I had the same attacker as you.
They've defaced me 4 times, they DdoS me so bad that my host(T1hosting) dropped me and they won't quit. Trust that.
(2014-11-30, 05:08 AM)Saint Francis Wrote: [ -> ]I had the same attacker as you.
They've defaced me 4 times, they DdoS me so bad that my host(T1hosting) dropped me and they won't quit. Trust that.
Might not quit but really, you can't give in and simply pay out. Once you've paid them they know you will pay, whats to stop them from coming back and asking for more money? Once they understand that you won't pay and will keep fighting with more protection then eventually they will move onto the next target.
@OP: Are you still getting attacked? Where are you now?
The finishing attack came:
"CloudFlare has been temporarily deactivated for this site due to a large attack. We do not offer advanced DDOS protection in our Free or Pro plans. All temporary holds are based on a domain, so you cannot delete the website and re-add it. We will automatically resume the CloudFlare service in 5 to 7 business days.
CloudFlare includes advanced DDOS protection in its Business plan ($200/month). If you upgrade to the Business plan, your website will be re-activated."
Now they want money.
To remove the Avatar URL feature, then follow this guide.
ACP > Templates > Your template > User Control Panel Templates > usercp_avatar
Now replace all that to this code (only if you are using 1.6 version)
<html>
<head>
<title>{$mybb->settings['bbname']} - {$lang->change_avatar}</title>
{$headerinclude}
</head>
<body>
{$header}
<table width="100%" border="0" align="center">
<tr>
{$usercpnav}
<td valign="top">
{$avatar_error}
<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->change_avatar}</strong></td>
</tr>
<tr>
<td class="trow1" colspan="2">
<table cellspacing="0" cellpadding="0" width="100%"><tr>
<td>{$lang->avatar_note}{$avatarmsg}
</td>
{$currentavatar}
</tr></table>
</td>
</tr>
<tr>
<td class="tcat" colspan="2"><strong>{$lang->local_galleries}</strong></td>
</tr>
<tr>
<td class="trow2"><strong>{$lang->gallery}</strong></td>
<td class="trow2">
<form method="post" action="usercp.php">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<input type="hidden" name="action" value="avatar" />
<select name="gallery">
{$galleries}
</select>
{$gobutton}
</form>
</td>
</tr>
<tr>
<td class="tcat" colspan="2"><strong>{$lang->custom_avatar}</strong></td>
</tr>
<tr>
<td class="trow1" width="40%"><strong>{$lang->avatar_upload}</strong></td>
<td class="trow1" width="60%">
<form enctype="multipart/form-data" action="usercp.php" method="post">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<input type="file" name="avatarupload" size="25" class="fileupload" />
{$auto_resize}
</td>
</tr>
</table>
<br />
<div align="center">
<input type="hidden" name="action" value="do_avatar" />
<input type="submit" class="button" name="submit" value="{$lang->change_avatar}" />
<input type="submit" class="button" name="remove" value="{$lang->remove_avatar}" />
</div>
</td>
</tr>
</table>
</form>
{$footer}
</body>
</html>
(2014-12-01, 04:20 PM)PhantomD Wrote: [ -> ]To remove the Avatar URL feature, then follow this guide.
ACP > Templates > Your template > User Control Panel Templates > usercp_avatar
Now replace all that to this code (only if you are using 1.6 version)
<html>
<head>
<title>{$mybb->settings['bbname']} - {$lang->change_avatar}</title>
{$headerinclude}
</head>
<body>
{$header}
<table width="100%" border="0" align="center">
<tr>
{$usercpnav}
<td valign="top">
{$avatar_error}
<table border="0" cellspacing="{$theme['borderwidth']}" cellpadding="{$theme['tablespace']}" class="tborder">
<tr>
<td class="thead" colspan="2"><strong>{$lang->change_avatar}</strong></td>
</tr>
<tr>
<td class="trow1" colspan="2">
<table cellspacing="0" cellpadding="0" width="100%"><tr>
<td>{$lang->avatar_note}{$avatarmsg}
</td>
{$currentavatar}
</tr></table>
</td>
</tr>
<tr>
<td class="tcat" colspan="2"><strong>{$lang->local_galleries}</strong></td>
</tr>
<tr>
<td class="trow2"><strong>{$lang->gallery}</strong></td>
<td class="trow2">
<form method="post" action="usercp.php">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<input type="hidden" name="action" value="avatar" />
<select name="gallery">
{$galleries}
</select>
{$gobutton}
</form>
</td>
</tr>
<tr>
<td class="tcat" colspan="2"><strong>{$lang->custom_avatar}</strong></td>
</tr>
<tr>
<td class="trow1" width="40%"><strong>{$lang->avatar_upload}</strong></td>
<td class="trow1" width="60%">
<form enctype="multipart/form-data" action="usercp.php" method="post">
<input type="hidden" name="my_post_key" value="{$mybb->post_code}" />
<input type="file" name="avatarupload" size="25" class="fileupload" />
{$auto_resize}
</td>
</tr>
</table>
<br />
<div align="center">
<input type="hidden" name="action" value="do_avatar" />
<input type="submit" class="button" name="submit" value="{$lang->change_avatar}" />
<input type="submit" class="button" name="remove" value="{$lang->remove_avatar}" />
</div>
</td>
</tr>
</table>
</form>
{$footer}
</body>
</html>
Yea and what happens if the user just... idk... Adds an input tag named avatarurl and presses submit?
Oh right, you're back at square one.
(2014-12-01, 04:06 PM)Jabberwock Wrote: [ -> ]The finishing attack came:
"CloudFlare has been temporarily deactivated for this site due to a large attack. We do not offer advanced DDOS protection in our Free or Pro plans. All temporary holds are based on a domain, so you cannot delete the website and re-add it. We will automatically resume the CloudFlare service in 5 to 7 business days.
CloudFlare includes advanced DDOS protection in its Business plan ($200/month). If you upgrade to the Business plan, your website will be re-activated."
Now they want money.
Congratulations, it says it clearly on cloudflares page.
And that's exactly why you shouldn't rely on CloudFlare as an end-all option...
I'd just flat out remove the remote avatar validation PHP code and any URL-based avatars in that database.
(2014-12-02, 01:54 PM)Josh H. Wrote: [ -> ]I'd just flat out remove the remote avatar validation PHP code and any URL-based avatars in that database.
That already been removed a while ago but did you see CloudFlare's message?
I have
Board Statistics of: "The most users online at one time was 1,426 on Today at 01:13 AM"
He has 1400 bots to his disposal
(2014-12-02, 04:27 PM)Jabberwock Wrote: [ -> ] (2014-12-02, 01:54 PM)Josh H. Wrote: [ -> ]I'd just flat out remove the remote avatar validation PHP code and any URL-based avatars in that database.
That already been removed a while ago but did you see CloudFlare's message?
I have Board Statistics of: "The most users online at one time was 1,426 on Today at 01:13 AM"
He has 1400 bots to his disposal
I already asked if you wanted help but you ignored that message, it's not exactly that hard to protect against stuff <.<
And he seriously does not have 1400 bots, something tells me you have your online time sat to a high nr like 24 hours which yes actually gets counted into that output.
If you were hit by 1400 bots it wouldn't even get to that stage as your cpu would be too busy handling everything else
We are on a server with 24 cores. And no, the time duration for the counter is 15 minutes.