Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Anti-DDoS Protection Tutorial (How to use Cloudflare correctly)
#1
This user has been denied support. This user has been denied support.
Hi,

Feel free to redistribute this tutorial with my username (credits). By posting this tutorial I do not guarantee that your site will be up 100% or stop all incoming attacks. From this tutorial you would and should be able to stop many incoming attacks.

I know that there's no way to block all kinds of DDoS attacks but there was various ways to lower their effects or block some of the attacks. I have asked the MyBB Team if I can post this tutorial or not but I have received no replies through PMs, I even posted a thread. Proof: http://community.mybb.com/thread-127369.html (Accessible by MyBB Team only)

If you would like something removed then please PM me. Please post your feedbacks or let me know if you tried this or not so I know that my tutorial and hard work was useful for something.

I know that by posting this, some people might misuse it by finding a new way to DDoS but I think this is a very useful tutorial for people that need some help to stop some incoming attacks.

Requirements
  • Cloudflare
  • 2 hosts
  • Website IP Pinger or CMD could work too.

Step 1

Login to CloudFlare, click on Websites.
Select your domain, and then on the options, select DNS Settings.

Now add new A record.

Quote:A direct-connect 127.0.0.1
Then click Add.

From this whenever someone will try to resolve your cloudflare IP they will get 127.0.0.1 , a different IP or the result would show was "Not found".

Step 2

Go into your domains threat control central and ban the following countries. I understand how important SEO is for your website but you can't keep your website down the whole day am I right? To ban just type in the country name and wait for the auto correction or whatever to popup, click on it and click block.

Recommended countries to ban

Quote:Serbia
Russia
China
Bosnia

Sites being used in modern booters

Quote:Indonesia
Venezuela
Brazil

Step 3

Nowadays booters also use sites such as downornot to boot/hit sites offline. I would recommend blocking the following sites (Can't provide IPs). In order to do this, you must first ping the websites and after you get the websites IP then ban it on your server. If you are on a shared hosting then I think you can ban them through cloudflare.

The concept of using such sites is to send as much as bots or outgoing networks from these sites onto your site to overload the server so when it's unable to take more load it will go offline. Even if someone is using a booter that does use these sites and your site is down and lets say that 100 people use isitup or any similar site to check if the site is down or not then basically it's sending 100 packets.

http://isitup.org
http://downforeveryoneorjustme.org
http://downforeveryoneorjustme.com
http://www.isitdownrightnow.com/
http://www.websitedown.info/

Step 5

I would always recommend to keep your sites security on Low, but if you know that you have a hater around then you can keep it on medium. Keep it on high only when your site is slow and if you are receiving a massive attack then you can try keeping it on "I'm under Attack!"

The higher security, the more it can slow down your website. Speaking of slow loading, I would recommend you not to keep chatbox or similar plugins installed on a new website because it will slow down the site and it will drive away attention and lower your sites activity.

What is "I'm under Attack!" on Cloudflare?

Doesn't help much but it kinda blocks all kinds of incoming networks/signals and requires your action. Sometimes people can use an IP that's on your trust list on Cloudflare to attack your site and you won't even know and neither Cloudflare would detect it as a threat. Be extra careful while banning IPs under "I'm under Attack!" security level because some are real people.

Step 6

I would recommend you to keep 2 hosts. One can be your main hosting (Onshore or Offshore, doesn't matter) but your second hosting which will be your spare hosting can be cheap but up and must not be receiving too many downtimes. Why two hosts?

If your main hosting is receiving a massive DDoS attack and you can't handle it then move to another server from this your site would be up and nothing would happen.

When your site being attacked you obviously can't access your ACP but you can access your cpanel and from there simply download your FTP files and download all the files from PHPMYADMIN then upload the downloaded files onto your spare (2nd) hosting.

Now the main part in changing hosts.

Instead of updating your nameservers use the quicker way to change hosts.

Go to Cloudflare>Domains>Edit your domains DNS

Now what you want to do is edit all the records that contain an IP and replace your current IPs with your 2nd hosts IP. DO NOT REPLACE THE TEXT, JUST THE IP.

This will redirect your domain to your new host.

Hope you liked my tutorial. Feel free to post your feedbacks below.

Good Luck!
Reply
#2
thanks for explanation Big Grin
Reply
#3
Thank you so much. I like the 2 host funda.

I think there is a way to autosync the secondary host atleast once a day with mother host through cron. But I don't know how to. I'll dig around a little.
[Image: logo.svg.svg]
Reply
#4
This user has been denied support. This user has been denied support.
(10-14-2012, 04:42 PM)effone Wrote: Thank you so much. I like the 2 host funda.

I think there is a way to autosync the secondary host atleast once a day with mother host through cron. But I don't know how to. I'll dig around a little.

Yeah it's possible and I have seen this happen already but I just don't know how to set it up.
Reply
#5
This user has been denied support. This user has been denied support.
You don't need to upload db to second host necessarily. The best way is to keep MySQL server separate on one hand on the server which is stable. Doing so you'll only need to change DNS server for second host as files will be already there and you can remotely connect to the MySQL server then.
Reply
#6
Yeah but I'm more concerned about the DB rather than the files. Like my paid host has crashed down more than 24 hrs now and I can't even connect the helpdesk - they are all offline. Even their main site crashed partially and I'm getting error on my site:

SQL Error:
1040 - Too many connections
Query:
[READ] Unable to connect to MySQL server

I'm totally upset about that and was thinking to have a dummy host with all my site related files as well as DB.
[Image: logo.svg.svg]
Reply
#7
This user has been denied support. This user has been denied support.
(10-15-2012, 02:41 AM)effone Wrote: Yeah but I'm more concerned about the DB rather than the files. Like my paid host has crashed down more than 24 hrs now and I can't even connect the helpdesk - they are all offline. Even their main site crashed partially and I'm getting error on my site:

SQL Error:
1040 - Too many connections
Query:
[READ] Unable to connect to MySQL server

I'm totally upset about that and was thinking to have a dummy host with all my site related files as well as DB.

I would say leave the site files alone because they aren't as much valuable as the DB is.
Reply
#8
Step 1 doesnt work I tried it and I got a cloudflare error page on my forum.
Reply
#9
(10-23-2012, 03:08 AM)ιρσωηαнσℓι¢™ Wrote: Step 1 doesnt work I tried it and I got a cloudflare error page on my forum.

Please provide the error that is shown to you if you expect somebody to help you.
Reply
#10
Thanks for the A record trick.

Another option to block the sites such as downornot. You can add this to your .htaccess file

RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?isitup.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?downforeveryoneorjustme.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?isitdownrightnow.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?websitedown.*$ [NC,OR]
[Image: Jn29h.png]
DONATE TO PINGUY OS or show some love on Flattr.com
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)