Hey everyone, I hope you'll like this suggestion:
It's basically simple, the administrator can set a maximum number of guests that can browse the forum, let's say it's 500 by default...
Once the number of guests reaches 500, MyBB displays the 503 error page (Service unavailable error)...
DDos attacks for people who don't know what it is:
Millions of requests on the same website and at the same time to shut down the server!
I don't know if there's another way to prevent DDos attacks but I hope this one will be taken into concideration, it can also be useful to make guests register (MyBB message: sorry, no more vacant guest place, register or refresh this page later)...
DDos attacks are best handled at server level. This won't help against DDos attacks, this will just annoy visitors. The error log and access log would still fill up. All you're suggesting is throwing an error.
Plus, sending a 500 Internal Server Error is highly not recommended. That would indicate there was an issue with the web server. If by any chance this was implemented it would have to be a 503.
Yeh, this is just going to annoy people and/or make them think that you're website is not well managed.
Quote:It's basically simple, the administrator can set a maximum number of guests that can browse the forum, let's say it's 500 by default...
Bad idea. If you implement that then you're destroying your forum and will eventually turn out dead.
Limiting thread views for guests is okay and acceptable.
If your forum is getting DDoS'ed then you're doing something wrong in general. Do not make your users suffer even more.
As I said it shouldn't affect
users, only
guests should have these limitations...
And about the 500 page, I fixed it, they should see a
503 page
But why are you all using the word "suffer"??
If there's a DDos attack, a guest who sees a 503 error page is luckier than the one who gets a page that doesn't load at all...
In general what I wanted to do:
On DDos attack
A member continues to browse normally because
hopefully extra requests aren't taken into concideration by the program...
A guest sees a 503 page whether he's a real guest or a fake one!
If the attack is huge, the web server won't even get as far as processing PHP, meaning it would just keep loading.
That may not do anything. They don't really have to attack the board directly for a DDOS. As Malcolm said it's best handled at the server level(before if possible
).
Cisco Guard can be you friend
MyBB already does this with a setting for load limit.
As Malcom said, DDos is a server attack, not a site attack. You can shut the server down with one regardless of any settings in the forum software. (Login floods and post floods aren't DDos attacks.)