1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sites under attack... Help?

Discussion in 'Server Configuration and Hosting' started by JMEWLS, Nov 9, 2013.


    JMEWLS Active Member

    Alright, so basically my site is getting crashes because it's under attack. I'm not 100% sure what it is, but I've been in contact with the hosting because I'm pretty dumb when it comes to this type of stuff. I'll quote the
    emails below...

    Has anyone else experienced this before? Is there a fix? Go easy on me, I'm pretty new to this type of stuff.

    Thanks to whoever has the time to reply.
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Is it the same IP address or range of IP addresses?

    If so, block them at the server level.

    JMEWLS Active Member

    They're all different IPs to my understanding.
  4. Alfa1

    Alfa1 Well-Known Member

    Consider LiteSpeed WebServer as it has a function that limits the number of connections per IP.
    Bad Behavior blocks any connection by blacklisted bots: http://bad-behavior.ioerror.us/
    The combination of the above has resolved 99% of my problems with daily DDoS attacks on my big board.
    JMEWLS likes this.

    JMEWLS Active Member

    Is there any other means to help with DDOS attacks? Is badbehaviour easy to install? Are there any add ons I should consider downloading.
  6. AzzidReign

    AzzidReign Well-Known Member

    www.ddosdefend.com - they helped me a lot in the past

    I've been trying out cloudflare's ddos protection and it's been a lil shoddy, thinking about going back but cf may be able to help you with your stuff. Doubt it is anything like the attacks I get...I've had multiple attacks above 60gbps.
    JMEWLS likes this.

    JMEWLS Active Member

    I've been told it's a "large layer 3/4 DDoS attack" again, I'm not very smart at this type of stuff. But I've been reading in and it doesn't sound to great.

    JMEWLS Active Member

    Are there anymore suggestions? I'm a student so paying 200 a month for cloudfare is pretty much out of the picture (as much as I'd like to).

    It's apparently 3/4 DDoS Attack.

    Sorry again for the lack of knowledge on the issue, it's really just me communicating with the host/you guys. ServInt is doing a really good job in trying to give me some clarity though, big ups to them.

    JMEWLS Active Member

    Is bad behavior easy to integrate?
  10. Alfa1

    Alfa1 Well-Known Member

    Yes, I think so. I once asked a vbulletin coder to create an addon for vb and he did not need much time to create it.
  11. WSWD

    WSWD Well-Known Member

    No more suggestions really. Real DDoS protection is extremely expensive, and if the attack is that large, you're kinda stuck. You can ask the provider to null route your IP address until the attack just goes away, but that's also going to put your site offline.
  12. tommydamic68

    tommydamic68 Well-Known Member

    Do you have a wordpress script running on your server? If so, completely disable it or change the permissions.
    Last edited: Nov 10, 2013
  13. Tracy Perry

    Tracy Perry Well-Known Member

    Adam Howard likes this.
  14. JMEWLS

    JMEWLS Active Member

    No wordpress, it's just xenforo. That reply was because servint has similar issues with wordpress with their other clients.

    I'm not even sure what the password prompt thing is (read initial post) but if this is a potential fix whilst I ride this out I guess I'm going to have to do it.

    I'm thinking of implementing badbehaviour and zbblock and seeing what happens from there.. I can't afford ddos mitigation especially for a site that's really just a hobby and isn't considered a big board.

    But I'm not sure if they're really designed to stop ddos attacks even though I've read it brings some protection.
  15. Tracy Perry

    Tracy Perry Well-Known Member

    Those may help... also, is this a shared host or a VPS/Dedi? If VPS/Dedi have you installed fail2ban on it. There is a jail.local def that may help with the empty POST being sent to your webserver.
  16. JMEWLS

    JMEWLS Active Member

    I'm with servint's VPS I'll look into this. Have you had success with this? Will it be able to mitigate 3/4 ddos attacks?

    Thankyou for the suggestion.
  17. Tracy Perry

    Tracy Perry Well-Known Member

    Only true way is hardware... which is $$$$$$, but this may help. You have to be careful though because it monitors ALL GET/POST requests and depending on your site you could inadvertently lock someone out. The second link goes into some detail about it.
    JMEWLS likes this.
  18. Floren

    Floren Well-Known Member

    The only way to stop a DDoS is with a service, using Nginx or Litespeed won't block anything starting with a medium scale attack. I remember that a while ago, LULZ Security had their site protected by Cloudflare. The guys at Cloudflare were happy with that because they were able to tweak a lot their configurations. They saw a wide range of hacking attacks directed at their site, some of which were remarkably clever.
    JMEWLS likes this.

Share This Page