1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

DDos Attacks. phpBB or VBulletin Forum Software?

Discussion in 'vBulletin' started by onestop, Jan 24, 2005.

  1. #1
    I've been running phpBB, and I'm tired of DDos attacks. These stupid bots are just eating my bandwidth. Today I had to shut my forum off for 3 hours. and my hosting company's recommandation: either discontinue your forum or change your folder name :)
    So all the SEO and SERP's would be gone, which I don't wanna do. Since I always hear about VBulletin, and how professional it is etc. If I purchase VBulletin, would it stop these ddos attacks? also how do large forums prevent their sites from malicious bots?
    Thanks in advance, I need urgent help since my forum is very active and I don't want to lose it after working that hard.
    SEMrush
     
    onestop, Jan 24, 2005 IP
    SEMrush
  2. ResaleBroker

    ResaleBroker Active Member

    Messages:
    1,665
    Likes Received:
    50
    Best Answers:
    0
    Trophy Points:
    90
    #2
    You might check into Owlcroft's Timer script. I have this running on my forum and it seems to be working great.
     
    ResaleBroker, Jan 24, 2005 IP
  3. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,287
    Likes Received:
    2,602
    Best Answers:
    460
    Trophy Points:
    710
    Digital Goods:
    29
    #3
    From my experience vBulletin does seem to be "better" coded than phpBB, so there generally are less security exploits that come to light. When there is one, it's always patched before I hear about it from anywhere else (which I can't say for phpBB).

    As far as blocking it, can you find something unique about it? user agent, IP address block, how it makes http requests, etc.? If so, you could probably block it at the web server level.
     
    digitalpoint, Jan 24, 2005 IP
  4. joeychgo

    joeychgo Notable Member

    Messages:
    3,368
    Likes Received:
    321
    Best Answers:
    0
    Trophy Points:
    255
    #4

    I agree completely.
     
    joeychgo, Jan 24, 2005 IP
  5. onestop

    onestop Well-Known Member

    Messages:
    534
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    138
    #5
    Ok. I need some urgent help here. I've been on the computer all day working for this stupid ddos attack. Finally I've found a piece of code to put in my .htaccess file, and it worked instantly. here's the code I've used in my .htaccess file:
    RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^lwp [NC] 
    RewriteRule ^.*$        -       [F,L] 
    PHP:
    But I have able2know SEO mod installed for phpbb. Basically what it does is, if a guest comes to the site (also se bots) they see html pages instead of php pages with session ids. It was working pretty good, but when I've added the above code to my .htaccess file now my mod doesn't work, and guests can only see the homepage of the forum, when they login everything is normal.
    So my .htaccess file looks like this right now:
    RewriteEngine On 
    RewriteRule ^community.* index.php [L,NC] 
    RewriteRule ^post-([0-9]*).html&highlight=([a-zA-Z0-9]*) viewtopic.php?p=$1&highlight=$2 [L,NC] 
    RewriteRule ^post-([0-9]*).* viewtopic.php?p=$1 [L,NC] 
    RewriteRule ^view-poll([0-9]*)-([0-9]*)-([a-zA-Z]*).* viewtopic.php?t=$1&postdays=$2&postorder=$3&vote=viewresult [L,NC] 
    RewriteRule ^ecommerce([0-9]*).html&highlight=([a-zA-Z0-9]*) viewtopic.php?t=$1&highlight=$2 [L,NC] 
    RewriteRule ^ecommerce([0-9]*).html&view=newest viewtopic.php?t=$1&view=newest [L,NC] 
    RewriteRule ^ecommerce([0-9]*)-([0-9]*)-([a-zA-Z]*)-([0-9]*).* viewtopic.php?t=$1&postdays=$2&postorder=$3&start=$4 [L,NC] 
    RewriteRule ^ecommerce([0-9]*)-([0-9]*).* viewtopic.php?t=$1&start=$2 [L,NC] 
    RewriteRule ^ecommerce([0-9]*).* viewtopic.php?t=$1 [L,NC] 
    RewriteRule ^ecommerce([0-9]*).html viewtopic.php?t=$1&start=$2&postdays=$3&postorder=$4&highlight=$5 [L,NC] 
    RewriteRule ^mark-forum([0-9]*).html* viewforum.php?f=$1&mark=topics [L,NC] 
    RewriteRule ^updates-topic([0-9]*).html* viewtopic.php?t=$1&watch=topic [L,NC] 
    RewriteRule ^stop-updates-topic([0-9]*).html* viewtopic.php?t=$1&unwatch=topic [L,NC] 
    RewriteRule ^forum-([0-9]*).html viewforum.php?f=$1 [L,NC] 
    RewriteRule ^forum-([0-9]*).* viewforum.php?f=$1 [L,NC] 
    RewriteRule ^topic-([0-9]*)-([0-9]*)-([0-9]*).* viewforum.php?f=$1&topicdays=$2&start=$3 [L,NC] 
    RewriteRule ^ptopic([0-9]*).* viewtopic.php?t=$1&view=previous [L,NC] 
    RewriteRule ^ntopic([0-9]*).* viewtopic.php?t=$1&view=next [L,NC] 
    
    RewriteEngine On 
    RewriteBase / 
    
    RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^lwp [NC] 
    RewriteRule ^.*$        -       [F,L] 
    PHP:
    I'm not good at modrewrite, and with this piece of code inclusion, I think there's a confliction in my modrewrite. Anybody has any clue how to fix this?
    My guests cannot get any pages now :(
    I'd appreciate any help.
    here's the actual forum url: http://www.freeauctionscripts.com/community/
    thanks in advance
    matt
     
    onestop, Jan 24, 2005 IP
  6. onestop

    onestop Well-Known Member

    Messages:
    534
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    138
    #6
    Members of this forum have been extremely helpful. I'm very frustrated today with this ddos attack issues, and pretty tired. If any of our members can solve my problem (previous post), I will be more than happy to write a review about your site in my high traffic blog to show my appreciation.
    p.s. I'm purchasing VBulletin and will be transferring everything from phpbb to vbulletin this weekend.
    matt
     
    onestop, Jan 24, 2005 IP
  7. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,287
    Likes Received:
    2,602
    Best Answers:
    460
    Trophy Points:
    710
    Digital Goods:
    29
    #7
    Put your 3 lines of code before the rewriterules. The L tag you have in them means it's the last one to look at. So if it hits one of those first, it will never get to the blocking one.
     
    digitalpoint, Jan 24, 2005 IP
  8. onestop

    onestop Well-Known Member

    Messages:
    534
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    138
    #8
    Works like a charm :)
    I was already planning to write about Coop (and digitalpoint.com) so please PM me another site also, then I will write both reviews on my blog this weekend :)
    Thanks
     
    onestop, Jan 24, 2005 IP
  9. Redleg

    Redleg Raider

    Messages:
    360
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Redleg, Jan 25, 2005 IP
  10. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #10
    Purchasing vBulletin would NOT stop these attacks. Those forums have also been hit, including DigitalPoint.

    Add this snippet to your viewtopic.php file, right after <?php (the first line of the file):

    // block perl worm 
     if(stristr($QUERY_STRING,'%2527')) { 
     die(); 
     } 
    // end block perl worm
    
    Code (markup):
     
    minstrel, Jan 25, 2005 IP