How to prevent DDoS attacks?

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Harrison76
Registered User
Posts: 268
Joined: Wed Jul 12, 2017 7:25 am

How to prevent DDoS attacks?

Post by Harrison76 »

Hi everyone, lately it seems that my forum is undergoing several DDoS attacks, which are causing my database CPD to saturate and the forum also requires 30 - 40 seconds to open a page.
Is there any way to prevent them so that I don't have to intervene every time to unblock the situation?
Thank you
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2505
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦

Re: How to prevent DDoS attacks?

Post by P_I »

DDos attacks are not really a phpBB question, they are more a hosting question.

That said, have you looked that phpBB's Who is online and in particular make sure you 'Display guests' and then look at the Guest User-Agent strings.

There are a number of recent topics here regarding specific bots/crawlers such as Claudebot, GoogleOther, Chinese scrappers to name a few, and some ideas on how to manage them in ACP->General->Spiders and Robots or other mitigation methods.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6441
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: How to prevent DDoS attacks?

Post by thecoalman »

A DDoS attack is on purpose, as mentioned by P_I it's likely just bots running amok.

Whether it's a real DDoS or malicious bots the best way to manage them is through a third party service like Cloudflare, especially for DDoS. Unfortunately that is not something easy to setup and deploy easily.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
HB
Registered User
Posts: 230
Joined: Mon May 16, 2005 9:30 pm

Re: How to prevent DDoS attacks?

Post by HB »

thecoalman wrote: Wed Apr 24, 2024 5:58 pmWhether it's a real DDoS or malicious bots the best way to manage them is through a third party service like Cloudflare, especially for DDoS. Unfortunately that is not something easy to setup and deploy easily.
I use Cloudflare at the "free" tier level. You can define web application firewall rules, though it's limited to 5. Prompted by this thread, I searched a bit and read this Cloudflare blog from last year: Easily manage AI crawlers with our new bot categories. In the past, I used user agent one-by-one matches to tame bots that don't respect robots.txt; this option makes it easier to "bundle" blocking rules (e.g., AI bots).

Setting up for Cloudflare does require more technical knowledge, e.g., understanding how the host/CDN topology works. But it does have the advantage of dealing with unwanted requests before they reach your server versus .htaccess rules or phpBB-based bot limiting schemes.
Dan Kehn
Harrison76
Registered User
Posts: 268
Joined: Wed Jul 12, 2017 7:25 am

Re: How to prevent DDoS attacks?

Post by Harrison76 »

yes, in fact I have installed cloudeflare and at the moment I have solved it: if a peak occurs I block the entire country, and everything goes back to normal, then I go to see what caused it and create a new specific filter and then unblock the country
I was trying to understand if there is something automatic to block harmful bots, or if it is worth creating a new rule based on frequency: how did you do it?
Thank you
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72617
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: How to prevent DDoS attacks?

Post by KevC »

You're better off asking on a cloudflare support site.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
HB
Registered User
Posts: 230
Joined: Mon May 16, 2005 9:30 pm

Re: How to prevent DDoS attacks?

Post by HB »

Harrison76 wrote: Fri Apr 26, 2024 5:09 am...is there something automatic to block harmful bots, or if it is worth creating a new rule based on frequency: how did you do it?
You can handle "panic" cases programmatically with the Cloudflare API. For example, if the server CPU usage goes off the charts, you can temporarily set the security level to "under_attack":

https://developers.cloudflare.com/api/o ... el-setting

This will result in all incoming requests being challenged. You can change the default challenge level for a country in the dashboard under Security > WAF > Tools. For example, you might change the default to "Managed Challenge" for countries that are (a) high spam risk and (b) you have few members from that country participating.
Dan Kehn
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6441
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: How to prevent DDoS attacks?

Post by thecoalman »

Harrison76 wrote: Fri Apr 26, 2024 5:09 am if a peak occurs I block the entire country, and everything goes back to normal,

For countries with a lot of bad activity the JS challenge is quite effective. It's practically seamless for regular users so you can just leave it enabled.
I was trying to understand if there is something automatic to block harmful bots,
The pro plan and up has automated tools for malicious bot activity.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
Forex Station
Registered User
Posts: 185
Joined: Thu Apr 06, 2017 2:26 pm
Location: Australia

Re: How to prevent DDoS attacks?

Post by Forex Station »

Cloudflare free plan will stop DDoS. We've got their pro plan as we were getting attacked a lot and felt better purchasing it last year but free plan is that good there's really no need to purchase the pro plan.
Highly-customized PhpBB board, voted as one of the most influential trading sites in the world: forex-station.com 💬

Return to “[3.3.x] Support Forum”