DDOS protection

Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 50
  1. #16
    Rogu3 Wreckless is offline
    MemberRank
    May 2012 Join Date
    The WastelandLocation
    985Posts

    Re: DDOS protection

    Quote Originally Posted by Bozzie View Post
    He said XML RPC, and no unfortunately he's the one attacking, i'm going to attempt to use IIS and get an IP change. I will update the tread if I am able to solve it :)
    Think I figured what the problem might be, definitely switch to IIS. Apparently, XAMPP comes with an XML-RPC extension and it is enabled on Windows by default. XML-RPC can be used to see stats like the number of users online, statistics, and probably your IP. Switch to IIS, and see if it stops, if not come back and let us know!

    Source:
    https://community.apachefriends.org/...c.php?p=163351

  2. #17
    Account Upgraded | Title Enabled! asesinato is offline
    MemberRank
    Aug 2014 Join Date
    601Posts

    Re: DDOS protection

    Quote Originally Posted by Wreckless View Post
    Switch to IIS, and see if it stops, if not come back and let us know!
    Switching to IIS will not stop L7 attacks, I highly doubt this kid who is attacking has even got his IP (my apologies if he has), since you're able to attack by domain.

    The only thing OP will get when the attacker floods is "The Service Is Unavailable" meaning nobody will be able to access the site, if you're running your DB/Emulator on the same server it will cause lag for users, most users will disconnect. 80% of retros are still vulnerable to L7 attacks and most of them rely on "I'm Under Attack!" mode on CloudFlare. If the attacker is hosting his own server(s) he will still be able to bypass that.

    There is a few ways you can stop this OP, if you haven't fixed it already and wish for it to be fixed, PM me.
    Last edited by asesinato; 14-11-14 at 11:45 AM.

  3. #18
    Unknown Place MaxZeus is offline
    MemberRank
    Mar 2013 Join Date
    592Posts

    Re: DDOS protection

    Quote Originally Posted by Scurry View Post
    Switching to IIS will not stop L7 attacks, I highly doubt this kid who is attacking has even got his IP (my apologies if he has), since you're able to attack by domain.

    The only thing OP will get when the attacker floods is "The Service Is Unavailable" meaning nobody will be able to access the site, if you're running your DB/Emulator on the same server it will cause lag for users, most users will disconnect. 80% of retros are still vulnerable to L7 attacks and most of them rely on "I'm Under Attack!" mode on CloudFlare. If the attacker is hosting his own server(s) he will still be able to bypass that.

    There is a few ways you can stop this OP, if you haven't fixed it already and wish for it to be fixed, PM me.
    I've told all this to the OP already, but he can always try things, if he want to, it is his right doing so :D.

    There are solutions indeed, whether he will want to adopt them or not, it is really up to him.

  4. #19
    Account Upgraded | Title Enabled! Bozzie is offline
    MemberRank
    Aug 2011 Join Date
    ur mumLocation
    275Posts

    Re: DDOS protection

    Quote Originally Posted by Scurry View Post
    Switching to IIS will not stop L7 attacks, I highly doubt this kid who is attacking has even got his IP (my apologies if he has), since you're able to attack by domain.

    The only thing OP will get when the attacker floods is "The Service Is Unavailable" meaning nobody will be able to access the site, if you're running your DB/Emulator on the same server it will cause lag for users, most users will disconnect. 80% of retros are still vulnerable to L7 attacks and most of them rely on "I'm Under Attack!" mode on CloudFlare. If the attacker is hosting his own server(s) he will still be able to bypass that.

    There is a few ways you can stop this OP, if you haven't fixed it already and wish for it to be fixed, PM me.
    He did have the IP yes, I understand where you're coming from but when I previously got attacked by L7 it showed up in the access log he was using 'POST' and 'GET' methods to flood the site, this time there was none of that it's a genuine attack, previously my VPS wouldn't of shut down because he was only sending connections to the Website itself but now it does, Cloudflares 'Threat Control' is bobbins, but if you are willing to help me after i've said this then please reply to my message buddy.

    - - - Updated - - -

    Quote Originally Posted by Wreckless View Post
    Think I figured what the problem might be, definitely switch to IIS. Apparently, XAMPP comes with an XML-RPC extension and it is enabled on Windows by default. XML-RPC can be used to see stats like the number of users online, statistics, and probably your IP. Switch to IIS, and see if it stops, if not come back and let us know!

    Source:
    https://community.apachefriends.org/...c.php?p=163351
    Update on your suggestion; It didn't work i've upgraded to IIS got a new IP yet it's still getting booted, thanks for the support though.

  5. #20
    Unknown Place MaxZeus is offline
    MemberRank
    Mar 2013 Join Date
    592Posts

    Re: DDOS protection

    @Bozzie

    The first rule in this game is, don't ask for help to anyone, discuss everything in open places and you will be in less risk than privately trying to solve that (There are many reasons on that).

    Also, try to go for the obvious solutions this way you will save a lot of efforts & time, which may lead you to lose of motivation.

    And, well, protecting the website is just one of the points (CloudFlare is great as Cache and CDN, but not so great at mitigation), and don't forget to properly protect your game server too, as generally it will run over your real IP or another secondary IP.

  6. #21
    Account Upgraded | Title Enabled! Bozzie is offline
    MemberRank
    Aug 2011 Join Date
    ur mumLocation
    275Posts

    Re: DDOS protection

    Quote Originally Posted by MaxZeus View Post
    @Bozzie

    The first rule in this game is, don't ask for help to anyone, discuss everything in open places and you will be in less risk than privately trying to solve that (There are many reasons on that).

    Also, try to go for the obvious solutions this way you will save a lot of efforts & time, which may lead you to lose of motivation.

    And, well, protecting the website is just one of the points (CloudFlare is great as Cache and CDN, but not so great at mitigation), and don't forget to properly protect your game server too, as generally it will run over your real IP or another secondary IP.
    Well to my knowledge I've set everything up correctly, I've been out of the retro scene for awhile so maybe there's new techniques to resolve the IP that I'm unfamiliar with...... I've set up my CF account set-up the DNS settings all correctly and also hidden the IP in the Client with the TCP IP I was provided with from the proxy server itself, now I don't know how else they can do it.... unless of course it's something in my CMS that's enabling them to get the IP but if it's that then I have no idea where to start. I know now it's not a Layer 7 attack i'm receiving (from previous Layer 7 attacks) it is the IP itself that is getting booted.

  7. #22
    Unknown Place MaxZeus is offline
    MemberRank
    Mar 2013 Join Date
    592Posts

    Re: DDOS protection

    Quote Originally Posted by Bozzie View Post
    Well to my knowledge I've set everything up correctly, I've been out of the retro scene for awhile so maybe there's new techniques to resolve the IP that I'm unfamiliar with...... I've set up my CF account set-up the DNS settings all correctly and also hidden the IP in the Client with the TCP IP I was provided with from the proxy server itself, now I don't know how else they can do it.... unless of course it's something in my CMS that's enabling them to get the IP but if it's that then I have no idea where to start. I know now it's not a Layer 7 attack i'm receiving (from previous Layer 7 attacks) it is the IP itself that is getting booted.
    The real IP can be found through exploiting the web server and php files vulnerabilities too, and in this case, you need a forensics developer :)

  8. #23
    Rogu3 Wreckless is offline
    MemberRank
    May 2012 Join Date
    The WastelandLocation
    985Posts

    Re: DDOS protection

    As stupid as this may sound, maybe "shutdown" for a few days. If this prick sees that you've "given up", they might just stop. This will work great if you have other forms of communication with a decent amount of your users. Or if you have a small user base, get in touch with them, change the hotel name and domain.

  9. #24
    Account Upgraded | Title Enabled! Bozzie is offline
    MemberRank
    Aug 2011 Join Date
    ur mumLocation
    275Posts

    Re: DDOS protection

    Quote Originally Posted by Wreckless View Post
    As stupid as this may sound, maybe "shutdown" for a few days. If this prick sees that you've "given up", they might just stop. This will work great if you have other forms of communication with a decent amount of your users. Or if you have a small user base, get in touch with them, change the hotel name and domain.
    It's because I'm above him in the Retros ranking hahahha, he's just a jealous fuck to be honest. I would do that but I hit 20 daily (well I used too until this prick starting booting me)

  10. #25
    Rogu3 Wreckless is offline
    MemberRank
    May 2012 Join Date
    The WastelandLocation
    985Posts

    Re: DDOS protection

    Quote Originally Posted by Bozzie View Post
    It's because I'm above him in the Retros ranking hahahha, he's just a jealous fuck to be honest. I would do that but I hit 20 daily (well I used too until this prick starting booting me)
    Either way try "shutting down" for a few days.

  11. #26
    Banned bugme is offline
    BannedRank
    Feb 2007 Join Date
    1,380Posts

    Re: DDOS protection

    1. General is right, you are able to see IP's by typing in the netstat command. Anyhow that's not always going to work to find the person his real IP because he could also be covering himself by attacking via spoofed IP's. So that basically means that you're stuck untill you get the problem fixed or unless he stops the attack.

    2. IIS Isn't going to work either, I've seen many people think that their stronger when they have IIS installed, because IIS does stop most of the attacks but not the big attacks, I've seen people throw strong attacks at hotels that run IIS and even that they where able to take down. So you can try it but when there's someone around that has a bigger attack then you're stuck again.

    3. Listen to vLuke, I'm pretty sure that that's the solving to your problem, get a new server or request a different IP and start using other services other than only Cloudflare, because Cloudflare does his job well but not when you have your IP in your client, then they won't simply just help you because then their powerless against strong DDoS attacks.
    Last edited by bugme; 14-11-14 at 11:11 PM.

  12. #27
    Not so spooky... MrSpooks is offline
    MemberRank
    May 2010 Join Date
    Under a rockLocation
    1,068Posts

    Re: DDOS protection

    As stated after a little bit of research on XML-RPC

    XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. Implementations are available for Unix, Windows and the Macintosh.


    I will not add the Example of the code, but

    When run, this program will connect to the remote server, get the state name, and print it.

    So he's obv modified his code to grab a connecting i.p in some way.

  13. #28
    Member vLukeH is offline
    MemberRank
    Nov 2011 Join Date
    57Posts

    Re: DDOS protection

    Well all I can suggest to you since the guy has your real IP is to get an IP change from your host if possible if not move to another one so you have a whole new IP as there's not a lot you can do if he has your server IP address. If you have CloudFlare Business the $200 one, then you should be alright against Layer 7 attacks although I'd probably advise http://hyperfilter.com/ myself.

    And as the others have stated, having both HTTP and TCP proxies will benefit your hotel a lot.

  14. #29
    Valued Member GrateZ4 is offline
    MemberRank
    Jul 2014 Join Date
    145Posts

    Re: DDOS protection

    Patch XML RPC from wordpress useragent on ur IIS Manager.

  15. #30
    Unknown Place MaxZeus is offline
    MemberRank
    Mar 2013 Join Date
    592Posts

    Re: DDOS protection

    Quote Originally Posted by GrateZ4 View Post
    Patch XML RPC from wordpress useragent on ur IIS Manager.
    And if it is too strong, it will cause 100% cpu usage and still crash IIS :) (of course, it works for small attacks, but not for big ones).



Page 2 of 4 FirstFirst 1234 LastLast

Advertisement