MyBB Community Forums
Slowloris Defense - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: Security Management and Support (https://community.mybb.com/forum-179.html)
+--- Thread: Slowloris Defense (/thread-231250.html)



Slowloris Defense - danaconda813 - 2021-02-15

I have an older version of MyBB (1.6-ish)

I am experiencing a Slowloris-style DDOS attack and was hoping someone here could give me a fix - letting me know where to go to change the timeout allowance for incoming session requests, etc.

Is there some sort of code to input? Is there just a setting in there somewhere?

Please let me know anything you can.

Thanks,

D


RE: Slowloris Defense - nixer55 - 2021-02-15

That's web server stuff.  Talk with your host support.  If your mybb installation is 1.6x, shudder to think what else is out of date on your site.  But your host should know.


RE: Slowloris Defense - danaconda813 - 2021-02-15

(2021-02-15, 02:55 PM)nixer55 Wrote: That's web server stuff.  Talk with your host support.  If your mybb installation is 1.6x, shudder to think what else is out of date on your site.  But your host should know.


Thanks, yeah, it needs an update badly and I am working on getting that done.
There isn't anything I can do in CPanel or Admin or anything like that, though?


RE: Slowloris Defense - nixer55 - 2021-02-15

Very much depends on what you have in your cpanel.  If the malicious activity is coming from a single IP, subnet, or unique user agent, might have some options.

But if you're not familiar with the tools, best to reach out to your host provider.  Who told you this was a DDOS attack btw?


RE: Slowloris Defense - danaconda813 - 2021-02-16

(2021-02-15, 07:13 PM)nixer55 Wrote: Very much depends on what you have in your cpanel.  If the malicious activity is coming from a single IP, subnet, or unique user agent, might have some options.

But if you're not familiar with the tools, best to reach out to your host provider.  Who told you this was a DDOS attack btw?

Yeah, I am trying to work with my server host but he has been MIA.

It seems fairly obvious that it's a botnet attack. We have way more "guests" than we normally would and the site itself is at a crawl as a result.


RE: Slowloris Defense - Matt - 2021-02-16

We had a similar thing on the community forums here the other day.

It can't really be fixed at MyBB-level though because it would mean MyBB was still handling the request. If the IPs all look similar it should be possible to add exclusions in cPanel, and could also look at switching your DNS to Cloudflare as they have DDoS protection, but if the bots already know the server's IP address it's probably too late for that.


RE: Slowloris Defense - danaconda813 - 2021-02-16

(2021-02-16, 07:24 PM)Matt Wrote: We had a similar thing on the community forums here the other day.

It can't really be fixed at MyBB-level though because it would mean MyBB was still handling the request. If the IPs all look similar it should be possible to add exclusions in cPanel, and could also look at switching your DNS to Cloudflare as they have DDoS protection, but if the bots already know the server's IP address it's probably too late for that.


Thank you for your help. I was hoping there was some way to just time out the "guest" bots, but I guess there isn't any way to do that.  Sad


RE: Slowloris Defense - Matt - 2021-02-16

Nah not really, by the time they've made the initial request to the forum that's already taken up the resources even if you do then block them somehow after that, things like this need to be stopped higher up the chain before the website code even knows about it.