside your control panel to add offending IPs to CSF or whatever software firewall you're using.

There is little to no point in getting a new IP, if you're leaking the current IP such as through your DNS records, the problem will simply re-occur and you'll be back at square one. Find out how they are getting your IP. If you send email from your server then it could be appearing in your SPF records or any number of places. If you use cloudflare, move your email off to a different subnet at the very least, preferably to a different box entirely, such as a hosted email provider like amazone SES or Google, etc.

Additionally, if you use addons like @AndyB convert image addon, it exposes your IP address every time it fetches a remote image. EDIT: Apparently unless you're using the proxy setting that Andy notified me about
 
Last edited:
Also, something else to mention:

Don't ask for a web host to 'replace' your ip. Generally they aren't going to want to do that because you're just going to continue to dirty their IP pool. Ask them for an additional IP, then you can quietly switch to it. Additionally, if you are sending mail, changing your mail IP will cause all your email to wind up in people's spam boxes again until you can rebuild your IP reputation.
 
Thank you all for the assistance. We have alot of work to do on this and appreciate the help.

Any other recommendations or information you want to share, feel free to let us know.
 
You must log in or register to reply here.
Back
Top Bottom