Author Topic: SimpleMachines Server issues (Read 566789 times)

Masterd · « **Reply #40 on:** February 13, 2011, 12:49:40 PM »

Those DDOS attacks are annoying me!

GravuTrad · « **Reply #41 on:** February 23, 2011, 10:13:45 AM »

http://www.simplemachines.org/community/index.php?topic=422954.0

TheMortician4 · « **Reply #42 on:** February 24, 2011, 09:31:14 AM »

Quote from: CoreISP on January 25, 2011, 03:14:25 PM

I'm not sure if traffic is non-human, judging by the many interests, I think it's not that bad with human vs non-human
Either way, a permanent solution should be here soon. We've already limited the damage pretty well and i'm looking over various solutions to implement on the server/network, hope it will stop the attacks completely (Or atleast: stop it from harming the server )

Today we received another attack, some may have noticed that sometimes the server became very slow.

I am averaging between 300 and 350 attempts a month to access the site by non-member related persons. So far GoDaddy, and SMF have proven strong.

Hope that continues.....
In any case, we are working hard on this behind the scenes and it looks like it is starting to deliver

1speced · « **Reply #43 on:** February 25, 2011, 05:29:51 PM »

WOW i can't even access my forums now try if you want [link removed by moderator: see the support forum from your provider]

Illori · « **Reply #44 on:** February 25, 2011, 05:31:54 PM »

please contact your host, that has nothing to do with the issues this site is facing. please do not use this thread for support issues.

robinson01 · « **Reply #45 on:** May 04, 2011, 06:57:30 AM »

Thats ok,we hope soon you can fix it,keep working on it..

Andria John · « **Reply #46 on:** May 12, 2011, 01:23:14 AM »

For DDOS attacks trying to install Forum Firewall.Hope it works.

Yoshi · « **Reply #47 on:** May 12, 2011, 04:54:45 AM »

Quote from: Andria John on May 12, 2011, 01:23:14 AM

For DDOS attacks trying to install Forum Firewall.Hope it works.

That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

青山素子 · « **Reply #48 on:** May 12, 2011, 11:28:39 AM »

A real DDoS attack (putthing as much legitimate-looking traffic as possible through) won't be stopped by much. If it's a real DDoS, you'll need to consult with your hosting provider for options to mitigate the attack.

If it's low-level and the IPs aren't constantly changing and you have a dedicated or VPS, something like mod_cband in Apache HTTPd will probably help. You can rate-limit connections.

CoreISP · « **Reply #49 on:** May 12, 2011, 01:13:48 PM »

Actually put such a measure in front of Apache, combining it with the firewall. I usually find that more comfortable and reliable.

butchs · « **Reply #50 on:** May 15, 2011, 06:43:31 AM »

Quote from: Yoshi2889 on May 12, 2011, 04:54:45 AM

Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

Eh?

You need to bring about layers of security. First off you should have a hardware firewall such as a Cisco ASA. Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers. FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again. Finally they go elsewhere... If you are getting hit super hard. Turn cache on and logging off after you complete the test run, for extra speed.

My site was attacked with DOS attacks for months. I tried many things (which are still in place). They always came back and took down my site with DOS. Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.

Yoshi · « **Reply #51 on:** May 15, 2011, 07:58:01 AM »

Quote from: butchs on May 15, 2011, 06:43:31 AM

Quote from: Yoshi2889 on May 12, 2011, 04:54:45 AM
Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

Eh?

You need to bring about layers of security. First off you should have a hardware firewall such as a Cisco ASA. Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers. FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again. Finally they go elsewhere... If you are getting hit super hard. Turn cache on and logging off after you complete the test run, for extra speed.

My site was attacked with DOS attacks for months. I tried many things (which are still in place). They always came back and took down my site with DOS. Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.

Yes but this already has been mentioned before, a modification will not work.

CoreISP · « **Reply #52 on:** May 15, 2011, 11:35:43 AM »

mod_security? No thank you.
As already explained on multiple occasions, these attacks are not picked up by our hardware firewall. They are legitimate traffic, low-level plus it is not in full related to the login attacks as many people seem to think.

butchs · « **Reply #53 on:** May 15, 2011, 08:08:44 PM »

Getting conflicting info here.

CoreISP · « **Reply #54 on:** May 16, 2011, 03:09:35 AM »

Quote from: butchs on May 15, 2011, 08:08:44 PM

Getting conflicting info here.

What conflicting info?

butchs · « **Reply #55 on:** May 16, 2011, 09:26:27 PM »

If a modification will not work it is a high end assault on your server that compromises your upstream protection. But, if it is a low end assault then Bad Behavior is designed for such things. With cache, strict mod, project honeypot and logging off, it will handle large servers with ease, having minimal member blocking. You can run with "Display statistics" of and no-one but the bots will know...

CoreISP · « **Reply #56 on:** May 17, 2011, 08:16:02 AM »

As I said, they are legitimate requests. They are only slightly different from regular requests and go undetected.
I have setup a customised protection setup to handle this and it seems to work out well so far, especially with the nginx setup SleePy made to balance the loads. No need for measures that decrease overall performance.

butchs · « **Reply #57 on:** May 17, 2011, 07:48:29 PM »

BB operates on larger sites than this one with no performance issues. It runs in the low millisecond range. The SMF version with cache is faster than all other ports.

All I was trying to do is help. I am glad you have everything under control. Sorry to annoy you...

DHC · « **Reply #58 on:** May 19, 2011, 11:23:39 AM »

Quote from: butchs on May 17, 2011, 07:48:29 PM

BB operates on larger sites than this one with no performance issues. It runs in the low millisecond range. The SMF version with cache is faster than all other ports.

All I was trying to do is help. I am glad you have everything under control. Sorry to annoy you...

Just a small point, but one worth making I think - whereas some of the SMF folks might feel a bit miffed, the exchange of information was quite helpful and I appreciate you taking the time. The SMF folks seem quite adept at dealing with such matters, but I would wager there are a large number of members who are not nearly so adept (I am in that category) and having the opportunity to read this exchange of information offers insights and ideas.

Soooo . . . I say THANKS to you and to the SMF folks who participated in the topic.

FWIW

CoreISP · « **Reply #59 on:** May 19, 2011, 08:17:29 PM »

I thought I replied to this topic.
I was not annoyed

I appreciate the thinking. The more people that think about something, the better.

There's just a lot more to keep in mind than blocking things while blocking things... If that makes any sense

So not everything can or should be applied.

News:

Author Topic: SimpleMachines Server issues (Read 566789 times)