First and foremost find a host that is going to work with you on this. There should be no expectation that a host is going to stand behind you 100% unless you are paying a lot of money because blocking a DDOS can get very expensive. There should be an expectation they will work with you for limited time.
NewToPHPBoards wrote: ↑Thu Jun 21, 2018 4:45 am
1) Block significant ranges of IP addresses originating from China.
Depending on what type of attack and the scale this is unlikely to be helpful for most of them, you need to stop it before it gets to the server. Trying to block an attack with the firewall is difficult let alone trying to do it with .htaccess rules because the server still needs to process those requests. Note that the Cloudflare firewall can be configure to black countries but this is completely different because those requests never get to the origin server.
2) Introduce Cloudflare, and install the Cloudflare extension for IP.
Cloudflare can stop this but you need to protect the origin IP because if that is exposed they can just go after the IP making Cloudflare useless
Cloudflare does not allow email over their network which means the IP can be exposed simply by someone registering. Emails need to be sent from a different IP, email service on it's own server is ideal but that adds more expense. If you are using WHM/Cpanel it can be set to send email through the main IP which should be different than the IP your domain is on. This of course would not prevent them attacking that IP but it can then be null routed and you would only lose email service. Hosts typically allocate IP's in order so make sure the IP your domain is on is not right next door to the one sending email.
You also need to disable any feature in phpBB that exposes the IP like remote avatar uploads.
The other major thing you want to do since all legitimate traffic should be coming form Cloudlfare IP's is to firewall ports 80 and 443 except for Cloudlfare IP's. If they know your host which can be guessed from the IP of the email they will run a bot across your hosts IP ranges and make a request for unique file(s) on your site which is basically like a fingerprint.
You also need to install mod_cloudflare on the server so the users IP is passed to applications like phpBB, logging etc. If that is not possible there is an extension for phpBB but that only works for phpBB.
Beyond that explore the options in CSF if you are using it, there is specific settings you can enable that will help mitigate an attack. CSF also has configurable option to work with Cloudlfare so any IP's banned can be directly added to Cloudflares's firewall.
I know this is a mouthful especially if you are on shared hosting but these are some of things you need to do if you expect to stop or mitigate future attacks.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
Attributed - Thomas Edison