Previous Thread
Next Thread
Print Thread
Hop To
#234190 01/25/2010 10:03 PM
Joined: Jan 2007
Posts: 170
D
Member
Member
D Offline
Joined: Jan 2007
Posts: 170
My board has been crashing all day. A check of the error log shows multiple requests per second from many different IP numbers for some non-existent files in the useravatars directory. (The folder is essentially empty as I don't let users upload their own avatars).

I just blocked a hundred or so IP numbers but get the feeling that the supply of numbers is basically endless.

Any ideas?


UBB user since 1998
Joined: Jan 2007
Posts: 170
D
Member
Member
D Offline
Joined: Jan 2007
Posts: 170
Hmm, it seems that at least some of the IP numbers are legitimate members. What could account for the calls for non-existent images in the useravatars directory?


UBB user since 1998
Joined: Jan 2007
Posts: 170
D
Member
Member
D Offline
Joined: Jan 2007
Posts: 170
In the words of Gilda Radner, never mind smile


UBB user since 1998
Joined: May 2008
Posts: 753
Likes: 1
Old Hand
Old Hand
Joined: May 2008
Posts: 753
Likes: 1
so what was it?


"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Joined: Jan 2007
Posts: 170
D
Member
Member
D Offline
Joined: Jan 2007
Posts: 170
The traffic was real.

The images being requested from the useravatars directory were because some members posting in a popular thread have avatars in their profiles that apparently are supposed to be in the useravatars directory. They may have had avatars in there at one point but the directory is empty now - so the files were not found. (Perhaps I overwrote the directory and deleted the files during a previous upgrade?)

There was other stuff happening at the same time that was related to intrusions and the multiple requests for non-existent files looked a lot like other incidents I have had with spam bots in the past. So I thought initially that the events were related - they were not.

If anyone has a solution for DOS attacks other than banning each IP - please share. It will probably come in handy in the future anyway as this thread would be found by others who really do have the problem smile

Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
without external hardware, DDOS attacks are just a bummer.. well, they're a bummer, regardless laugh

you can install a firewall + brute force protection (software), but that just stops things before they hit httpd.. it IS a good thing to have however..

i highly recommend CSF Linky Poo (basically a wrapper around IPTables)

after install, it integrates nicely with cPanel/WHM as well... they even offer to harden your box for $100, which is good, if you're a Linux n00b..

BUT, if you like to tinker and know Linux, it's a FREE dealio. easy install and configure.. i've done this on a couple of boxes now and love it.. smile

Joined: Jan 2007
Posts: 170
D
Member
Member
D Offline
Joined: Jan 2007
Posts: 170
Terrific, thank you.


UBB user since 1998

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Havenofsobriety), 522 guests, and 99 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)