What is going on? Is this some kind of widespread attack?

[skybound]

just use cloudflare . my site is lightning fast now

Were you able to get away with just the free package? I see the packages have varying levels of bot protection.

[dontcoz]

Free package worked for me.

[thecoalman]

Yup, looks like phpbb is also suffering. Currently 3082 guests.

It's set at thirty minutes here instead of the default 5 and a few thousand real unique visitors over 30 minutes is entirely possible.

[thecoalman]

Were you able to get away with just the free package? I see the packages have varying levels of bot protection.

The free package is quite good. Something you'll get with Pro plan or better that is useful for these issues is better rate limiting options and the automated malicious bot detection is more effective. The main tool at your disposal free or paid is the WAF where you can create rules. You only get five rules with free plan but each rule can have multiple conditions.

Set up the first rule set the action to block. For ASN, this allows you to block entire networks instead or messing around with IP ranges:

ASN >> Equals >> {ASN Number} OR
ASN >> Equals >> {ASN Number} OR
ASN >> Equals>> ? .......

Second rule set the action to interactive challenge for nations that are more aggressive:

Country >> Equals >> CN OR
Country >> Equals >> IN OR
Country >> Equals>> ? .......

3rd rule you can whitelist and for action issue Managed Challenge to everyone else:

Country >> Does not equal >> US AND
Country >> Does not equal >> UK AND
Country >> Does not equal >> ? AND.......

End result is any IP from that networks range is blocked, India and China visitors need to click the box or whatever is issued, the US and UK get nothing and the rest of the world get the "checking your browser" page

[carman33]

I actually have a different forum software and am looking into converting to phpbb, but had this same issue.

Cloudflare (free) saved my butt as well. I'm pretty impressed with what they give away for free, but as a business model it makes sense, to get use in the door and let us grow with them. I was also able to use CF to block certain countries and it help lower the impact and it did speed up the site a bit.

[skybound]

The free package is quite good.

Thanks. Have been using Cloudbric this last week, but have to use the DDoS captcha to kill the bots which forces that whole browser check adding about 5 second delay when first visiting the site.

Have tried all the other htaccess and robots options here - none worked.

Two Questions:
Have not tried the blackhole option. Has anyone had any positive results?
Anyone know if other forum owners using other platforms, have they also been suffering similar?

[dontcoz]

Untitled.png

i've never seen anything like it. Most of the requests were coming to phpbb files like posting.php, viewtopic.php etc. i had to activate attack mode on CF. Most bots were from HK. i wonder if phpbb can do more to prevent things like this.

[thecoalman]

Anything phpBB could do to block these requests is available further up the chain with .htaccess, firewall, apache modules, Cloudflare etc. Once they get to phpBB you have scripts executing and SQL queries, you need to stop them befor that happens.

[NeoDev]

ModSecurity + Fail2Ban
It won't stop them from hitting your server but it will take a huge load off phpBB.

[SQLnovice]

Untitled.png

i've never seen anything like it. Most of the requests were coming to phpbb files like posting.php, viewtopic.php etc. i had to activate attack mode on CF. Most bots were from HK. i wonder if phpbb can do more to prevent things like this.

Easy solution there, how much legitimate traffic do you have coming from HK? Probably none. So either block that country code in Cloudflare and/or in .htaccess as well. Apache's code for blocking country codes in the positive in .htaccess is...

Code: Select all

<IfModule mod_geoip.c>
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(HK)$
RewriteRule ^(.*)$ - [F]
</IfModule>

To add more country codes simply separate the country codes by the | pipe symbol. You can also block countries in the negative, where the code is slightly different. You specify only the countries you wish to allow. By default, all other countries not matching the allow list are blocked. CF and .htaccess have both of these abilities.

[LePaul]

I think you're in your DNS Records tab. Try the Name Servers tab instead. There you'll be able to change the name servers to Cloudflare's name servers.

Looks like it will take a while for the Cloudflare changes to go thru Right now I am getting

A timeout occurred Error code 524

So maybe that self resolves soon? My forum is http://www.3dprintingforum.us/

[SpIdErPiGgY]

I think you're in your DNS Records tab. Try the Name Servers tab instead. There you'll be able to change the name servers to Cloudflare's name servers.

Looks like it will take a while for the Cloudflare changes to go thru Right now I am getting

A timeout occurred Error code 524

So maybe that self resolves soon? My forum is http://www.3dprintingforum.us/

Error code 524 is an HTTP status code indicating that a timeout occurred, meaning the server took too long to respond to a request. This error often happens with Cloudflare when the server is under heavy load or not properly configured.

[LePaul]

Hi

Well it was full of bots before I made the change

Only thing I changed was the DNS setting to cloudflare

[thecoalman]

It may take a while for the DNS to propagate, in the meantime the bots will still be hitting the server directly.

To fully take advantage of CF you can firewall off ports 80 and 443 except for CF IP's. This is critical step for full DDOS protection because they can go around CF with local DNS if they know the IP of origin server. Shouldn't be necessary for run of the mill out of control bots. It's only important when it's purposeful attack.

[LePaul]

It may take a while for the DNS to propagate, in the meantime the bots will still be hitting the server directly.

To fully take advantage of CF you can firewall off ports 80 and 443 except for CF IP's. This is critical step for full DDOS protection because they can go around CF with local DNS if they know the IP of origin server. Shouldn't be necessary for run of the mill out of control bots. It's only important when it's purposeful attack.

That's interesting, can you guide me a bit - how?
Much appreciated