Hydrogenaudio Forums

Hydrogenaudio Forum => Validated News => Topic started by: kode54 on 2019-09-10 02:06:55

Title: Forum DDoS
Post by: kode54 on 2019-09-10 02:06:55
The forum has been undergoing gradually more DDoS-like requests from Chinese IP addresses since July. I don't even know if stuffing the forum behind CloudFlare would be a viable option.
Title: Re: Forum DDoS
Post by: spoon on 2019-09-10 14:46:01
CloudFlare will not help if they hit different parts of the forum database.

Block the entire Chinese IP range?
Title: Re: Forum DDoS
Post by: Fairy on 2019-09-10 15:10:01
Isn't it possible to set a fixed amount of maximum queries per x time and blacklist the IP for 24/h if this limit is reached? This maximum at about 10x the maximum queries the most active user uses on a typical day.
If the attack starts again after that period extend the ban to 7 days etc...

Shouldn't be that hard to implement...
Title: Re: Forum DDoS
Post by: kode54 on 2019-09-10 20:44:08
A potentially useful option may be to stuff it behind CloudFlare, and work like this would help that:

https://www.elkarte.net/community/index.php?topic=520.msg33912#msg33912

Basically, it needs to have the domain's DNS servers set to (hopefully my) CF hosts, and all the NS records copied over to CF. The main domain and subdomains would be set to proxying, and the script would be amended to accept the CF remote IP variable if the requesting REMOTE_ADDR matches the IPv4 ranges of CF's services. (We don't support IPv6 with this server.)

Maybe a little expiration settings indicating that attachments of a given ID don't expire, since the same ID can't be reused for a new attachment, and you can't "edit" attachments in place, we would also be able to re-enable public attachment consumption.
Title: Re: Forum DDoS
Post by: MJmusicguy on 2019-09-11 20:01:34
if its a host limitation I work for a web hosting company that offers enterprise grade DDos protection 
Title: Re: Forum DDoS
Post by: kode54 on 2019-09-16 23:20:19
Here's some stats from the new server, to show where most of the spam requests are coming from:

Title: Re: Forum DDoS
Post by: kode54 on 2019-09-19 03:04:01
In case anyone has any offers to help, I don't think we'll be needing that. This virtual server is already capable of expanding, but no longer needs to do so, for now, as the Caddy server is capable of rejecting all of the bad traffic. Well, except for this one highly prolific German IP that belongs to some SEO company, but I don't know whether we want to block them yet.
SimplePortal 1.0.0 RC1 © 2008-2020