News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

SimpleMachines Server issues

Started by LiroyvH, October 29, 2010, 01:29:14 PM

Previous topic - Next topic

Masterd

Those DDOS attacks are annoying me!

GravuTrad

On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

TheMortician4

Quote from: CoreISP on January 25, 2011, 03:14:25 PM
I'm not sure if traffic is non-human, judging by the many interests, I think it's not that bad with human vs non-human :)
Either way, a permanent solution should be here soon. We've already limited the damage pretty well and i'm looking over various solutions to implement on the server/network, hope it will stop the attacks completely :) (Or atleast: stop it from harming the server :P)

Today we received another attack, some may have noticed that sometimes the server became very slow.

I am averaging between 300 and 350 attempts a month to access the site by non-member related persons. So far GoDaddy, and SMF have proven strong.

Hope that continues.....
In any case, we are working hard on this behind the scenes and it looks like it is starting to deliver ;D

1speced

#43
WOW i can't even access my forums now try if you want [link removed by moderator: see the support forum from your provider]

Illori

please contact your host, that has nothing to do with the issues this site is facing. please do not use this thread for support issues.

robinson01

Thats ok,we hope soon you can fix it,keep working on it..

Andria John

For DDOS attacks trying to install Forum Firewall.Hope it works.

NanoSector

Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

青山 素子

A real DDoS attack (putthing as much legitimate-looking traffic as possible through) won't be stopped by much. If it's a real DDoS, you'll need to consult with your hosting provider for options to mitigate the attack.

If it's low-level and the IPs aren't constantly changing and you have a dedicated or VPS, something like mod_cband in Apache HTTPd will probably help. You can rate-limit connections.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


LiroyvH

Actually put such a measure in front of Apache, combining it with the firewall. I usually find that more comfortable and reliable.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

butchs

Quote from: Yoshi2889 on May 12, 2011, 04:54:45 AM
Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

Eh?

You need to bring about layers of security.  First off you should have a hardware firewall such as a Cisco ASA.  Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers.  FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again.  Finally they go elsewhere...  If you are getting hit super hard.  Turn cache on and logging off after you complete the test run, for extra speed.

My site was attacked with DOS attacks for months.  I tried many things (which are still in place).  They always came back and took down my site with DOS.  Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

NanoSector

Quote from: butchs on May 15, 2011, 06:43:31 AM
Quote from: Yoshi2889 on May 12, 2011, 04:54:45 AM
Quote from: Andria John on May 12, 2011, 01:23:14 AM
For DDOS attacks trying to install Forum Firewall.Hope it works.
That won't have helped with this server, the mod is very tiny and then must compete against large attacks...

Eh?

You need to bring about layers of security.  First off you should have a hardware firewall such as a Cisco ASA.  Then you should get a proxy firewall such as mod_security, follow up with htaccess protection and then FF will handle the stragglers.  FF can then ban the low levels for an hour at a time as their ip's change and they come back just to get banned again.  Finally they go elsewhere...  If you are getting hit super hard.  Turn cache on and logging off after you complete the test run, for extra speed.

My site was attacked with DOS attacks for months.  I tried many things (which are still in place).  They always came back and took down my site with DOS.  Say what you will but after I finished FF, the attacks failed and my bandwidth dropped like a rock.
Yes but this already has been mentioned before, a modification will not work.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

LiroyvH

mod_security? No thank you.
As already explained on multiple occasions, these attacks are not picked up by our hardware firewall. They are legitimate traffic, low-level plus it is not in full related to the login attacks as many people seem to think.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

butchs

Getting conflicting info here.  ???
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

LiroyvH

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

butchs

If a modification will not work it is a high end assault on your server that compromises your upstream protection.  But, if it is a low end assault then Bad Behavior is designed for such things.  With cache, strict mod, project honeypot and logging off, it will handle large servers with ease, having minimal member blocking.  You can run with "Display statistics" of and no-one but the bots will know...   :o
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

LiroyvH

As I said, they are legitimate requests. They are only slightly different from regular requests and go undetected.
I have setup a customised protection setup to handle this and it seems to work out well so far, especially with the nginx setup SleePy made to balance the loads. No need for measures that decrease overall performance.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

butchs

BB operates on larger sites than this one with no performance issues.  It runs in the low millisecond range.  The SMF version with cache is faster than all other ports.

All I was trying to do is help.  I am glad you have everything under control.  Sorry to annoy you...
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

DHC

Quote from: butchs on May 17, 2011, 07:48:29 PM
BB operates on larger sites than this one with no performance issues.  It runs in the low millisecond range.  The SMF version with cache is faster than all other ports.

All I was trying to do is help.  I am glad you have everything under control.  Sorry to annoy you...


Just a small point, but one worth making I think - whereas some of the SMF folks might feel a bit miffed, the exchange of information was quite helpful and I appreciate you taking the time. The SMF folks seem quite adept at dealing with such matters, but I would wager there are a large number of members who are not nearly so adept (I am in that category) and having the opportunity to read this exchange of information offers insights and ideas.

Soooo . . . I say THANKS to you and to the SMF folks who participated in the topic.

FWIW

LiroyvH

I thought I replied to this topic.
I was not annoyed :) I appreciate the thinking. The more people that think about something, the better.

There's just a lot more to keep in mind than blocking things while blocking things... If that makes any sense :P So not everything can or should be applied.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Advertisement: