Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 13 Jul 2009, 03:55
Ronald0's Avatar
Ronald0 Ronald0 is offline
 
Join Date: Jan 2009
Real name: Jake
Attacks

DDoS attacks, Botnet attacks, or any other http flood attacks on forums that we all own.

Is it possible to create a scripting of any language to block that such stuff?
Reply With Quote
  #2  
Old 13 Jul 2009, 04:00
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
Such attacks cannot be effectively "fought" at the server level. They are best dealt with at the router, or with the upstream provider. These are things you cannot do yourself, and are best dealt with by consulting your host.

Also see the other threads in this section.
__________________
Former vBulletin.org Staff Member

View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #3  
Old 13 Jul 2009, 04:02
Ronald0's Avatar
Ronald0 Ronald0 is offline
 
Join Date: Jan 2009
Real name: Jake
Alright ill read them, but there has to be a way in the software that you can manually plug in the scripting to block all connections over 1000+ from the same ip in 10 seconds or less.
Reply With Quote
  #4  
Old 13 Jul 2009, 04:09
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
Imagine a pipe to your server. This pipe carries data. If this pipe is full of data, nothing else can get through. Even if you "block" packets at the server level, the pipe is still full...

I'm not saying you can't use software to block incoming connections, I'm just saying it is ineffective for all but the weakest of attacks.
__________________
Former vBulletin.org Staff Member

View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #5  
Old 13 Jul 2009, 04:15
Ronald0's Avatar
Ronald0 Ronald0 is offline
 
Join Date: Jan 2009
Real name: Jake
I understand that but what are ways you can? like whats been discovered?
Reply With Quote
  #6  
Old 13 Jul 2009, 07:56
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Real name: Hanson
You can use an Apache module, such as mod_evasive.
__________________
Former vBulletin.org Staff Member

View My Modifications
29 Releases and Counting... Latest Modification: dmActivityStream - vBookie Integration (4.x)

Please do not PM me to ask for support - please use the relevant thread or forum.
Reply With Quote
  #7  
Old 13 Jul 2009, 08:12
Ronald0's Avatar
Ronald0 Ronald0 is offline
 
Join Date: Jan 2009
Real name: Jake
Alright ill look into it. I just need ideas of what to add to my site as well. =X oh well thanks for the help.
Reply With Quote
  #8  
Old 13 Jul 2009, 15:12
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
There are also scripts, and command lines, you can use along with the iptables to grab 'bad' ips and block them (google is your friend to find them). Again, this is at the server level and not effective against someone who is determined to cause you problems.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #9  
Old 14 Jul 2009, 04:22
TECK's Avatar
TECK TECK is offline
 
Join Date: Dec 2001
Real name: Floren Munteanu
Originally Posted by Ronald0 View Post
Alright ill read them, but there has to be a way in the software that you can manually plug in the scripting to block all connections over 1000+ from the same ip in 10 seconds or less.
If a hacker wants your site down, there is nothing you can do about it:
"One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable."

US-Certs confirms it also:
"Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers."

Whoever tells you they can stop a DDoS attack, they are telling you big red lies. There is no way in the world you will stop (for example) a russian hacker who wants to keep your site down for a month.
__________________
Floren Munteanu
Axivo Inc.
Axivo Community - Visit the forums to find out more about us
Why Queued - My personal blog
Reply With Quote
  #10  
Old 14 Jul 2009, 04:53
R1lover's Avatar
R1lover R1lover is offline
 
Join Date: Apr 2006
Location: Northern Ca
Originally Posted by Ronald0 View Post
Alright ill read them, but there has to be a way in the software that you can manually plug in the scripting to block all connections over 1000+ from the same ip in 10 seconds or less.
CSF&LFD will do this, but again it won't give you full protection.
Reply With Quote
  #11  
Old 15 Jul 2009, 04:54
TECK's Avatar
TECK TECK is offline
 
Join Date: Dec 2001
Real name: Floren Munteanu
Personally, I believe the most effective way to pass a DDoS attack is not to let anyone know about it. If the attackers contact you, ignore them and don't reply to them. Don't post anything to the site and if you see a post related to DDoS, delete it. Instead, let the users know you have some networking issues and that you are moving to a new server.
__________________
Floren Munteanu
Axivo Inc.
Axivo Community - Visit the forums to find out more about us
Why Queued - My personal blog
Reply With Quote
  #12  
Old 15 Jul 2009, 06:17
MadK's Avatar
MadK MadK is offline
 
Join Date: Feb 2008
Originally Posted by TECK View Post
Personally, I believe the most effective way to pass a DDoS attack is not to let anyone know about it. If the attackers contact you, ignore them and don't reply to them. Don't post anything to the site and if you see a post related to DDoS, delete it. Instead, let the users know you have some networking issues and that you are moving to a new server.
Hey, that's how North American countries work right here!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 13:38.

Layout Options | Width: Wide Color: