Bot Attack - IP Ban Thread

[Stoker]

@Fred Rimbert I am on VPS. Thats the backisde of it. You have to take care of security yuorself

[Fred Rimbert]

That’s what I thought!

The solution Anubis looks promising, I hope the developer will finalize its extension

[Stoker]

Yeah, something like that could be good

[Stoker]

I dont like to admit this.....
I ended up blocking my own mobile data provider

[1ubz32cb9]

Finally got home and fixed the chinese Alibaba attack which forced our server on the knee.

Hi Stoker,

Sorry to hear you got also hit by those damn bots. I've been running a PhPBB forum for a few years and doing the same blocking IPs one by one. Last month the bot traffic got out of hand peaking over 100 mb/s with more than 9000 requests per minute. These IPs you mentioned were involved among others.

The issue comes when bots get access to your SQL database. That is skyrocketing load and hogging cpu cycles. Blocking IPs one by one is a very laborious tasks and it never ends. Those guys get new IP addresses faster than you can block them. Also blocking countries is a severe handicap to your site limiting it's accessibility and possibly blocking wrong IPs as well as slowing accessing your forum down, and if you do it locally, it will also increase load.

I found a generic solution that works with bots trying to post or register a few days ago. I am now testing it. So far I have managed to block 99% of malicious traffic automatically with just a few lines of web server access configurations. If the solution works let's say a month and there are no drawbacks, I will make it public.

I believe those are not really attacks but some kind of script that some moron has programmed and is selling for trying to spam PhPBB forums, and some people from Singapore, Indonesia, Brazil and Vietnam have bought it to spam my forum.

Cheers,

s

[Stoker]

Agree, blocking countries isnt the best solution.
Its the lesser bad solution.
A couple of years ago I had to shut down the site because of the load these attacks caused.

Btw, read that Huawei allow you to create a Chatbot AI: https://medium.com/huawei-developers/cr ... 4e5291ab02
And I have seen them here.

[1ubz32cb9]

Agree, blocking countries isnt the best solution.
Its the lesser bad solution.
A couple of years ago I had to shut down the site because of the load these attacks caused.

I had to do the same. I wrote a script running from cron checking the server load and then shutting the forum down when the load was too high. The issue there was that http error pages caused still a lot of traffic and load on the server. I have a dozen other websites on the same server so shutting the forum down to protect them. You are using nginx, too? If so, you can simply return 444 to cut the connection.

Btw, read that Huawei allow you to create a Chatbot AI: https://medium.com/huawei-developers/cr ... 4e5291ab02
And I have seen them here.

I get a lot of bot traffic and I allow it all as long as they are clearly marked as bots, crawlers and/or spiders in User Agents. You can easily reduce the load they are causing by adding them all as bots in phpBB. This way they do not overload session management and get messed up with SIDs in urls. As there are new ones coming all the time, I figured out a pre-emptively do it automatically. I can post you the instructions as a message if you want to try it as I do not want to start spamming my links on your forum.

Cheers,

s

[Stoker]

You are using nginx, too? If so, you can simply return 444 to cut the connection.

Yes my server uses nginx but unfortunately Im not skilled on the server part.

[1ubz32cb9]

You are using nginx, too? If so, you can simply return 444 to cut the connection.

Yes my server uses nginx but unfortunately Im not skilled on the server part.

No worries, I pm'd you.