2014-11-19, 02:39 PM
(2014-11-19, 02:33 PM).m. Wrote: [ -> ]for disabling remote avatars, this method should still work (can't check the files right now)
It does.
While you're at it, patch your mailing as it will also give out the backend ip.
2014-11-19, 02:39 PM
2014-11-23, 10:02 PM
Hi if you have your own server I recommend downloading Configserver Security Firewall (CSF). It has settings which can greatly reduce the incidence and effects of a DDOS attack.
Info Here
The link for DDOS settings of CSF can be found at anandarajpandey.com/2014/04/21/how-to-prevent-ddos-attack-by-csf-firewall/.
CSF has a GUI module for CPanel and Webmin.
I use ClamAV and Linux Malware Detect on my server. Before my new site goes live I will be setting up crontabs to scan the avatar and attachment directories every 10-15 minutes and delete automatically anything they flag.
Hope this helps,
Talen
Info Here
The link for DDOS settings of CSF can be found at anandarajpandey.com/2014/04/21/how-to-prevent-ddos-attack-by-csf-firewall/.
CSF has a GUI module for CPanel and Webmin.
I use ClamAV and Linux Malware Detect on my server. Before my new site goes live I will be setting up crontabs to scan the avatar and attachment directories every 10-15 minutes and delete automatically anything they flag.
Hope this helps,
Talen
2014-11-24, 01:48 AM
(2014-11-18, 06:02 AM)Jabberwock Wrote: [ -> ]Hey guys I'm in serious trouble, there is someone that keeps ddosing my website and crushing the server every time.
I've moved to another server bigger and stronger and my website still goes down.
I've CloudFlare protection and I've set it to "I'm under attack" mode, but this doesn't help!!!
I've spoke with the attacker and he wants huge money or he won't stop!!!
HELP GUYS!!!!!!!
He is using MyBB exploit to get the backend IP of the server!!!! Through the avatar URL! How to remove the exploit please...!
He put me a deadline 24 hours till he attack again. Please answer fast...!
Such big exploit?
Change avatar URL... use iplogger.org,
example on Mybb site: 173.243.12*.* is the IP of mybb.com...
Not a exploit buddy. Tell him to go f*ck himself, and just switch to a company with protection.
2014-11-24, 03:22 PM
(2014-11-23, 10:02 PM)talen_j Wrote: [ -> ]Hi if you have your own server I recommend downloading Configserver Security Firewall (CSF). It has settings which can greatly reduce the incidence and effects of a DDOS attack.
Info Here
The link for DDOS settings of CSF can be found at anandarajpandey.com/2014/04/21/how-to-prevent-ddos-attack-by-csf-firewall/.
CSF has a GUI module for CPanel and Webmin.
I use ClamAV and Linux Malware Detect on my server. Before my new site goes live I will be setting up crontabs to scan the avatar and attachment directories every 10-15 minutes and delete automatically anything they flag.
Hope this helps,
Talen
That isn't going to help you jack orange if you're getting network attacked tbh.
2014-11-25, 01:27 PM
(2014-11-19, 01:15 PM)Rakes Wrote: [ -> ](2014-11-19, 11:54 AM)Marisa Wrote: [ -> ]Which location?(2014-11-18, 03:26 PM)Euan T Wrote: [ -> ]Exactly as Nathan said. If you're getting attacked, I highly recommend trying RamNode's DDoS protected IPs - even if just for a short time: https://clientarea.ramnode.com/knowledge...icle&id=85
I've been using a RamNode DDoS IP (Staminus) for a while now. They're not that great.
Netherlands.
2014-11-25, 02:23 PM
(2014-11-24, 03:22 PM)Rakes Wrote: [ -> ](2014-11-23, 10:02 PM)talen_j Wrote: [ -> ]Hi if you have your own server I recommend downloading Configserver Security Firewall (CSF). It has settings which can greatly reduce the incidence and effects of a DDOS attack.
Info Here
The link for DDOS settings of CSF can be found at anandarajpandey.com/2014/04/21/how-to-prevent-ddos-attack-by-csf-firewall/.
CSF has a GUI module for CPanel and Webmin.
I use ClamAV and Linux Malware Detect on my server. Before my new site goes live I will be setting up crontabs to scan the avatar and attachment directories every 10-15 minutes and delete automatically anything they flag.
Hope this helps,
Talen
That isn't going to help you jack orange if you're getting network attacked tbh.
Thanks for the advice Rakes. CSF was recommended to me on Web Hosting Talk. Fairly new to Linux and just learning. Maybe I was wrong to offer advice. Apologies
Talen
2014-11-25, 04:29 PM
(2014-11-25, 02:23 PM)talen_j Wrote: [ -> ](2014-11-24, 03:22 PM)Rakes Wrote: [ -> ](2014-11-23, 10:02 PM)talen_j Wrote: [ -> ]Hi if you have your own server I recommend downloading Configserver Security Firewall (CSF). It has settings which can greatly reduce the incidence and effects of a DDOS attack.
Info Here
The link for DDOS settings of CSF can be found at anandarajpandey.com/2014/04/21/how-to-prevent-ddos-attack-by-csf-firewall/.
CSF has a GUI module for CPanel and Webmin.
I use ClamAV and Linux Malware Detect on my server. Before my new site goes live I will be setting up crontabs to scan the avatar and attachment directories every 10-15 minutes and delete automatically anything they flag.
Hope this helps,
Talen
That isn't going to help you jack orange if you're getting network attacked tbh.
Thanks for the advice Rakes. CSF was recommended to me on Web Hosting Talk. Fairly new to Linux and just learning. Maybe I was wrong to offer advice. Apologies
Talen
Take those advice from WHT with a grain of salt, it's a mixed community with just urgh..
Also for forums, if you do it wrongfully you'll just end up blocking most of the users for just refreshing too many times in too short of a timespan etc.
2014-11-26, 05:24 PM
The type of protection will depend on the target of the DoS attack. If they're targetting a certain application, you'll likely need to look into how to protect that application from being targetted (they may be targetting a certain feature of the application which is rather heavy and can be executed without any flood checks for example).
If they're targetting your network, your hosting company should be able to help you with that. If they're targetting your server only, you could use some help from the network as well, to possibly block connections (though if they are valid connections, you may need to restrict who can access your website based on IPs...). Application firewalls may help you too.
There's no simple answer on how to stop an attack like this one.
Maybe this can shed some light on the concept behind it:
http://en.wikipedia.org/wiki/Denial-of-service_attack
http://en.wikipedia.org/wiki/Application...DoS_attack
If they're targetting your network, your hosting company should be able to help you with that. If they're targetting your server only, you could use some help from the network as well, to possibly block connections (though if they are valid connections, you may need to restrict who can access your website based on IPs...). Application firewalls may help you too.
There's no simple answer on how to stop an attack like this one.
Maybe this can shed some light on the concept behind it:
http://en.wikipedia.org/wiki/Denial-of-service_attack
http://en.wikipedia.org/wiki/Application...DoS_attack
2014-11-27, 05:25 AM
(2014-11-18, 06:02 AM)Jabberwock Wrote: [ -> ]Hey guys I'm in serious trouble, there is someone that keeps ddosing my website and crushing the server every time.
I've moved to another server bigger and stronger and my website still goes down.
I've CloudFlare protection and I've set it to "I'm under attack" mode, but this doesn't help!!!
I've spoke with the attacker and he wants huge money or he won't stop!!!
HELP GUYS!!!!!!!
He is using MyBB exploit to get the backend IP of the server!!!! Through the avatar URL! How to remove the exploit please...!
He put me a deadline 24 hours till he attack again. Please answer fast...!
"He is using MyBB exploit to get the backend IP of the server!!!! Through the avatar URL!"
Can someone tell me what exactly this means and how a avatar url can do such?
2014-11-27, 05:57 AM
(2014-11-27, 05:25 AM)new1 Wrote: [ -> ]"He is using MyBB exploit to get the backend IP of the server!!!! Through the avatar URL!"
Can someone tell me what exactly this means and how a avatar url can do such?
The remote avatar feature requires the server making an HTTP request to the URL to confirm it is indeed a valid image. If the person has access to the server logs of the remote domain they can see which server made the request. This isn't an exploit or vulnerability. It's just how the Internet works.
A public IP is like someone's house address. The owner can try to hide it, but at the end of the day anyone can knock and say hello.