next »

[admin]

We can't reveal how the algorithms works, but it's to kill abusers behavior (testing/refreshing, creating multiple connections like crazy) in seconds. It instantly blocks the attackers IP. Changing IP would naturally equal the same IP ban if abuse from it continues also.

Blockage is for 1 hour. During that time, server (for YOU ONLY) will appear dead/offline/down including FTP.

PURPOSE OF SCRIPT: To protect everyone and everyones sites from being DoSed or abused. Eg. (If any), your site enemies would get blocked instantly if they were to flood your site with a bot designed to spam your site with whatever.

This is an extra measure to maintain the server you're on is fast at all times.

YOU TOO MAY GET BLOCKED IF...: Script is still being adjusted to identify abuse from legit actions which seem similar.

If you get blocked, let me know what you were doing for last 30 minutes before you got blocked. This will help adjust the algorithm.

[soren121]

Blockage is for 1 hour. During that time, server will appear dead/offline/down including FTP.

So when the guy gets banned, the whole server goes down? I'm confused. 

[admin]

Nothing goes down. lol

Only you get blocked and you may think the server is down. But it's not since it's not allowing any incoming connections from your computers (or abusers computer) IP address.

[Mop (Gb)]

They get banned so that only to them 110mb seems non-existant.

@ Admin(s): Good work! This will stop those ddoses  

[soren121]

Nothing goes down. lol

Only you get blocked and you may think the server is down. But it's not since it's not allowing any incoming connections from your computers (or abusers computer) IP address.

They get banned so that only to them 110mb seems non-existant.

Oh...ok. That particular sentence just confused me. Anyway, good job on the script. Hopefully this will prevent another DDos like what we had in May (I think).

[Slittzle]

what's max # of connections allowed at one time? Me thinks that firefox users using pipelining are going to start getting banned as a result.

[soren121]

what's max # of connections allowed at one time? Me thinks that firefox users using pipelining are going to start getting banned as a result.

I see what you mean. Is Fasterfox going to get me banned? 

[Slittzle]

yea it will. I got banned..and the script is faulty, it doesn't unban you after an hour - it's been more then a couple hours and I'm still banned.
I'm writing this via a proxy btw.

So basically at first I opened 3 windows with Firefox, one of them being this post - and with fasterfox enabled (I have it on courteous) that meant something like max of 8 connections per a window - so 8*3=24 connections say.  I wasn't able to use 110mb forums but I could still visit all 110mb hosted sites. So I assumed that I would get unbanned and post my findings, so I worked on my site a bit - waiting for the ban to disable but then after say 30 minutes, I was banned from all 110mb sites and the ban isn't lifting so I guess it's working to some degree, except that the ban never lifts.

This is not an effective way to stop DDos'ers. I won't offer any tips to DDosers here obviously, but I think this block is going to stop a lot of legitimate users. For one thing, anyone surfing on a 110mb hosted site could easily hit the max connections and be banned from seeing any other site. Also it raises the idea of 110mb abuse - basically by creating a simple html page I can make it so that anyone viewing the page incurrs the ban and thereby is not only unable to see my site, but all other 110mb hosted sites - think of what someone who hates 110mb (do they exist?) could do, proof of code concept here:

index.html:

Code:

<iframe src="index.html"></iframe>

The page is an infinite loop and would cause max-connections to eventually get called. Basically it puts an iframe on screen, which loads the  same page within the iframe. And the page being loaded again recreates another iframe, which again creates another iframe, and so forth. Basically (untested of course - but it should work), will cause a user to hit the max-connection limit - and the server will temp-ban them, during that time the user will not be able to view any 110mb sites, nor access the forum to report that they can't access it. Instead do something like this, make the max-connection limit something like 1000 - that's more likely to be a DDos then say 100 connections or 500 connections (which is a lot still).

[inp o҉rtb]

Interesting loop you got there... You might want to post up your IP address to get unbanned

Now, as far as I know, DoS does not have to be executed by opening lots of connections on the attacker's side -- as long as the resources get used up, the purpose is served. Some attacks involve sending malformed packets that keep connections half-open, and some mirror such packets from other servers to hide their identity. Using these techniques, a single machine can overload a server. I suppose a system tool capable of closing all half-open sockets would be useful. There are other methods too, which should be taken care of.

[kriššyafc]

Well i have being blocked 3 times, all i was doing was viewing the forum?

[Slittzle]

I don't think I need to post my ip, seeing as how the mods should have it (just look at any of my posts besides the ones in this one - since I'm using a proxy to access). BTW the html iframe thingy will work, firefox will stop it after a few runs but IE and opera will run it continuously. The admins are nowhere to be found lol, I have a networking background so my 2 cents is to just put up an acl and block ips that did the previous dos attacks, limit max connections of each user to 250-400 connections (even that's a lot but still leaves no room for mistakes). And maybe use some useragent blocking to stop preventable bots, and of course use an iplist to block spambots and other nefarious bots - which can be obtained at any anti-spam site.

[aldo]

Actually Slittzle if you access via proxy it will change the IP of the Proxy IP on every single post, just like when you post it changes it on everyone of your posts. All your posts are synced

[admin]

Yea script doesn't ever unblock I just found out. lol

The next change will ban for 30 min and I'll increase the lever x3 higher.

[phenomless]

Hi I can't access my site and pannel on box 4.
Did not do much... just looked at the forum few times and tried to access my site...

Admin - The first time you activated the script it blocked my IP, then yesterday it was o.k,
and now I'm apparently blocked again...

Edited: It's back after 4 hours...

[ericsspace]

Good i hate anyone who will lag the server by spamming or attacking it. It totally sucks that everyone else has to suffer just because one or a few people want to be the annoying hacker.

[TDSii]

i wounder why i am not having such issues with my site.although i got too many hits and activity!
the script seems to work fine as i was once blocked when i tried to use a prohibited script

[meep-online]

This seems like an epic fail to me :\

[selangor-online]

Nothing goes down. lol

Only you get blocked and you may think the server is down. But it's not since it's not allowing any incoming connections from your computers (or abusers computer) IP address.

admin, since i'm in a univ., will my IP get BAN too if a lot of my friends assessing my webpage? 

if admin just google my IP, there r lot of connection.....

[stevediraddo]

so if i browse to my page and hit F5 really fast, what will happen?

[antimatter15]

They get banned so that only to them 110mb seems non-existant.

@ Admin(s): Good work! This will stop those ddoses  

It looks like it'll only stop doses, not ddoses.