I've been running phpBB, and I'm tired of DDos attacks. These stupid bots are just eating my bandwidth. Today I had to shut my forum off for 3 hours. and my hosting company's recommandation: either discontinue your forum or change your folder name :)
So all the SEO and SERP's would be gone, which I don't wanna do. Since I always hear about VBulletin, and how professional it is etc. If I purchase VBulletin, would it stop these ddos attacks? also how do large forums prevent their sites from malicious bots?
Thanks in advance, I need urgent help since my forum is very active and I don't want to lose it after working that hard.

You might check into Owlcroft's Timer (http://forums.digitalpoint.com/showthread.php?t=7918) script. I have this running on my forum and it seems to be working great.

From my experience vBulletin does seem to be "better" coded than phpBB, so there generally are less security exploits that come to light. When there is one, it's always patched before I hear about it from anywhere else (which I can't say for phpBB).

As far as blocking it, can you find something unique about it? user agent, IP address block, how it makes http requests, etc.? If so, you could probably block it at the web server level.

From my experience vBulletin does seem to be "better" coded than phpBB, so there generally are less security exploits that come to light. When there is one, it's always patched before I hear about it from anywhere else (which I can't say for phpBB).


I agree completely.

Ok. I need some urgent help here. I've been on the computer all day working for this stupid ddos attack. Finally I've found a piece of code to put in my .htaccess file, and it worked instantly. here's the code I've used in my .htaccess file:
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp [NC]
RewriteRule ^.*$ - [F,L]
But I have able2know SEO mod installed for phpbb. Basically what it does is, if a guest comes to the site (also se bots) they see html pages instead of php pages with session ids. It was working pretty good, but when I've added the above code to my .htaccess file now my mod doesn't work, and guests can only see the homepage of the forum, when they login everything is normal.
So my .htaccess file looks like this right now:
RewriteEngine On
RewriteRule ^community.* index.php [L,NC]
RewriteRule ^post-([0-9]*).html&highlight=([a-zA-Z0-9]*) viewtopic.php?p=$1&highlight=$2 [L,NC]
RewriteRule ^post-([0-9]*).* viewtopic.php?p=$1 [L,NC]
RewriteRule ^view-poll([0-9]*)-([0-9]*)-([a-zA-Z]*).* viewtopic.php?t=$1&postdays=$2&postorder=$3&vote=viewresult [L,NC]
RewriteRule ^ecommerce([0-9]*).html&highlight=([a-zA-Z0-9]*) viewtopic.php?t=$1&highlight=$2 [L,NC]
RewriteRule ^ecommerce([0-9]*).html&view=newest viewtopic.php?t=$1&view=newest [L,NC]
RewriteRule ^ecommerce([0-9]*)-([0-9]*)-([a-zA-Z]*)-([0-9]*).* viewtopic.php?t=$1&postdays=$2&postorder=$3&start=$4 [L,NC]
RewriteRule ^ecommerce([0-9]*)-([0-9]*).* viewtopic.php?t=$1&start=$2 [L,NC]
RewriteRule ^ecommerce([0-9]*).* viewtopic.php?t=$1 [L,NC]
RewriteRule ^ecommerce([0-9]*).html viewtopic.php?t=$1&start=$2&postdays=$3&postorder=$4&highlight=$5 [L,NC]
RewriteRule ^mark-forum([0-9]*).html* viewforum.php?f=$1&mark=topics [L,NC]
RewriteRule ^updates-topic([0-9]*).html* viewtopic.php?t=$1&watch=topic [L,NC]
RewriteRule ^stop-updates-topic([0-9]*).html* viewtopic.php?t=$1&unwatch=topic [L,NC]
RewriteRule ^forum-([0-9]*).html viewforum.php?f=$1 [L,NC]
RewriteRule ^forum-([0-9]*).* viewforum.php?f=$1 [L,NC]
RewriteRule ^topic-([0-9]*)-([0-9]*)-([0-9]*).* viewforum.php?f=$1&topicdays=$2&start=$3 [L,NC]
RewriteRule ^ptopic([0-9]*).* viewtopic.php?t=$1&view=previous [L,NC]
RewriteRule ^ntopic([0-9]*).* viewtopic.php?t=$1&view=next [L,NC]

RewriteEngine On
RewriteBase /

RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp [NC]
RewriteRule ^.*$ - [F,L]
I'm not good at modrewrite, and with this piece of code inclusion, I think there's a confliction in my modrewrite. Anybody has any clue how to fix this?
My guests cannot get any pages now :(
I'd appreciate any help.
here's the actual forum url: http://www.freeauctionscripts.com/community/
thanks in advance
matt

Members of this forum have been extremely helpful. I'm very frustrated today with this ddos attack issues, and pretty tired. If any of our members can solve my problem (previous post), I will be more than happy to write a review about your site in my high traffic blog to show my appreciation.
p.s. I'm purchasing VBulletin and will be transferring everything from phpbb to vbulletin this weekend.
matt

Put your 3 lines of code before the rewriterules. The L tag you have in them means it's the last one to look at. So if it hits one of those first, it will never get to the blocking one.

Works like a charm :)
I was already planning to write about Coop (and digitalpoint.com) so please PM me another site also, then I will write both reviews on my blog this weekend :)
Thanks

Have you read this thread?
There's a couple of other tips in there as well.. :)
http://www.phpbb.com/phpBB/viewtopic.php?t=249010

I've been running phpBB, and I'm tired of DDos attacks. These stupid bots are just eating my bandwidth. Today I had to shut my forum off for 3 hours. and my hosting company's recommandation: either discontinue your forum or change your folder name :)
So all the SEO and SERP's would be gone, which I don't wanna do. Since I always hear about VBulletin, and how professional it is etc. If I purchase VBulletin, would it stop these ddos attacks? also how do large forums prevent their sites from malicious bots?
Thanks in advance, I need urgent help since my forum is very active and I don't want to lose it after working that hard.
Purchasing vBulletin would NOT stop these attacks. Those forums have also been hit, including DigitalPoint.

Add this snippet to your viewtopic.php file, right after <?php (the first line of the file):

// block perl worm
if(stristr($QUERY_STRING,'%2527')) {
die();
}
// end block perl worm