Hey guys I'm in serious trouble, there is someone that keeps ddosing my website and crushing the server every time.
I've moved to another server bigger and stronger and my website still goes down.
I've CloudFlare protection and I've set it to "I'm under attack" mode, but this doesn't help!!!
I've spoke with the attacker and he wants huge money or he won't stop!!!
HELP GUYS!!!!!!!
He is using MyBB exploit to get the backend IP of the server!!!! Through the avatar URL! How to remove the exploit please...!
He put me a deadline 24 hours till he attack again. Please answer fast...!
can you post more details at the private inquiries section. someone from the team might be able to help
It's not a vulnerability nor an exploit. You can disable remote avatars but a determined attacker can find your server IP via other methods.
Every server is "vulnerable" to DDoS attacks, it's not specific to a specific web application. Speak to your host about DDoS mitigation. There's isn't anything MyBB can do to help you with this as it isn't a MyBB issue.
(2014-11-18, 03:26 PM)Euan T Wrote: [ -> ]Exactly as Nathan said. If you're getting attacked, I highly recommend trying RamNode's DDoS protected IPs - even if just for a short time: https://clientarea.ramnode.com/knowledge...icle&id=85
(inb4u read my reply to spock)
As OP doesn't seem to have too much of knowledge in that field it would be hard for him to set it up correctly as it isn't just to buy an ddos protect ip and call it at that, he has to actually bind quite a lot of things plus wouldn't work too great as then he has to move his stuff to the ramnode vps cuz the guy is using the avatar trick.
So the best option is just to open usercp.php search for "Copy the avatar to the local server" and plop an error_no_permission(); above, remove it from the template and enabling cloudflare which is what he actually wants.
(2014-11-18, 03:26 PM)Euan T Wrote: [ -> ]Exactly as Nathan said. If you're getting attacked, I highly recommend trying RamNode's DDoS protected IPs - even if just for a short time: https://clientarea.ramnode.com/knowledge...icle&id=85
I've been using a RamNode DDoS IP (Staminus) for a while now. They're not that great.
Their protection is up to 20Gbps only while the attacker uses 40Gbps or more. And he attacks with multiple bots. I'm unsure how he has all the money for this. Or is it cheap nowadays?
(2014-11-19, 02:12 PM)Jabberwock Wrote: [ -> ]Their protection is up to 20Gbps only while the attacker uses 40Gbps or more. And he attacks with multiple bots. I'm unsure how he has all the money for this. Or is it cheap nowadays?
40 Gbps, and where did you pull that information from? Did he tell you that because that is so skiddie looking due to everything being saturated.
So he's most likely just a kid with a booter so 20 Gbps is enough, and ddosing has been cheap for many years.
Patch the avatar trick, change the server ip and push cloudflare onto under attack, if he bypasses that just pm me and I can help you personally as I have my own setup due to being attack 3-4 times a day by big botnets plus I don't charge anything if you're asking that as I need the data to rebuild what I lost a few months ago in a long story.
for
disabling remote avatars,
this method should still work (can't check the files right now)