Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to detect attacking IPs?
#1
Hi all,

My forum was attacked, hacker sent consecutive requests to a URL of my forum to cause limitations on host (I'm using free host).

Can you help me how to find IPs that attack my forum?

Thank you!
Reply
#2
Look at your site's access logs. You can usually access those through your hosting control panel.
[Image: lSCzrSK.png]
Reply
#3
This user has been denied support. This user has been denied support.
Free host likely means you can't do very much.
Reply
#4
(04-13-2012, 12:23 AM)Josh H. Wrote:  Look at your site's access logs. You can usually access those through your hosting control panel.

(04-13-2012, 01:22 AM)labrocca Wrote:  Free host likely means you can't do very much.

Because of free host, when I asked the supporter about this, they said that I kindly ask this case at MyBB community.

Any functions in ACP show the IPs which connected to forum?

Thank you for your interest!
Reply
#5
This user has been denied support. This user has been denied support.
You can view the Who's Online list. And block IP in admincp but a real DDOS attack would mean you can't access the site. Blocking them at the MyBB level will not help you. It's a host issue.

You can probably add the IPs to a block list in htaccess.

Also if you do have your own domain you can use Cloudflare as a proxy that will give you some protection from attacks and they do have a deny list you can use. Also you can block by country a lot easier with their service.
Reply
#6
This user has been denied support. This user has been denied support.
Unless you use VPS or have an SSH access, you cannot find the attacking IPs.
Reply
#7
(04-13-2012, 05:30 AM)crazy4cs Wrote:  Unless you use VPS or have an SSH access, you cannot find the attacking IPs.

He can if he has access to the RAW access log.
Reply
#8
This user has been denied support. This user has been denied support.
RAW logs is pretty time consuming. It has a lot of not needed information listed as well along with IPs such as useragents,etc. When you're having DDOS, watching logs is kind of old man type thing.

If you've SSH access, you can find troubling IPs and bust them.
Reply
#9
(04-14-2012, 05:48 AM)crazy4cs Wrote:  RAW logs is pretty time consuming. It has a lot of not needed information listed as well along with IPs such as useragents,etc. When you're having DDOS, watching logs is kind of old man type thing.

If you've SSH access, you can find troubling IPs and bust them.

At least you can find the attacking Ips even if it's time consuming or if it's kind of old.
And watching the RAW log is the almost the only alternative if you are on a shared hosting and you are being DDoSed, If you don't have SSH access or root access, which you don't have in shared hosting.
Reply
#10
(04-13-2012, 04:09 AM)labrocca Wrote:  You can view the Who's Online list. And block IP in admincp but a real DDOS attack would mean you can't access the site. Blocking them at the MyBB level will not help you. It's a host issue.

You can probably add the IPs to a block list in htaccess.

Also if you do have your own domain you can use Cloudflare as a proxy that will give you some protection from attacks and they do have a deny list you can use. Also you can block by country a lot easier with their service.

Yes, we can. And we just launched a new DDoS mitigation feature that will help CloudFlare users even more.
Damon, CloudFlare Community
Tips for using MyBB with CloudFlare
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)