Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Forum DDoS (Read 14242 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Forum DDoS

The forum has been undergoing gradually more DDoS-like requests from Chinese IP addresses since July. I don't even know if stuffing the forum behind CloudFlare would be a viable option.

Re: Forum DDoS

Reply #1
CloudFlare will not help if they hit different parts of the forum database.

Block the entire Chinese IP range?

Re: Forum DDoS

Reply #2
Isn't it possible to set a fixed amount of maximum queries per x time and blacklist the IP for 24/h if this limit is reached? This maximum at about 10x the maximum queries the most active user uses on a typical day.
If the attack starts again after that period extend the ban to 7 days etc...

Shouldn't be that hard to implement...

Re: Forum DDoS

Reply #3
A potentially useful option may be to stuff it behind CloudFlare, and work like this would help that:

https://www.elkarte.net/community/index.php?topic=520.msg33912#msg33912

Basically, it needs to have the domain's DNS servers set to (hopefully my) CF hosts, and all the NS records copied over to CF. The main domain and subdomains would be set to proxying, and the script would be amended to accept the CF remote IP variable if the requesting REMOTE_ADDR matches the IPv4 ranges of CF's services. (We don't support IPv6 with this server.)

Maybe a little expiration settings indicating that attachments of a given ID don't expire, since the same ID can't be reused for a new attachment, and you can't "edit" attachments in place, we would also be able to re-enable public attachment consumption.

Re: Forum DDoS

Reply #4
if its a host limitation I work for a web hosting company that offers enterprise grade DDos protection 

Re: Forum DDoS

Reply #5
Here's some stats from the new server, to show where most of the spam requests are coming from:


 

Re: Forum DDoS

Reply #6
In case anyone has any offers to help, I don't think we'll be needing that. This virtual server is already capable of expanding, but no longer needs to do so, for now, as the Caddy server is capable of rejecting all of the bad traffic. Well, except for this one highly prolific German IP that belongs to some SEO company, but I don't know whether we want to block them yet.