DDOS attack on board

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

DDOS attack on board

Post by NewToPHPBoards »

Unfortunately on the morning of the 19th June our board was attacked by a range of IP's originating from Chinese locations (DDoS).

The site was disabled by the ISP to prevent further damage.

Before I bring the board back up I am looking to implement the following;

1) Block significant ranges of IP addresses originating from China.
2) Introduce Cloudflare, and install the Cloudflare extension for IP.
3) Introduce first only posts to guests - https://www.phpbb.com/customise/db/exte ... _to_guest/ (I'm not sure, but I couldn't see an option to allow bots past this so they can still index. Will this stop indexing?).

I am hoping this combination will prevent attacks of this nature in future.

Any thoughts or opinions on this approach would be gratefully received?
Last edited by HiFiKabin on Thu Jun 21, 2018 9:42 am, edited 2 times in total.
Reason: Not a support issue, so moved to General
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco

Re: DDOS attack on board

Post by 3Di »

NewToPHPBoards wrote: Thu Jun 21, 2018 4:45 am The site was disabled by the ISP to prevent further damage.
ISP = Internet Service Provider.

Do you mean your Host I guess?

Providing protection against DDoS attacks it's a duty of them, not yours.

Blocking significant ranges of IP addresses originating from China or whatever it's just something that adds a consistent server load, like rounding in circles somehow.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

Re: DDOS attack on board

Post by NewToPHPBoards »

Buon giorno Marco, sei sveglio presto!

Yes ISP meaning our Host.

Yes - I also thought DDoS was their responsibility - however the Host simply disables our site to deal with it :shock: I therefore wish to prevent this happening again by using Cloudflare to cover the site before the Host reacts.

Sorry but I don't understand your final point against blocking a range of IP's in a htaccess file - could you explain how that causes consistent server load, and what that actually means?
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco

Re: DDOS attack on board

Post by 3Di »

NewToPHPBoards wrote: Thu Jun 21, 2018 5:39 am Sorry but I don't understand your final point against blocking a range of IP's in a htaccess file - could you explain how that causes consistent server load, and what that actually means?
...using many "Deny from"s in an .htaccess is a huge resource waster.
Apache has to read that file for every file served. Whereas in a .conf file, it does not.
Firewall block keeps them from even wasting any further apache resources...
Ref.: https://www.linuxquestions.org/question ... 375-print/

To block China IPs including innocent people, read here: http://www.parkansky.com/china.htm
NewToPHPBoards wrote: Thu Jun 21, 2018 5:39 am I therefore wish to prevent this happening again by using Cloudflare to cover the site before the Host reacts.
You can do it, if correctly configured it shouldn't give you headhaches at all, beware of its 24hrs cache though.
To let the Cloudflares IPs do not interfere with your board you can use this: https://www.phpbb.com/customise/db/exte ... masked_ip/

Even better: change your Host if you can. ;)
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

Re: DDOS attack on board

Post by NewToPHPBoards »

Thank you Marco.
3Di wrote: Thu Jun 21, 2018 5:57 amYou can do it, if correctly configured it shouldn't give you headhaches at all, beware of its 24hrs cache though.
Are you aware of a guide that provides the steps for the correct configuration to work with PHPBB?
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco

Re: DDOS attack on board

Post by 3Di »

🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

Re: DDOS attack on board

Post by NewToPHPBoards »

:D - yes I checked through that - specifically the configuring forums section found about 2/3rds of the way down this page - https://support.cloudflare.com/hc/en-us ... /200275278

Unfortunately of the listed boards, no steps provided for PHPBB. Should I take MyBB as the closest guide to follow?

Thanks ;)
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco

Re: DDOS attack on board

Post by 3Di »

Please, support requests for Cloudflare - if not already there given is here: https://support.cloudflare.com/requests/new
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

Re: DDOS attack on board

Post by NewToPHPBoards »

I have submitted a ticket with Cloudflare. Thanks.

I will share somewhere on this support forum if I receive a guide so other users can benefit.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26846
Joined: Fri Aug 29, 2008 9:49 am

Re: DDOS attack on board

Post by Mick »

That would be server set up which we don’t deal with here.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

Re: DDOS attack on board

Post by NewToPHPBoards »

The PHPBB board came under attack. Not an issue unique to PHPBB I fully agree. I was asking for opinions on my proposed solution in the hope to tap into knowledge from the community - you know - who's been there done that.

If no one in the community has been required to deal with this situation - then I hope that by sharing information future community members will find the answers I post from the path I now have to walk alone.

@3Di - I've been in dialogue via the support ticket system with Cloudflare. Sadly they don't have any advice on configuring Cloudflare and PHPBB.

If neither PHPBB or Cloudflare offer this advice then I will now proceed to take the risk myself without others advice. Someone always went first. I'll share the issues and resolutions (if there are any) once I progress :D
SlobberySam
Registered User
Posts: 20
Joined: Fri Mar 23, 2018 7:13 pm

Re: DDOS attack on board

Post by SlobberySam »

Personally I've used CloudFlare for testing on a development board, and it was simply a matter of setting it up correctly. You can find documentation on Cloudflares site, as well as the link a few posts above to return correct IP addresses for users.

Be advised that CloudFlare acts as a CDN - if the attackers already have the real IP address, they can still take down the origin web server. Ask your host to change the IP once CloudFlare is properly installed.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26846
Joined: Fri Aug 29, 2008 9:49 am

Re: DDOS attack on board

Post by Mick »

Was it just your board that was attacked, the whole server or the whole network of servers your host supplies? I find it odd that anyone would target a bulletin board with a DDoS attack, it’s a lot of work for no benefit as far as I can see.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
NewToPHPBoards
Registered User
Posts: 248
Joined: Wed Feb 03, 2016 1:38 pm

Re: DDOS attack on board

Post by NewToPHPBoards »

Thanks for the replies.

According to the ISP it was only my board - they still haven't provided suitable evidence on this point yet. My Google Analytics don't match what the ISP reported.

It started around 6am GMT with errors stating there were too many connections to the database (MySQL). It was the first time since hosting with the company in question I had experienced this (the site has been located 2.5 years with them). I went to Google stats straight away, however the stats didin't reflect the database connection counts. Still not sure what to make of this discrepancy.

On reasons, this is purely speculative, but I experienced some domain name arguments with a Chinese firm last year. They wanted the .cn extension of our domain which I poached before they managed to do so. That created some strong legal words that never materialised into anything further. This leads me to consider the possibility it was competitor related. Who knows why people find the time to attack sites, nor can I guess the wealth of motivations. In my experience the scales of humanity tip towards the types that find it easier to destroy than create.
Last edited by NewToPHPBoards on Fri Jun 22, 2018 3:34 pm, edited 1 time in total.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69228
Joined: Mon May 02, 2005 3:11 am

Re: DDOS attack on board

Post by Lumpy Burgertushie »

very strange but it still boils down to a problem with the security setup on the server which is your host's concern. If they are not setup to stop a ddos then I would seriously look for a different host.


robert

Return to “General Discussion”