Server Attacks - Ways to solve this ?

MSW

Aspirant
Joined
Feb 8, 2004
Messages
12
If you run a big board then you may know that there are many ways to attack your board. Attacks happen every day and I think it could make sense to talk about ways to protect your board from "real troublemakers".

A common used attack is overloading your server by refreshing large topics (1500 + replies) until mysql overloads your ram.

That's something people did to me all the time that's why I want to use it as example.

I solved this issue by allowing a max requests per minute which works fine for me but I think we should work together and suggest the common board coders like IB / VB / PHPBB by addressing this issue and if possible find a way by doing that via scripting side.

What do you think ?
 

KeithMcL

Freelance Web Designer
Joined
Jan 12, 2004
Messages
5,728
It's a very good topic, but unfortunately it's one I know nothing about at the moment because I've never had to deal with it.
 

The Sandman

Administrator
Joined
Jan 1, 2004
Messages
29,140
MSW said:
I solved this issue by allowing a max requests per minute which works fine for me but I think we should work together and suggest the common board coders like IB / VB / PHPBB by addressing this issue and if possible find a way by doing that via scripting side.

What do you think ?
What do the major Board software developers say about this issue?
 

MSW

Aspirant
Joined
Feb 8, 2004
Messages
12
I already contacted a lot of them but no reply. I also don't want to make it too public as many people would abuse this information.
 

Wayne Luke

Tazmanian
Joined
Jan 6, 2004
Messages
5,791
If you are using Apache, install MOD_EVASIVE on your server to prevent attacks like these. Too many page loads and they simply get a 403 Forbidden Error for a short time.

If you are using IIS, then you can upgrade to Windows Server 2003 and use the anti-DOS protocols it has built-in.

Issues like this have to be address at the server and router level. There really isn't much you can do about it in the code.
 

tamarian

Enthusiast
Joined
Feb 5, 2004
Messages
212
The best thing to do, IMHO, is test your server by attacking it yourself. Install Nessus on your home machine, and run all the latest batteries of tests. Many maybe shocked by how open they are. Another valuable tool is Snort with ACID, to discover what funny stuff is going on live, with links to all relavent resources to fix them/upgrade, etc. A good firewall will help, like APF. Another helpful thing is to uninstall and/or disable any software and services you don't need to run. Also, subscribe to security mailing lists and services, and none-censored ones like Full-Disclosure where you can find out about vulnerabilities before they are fixed, which at least gives you the option of disabling vulnerable services until it's fixed.
 

tamarian

Enthusiast
Joined
Feb 5, 2004
Messages
212
Wayne, any useful info you can share on how that lengthy vb DDOS was resolved?
 

Wayne Luke

Tazmanian
Joined
Jan 6, 2004
Messages
5,791
The attacker gave up on his demands. Unless you have thousands upon thousands of dollars to spend on hardware, this is how they are resolved.

Microsoft averted being DDOSed by MyDOOM last week only by spending millions on duplicating their server farm.
 

tamarian

Enthusiast
Joined
Feb 5, 2004
Messages
212
Wayne Luke said:
The attacker gave up on his demands. Unless you have thousands upon thousands of dollars to spend on hardware, this is how they are resolved.
Sad, but true :)
 
Top