Simple phpBB DDoS protection

Discussion forum for MOD Writers regarding MOD Development.
Locked
IsTI37
Registered User
Posts: 14
Joined: Tue Feb 26, 2008 7:28 pm

Simple phpBB DDoS protection

Post by IsTI37 » Wed Apr 30, 2014 7:58 pm

Modification Name: Simple phpBB DDoS protection
Author: IsTI37

Modification Description:: A quick fix for botnet attacks targeting phpbb which overload your server by limiting access to specific, high traffic countries only.

Modification Version: 1.0a

Features:
- Enables limiting your board to specific countries when the load of your server exceeds a configured average load.
- This solution is better than the one included with phpbb because the only processing php has to do is check the country of the visitor and server load, in contrast the phpbb load limiting loads all the functions and sessions to display a message, defeating its purpose.

Instructions :
In my opinion the modification is so simple that I chose to set up a github readme page with the instructions, which I will probably not update unless necessary.

Modification Download:
Simple-phpBB-DDoS-protection

Master_Cylinder
Registered User
Posts: 761
Joined: Wed Jun 26, 2013 10:14 pm

Re: [ALPHA] Simple phpBB DDoS protection

Post by Master_Cylinder » Wed Apr 30, 2014 8:48 pm

I'd like to see an option to always disallow defined countries (if defined) too. ;)

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 17031
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: Simple phpBB DDoS protection

Post by DavidIQ » Wed Apr 30, 2014 9:30 pm

This is not a MOD and does not comply with the MODs in development rules. Moving to discussion and removing status tag.

P.S. If someone really wanted to do a DDoS attack on a site and ran into this they'd just have to change the country their bots are reporting from. This isn't really as useful as it seems at first glance. There will always be a way. Also DDoS attacks can be done through simple html pages (would just take a little longer). Claiming that PHP is the main or only way to DDoS a site is simply incorrect.
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.

IsTI37
Registered User
Posts: 14
Joined: Tue Feb 26, 2008 7:28 pm

Re: Simple phpBB DDoS protection

Post by IsTI37 » Wed Apr 30, 2014 9:39 pm

Yes, but you can easily get down a phpbb forum with a 2gb database out of which only 500mb are sessions compared to a simple html page, also a simple html page can be rate limited with a firewall, a php page is way more dynamic and harder to keep under control memory and cpu wise, especially with so many mods you can install on phpbb, this is a very simple solution that works. If you don't get attacked every day it's a fair compromise when needed.

Nowadays bandwith is cheap (at least in Romania), but botnet protection is not, considering that IPv4 ips are harder and harder to find I don't think one will just find other ips for the botnets. In huge countries this won't work so well, but in smaller countries this can be a life saver if someone wants to have fun trying to get your website down and you don't have any hardware firewall analyzing the traffic.

@Master_Cylinder, that can be easily added, good idea, however it's better if you use iptables or htaccess for the permanent blocking of a country.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 17031
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: Simple phpBB DDoS protection

Post by DavidIQ » Wed Apr 30, 2014 9:55 pm

Yes but you're limiting the attack for when the hacker targets the forum index. They could just target something else on the site and be as effective in either using up your bandwidth or resources or both, although it might take them longer. So basically what you've provided won't really stop a DDoS attack...it will just make it take slightly longer. Plus once they see that they got a response from the site, be it whatever it is, they might just leave their system on autopilot. Plus they'd probably target different parts of the forum, not just the index page.

As far as the IPs go they likely have plenty to use/spoof from all sorts of places around the world. We've been seeing it for years with spammers. I'm sure hackers have the same methods to do this.

Curious...how much of the resources is the loading of the .dat file using up?
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.

Master_Cylinder
Registered User
Posts: 761
Joined: Wed Jun 26, 2013 10:14 pm

Re: Simple phpBB DDoS protection

Post by Master_Cylinder » Thu May 01, 2014 3:53 am

IsTI37 wrote: @Master_Cylinder, that can be easily added, good idea, however it's better if you use iptables or htaccess for the permanent blocking of a country.
If using unix you can use hosts.deny too but your MOD doesn't work that way. ;)

IsTI37
Registered User
Posts: 14
Joined: Tue Feb 26, 2008 7:28 pm

Re: Simple phpBB DDoS protection

Post by IsTI37 » Thu May 01, 2014 9:05 am

Resource wise I don't see a difference, probably there is, but when a forum uses 4-5gb of ram all the time you don't care about an additional 300mb.

If the attack doesn't target index.php, one can add the solution to all other main php files, such as viewtopic, viewforum, viewonline, search.php, report.php and the attack will still be mitigated resource wise. But as I observed the attacks mainly target the index, nothing fancy with cheap or free bots.

Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: Simple phpBB DDoS protection

Post by Danielx64 » Wed May 14, 2014 2:02 am

Mind you, wouldn't be stopping DDOS at the server, you would be doing it close to the BDR (border gateway router) as you can.
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image

Locked

Return to “[3.0.x] MOD Writers Discussion”