Server Attacks - Ways to solve this ?

[MSW]

If you run a big board then you may know that there are many ways to attack your board. Attacks happen every day and I think it could make sense to talk about ways to protect your board from "real troublemakers".

A common used attack is overloading your server by refreshing large topics (1500 + replies) until mysql overloads your ram.

That's something people did to me all the time that's why I want to use it as example.

I solved this issue by allowing a max requests per minute which works fine for me but I think we should work together and suggest the common board coders like IB / VB / PHPBB by addressing this issue and if possible find a way by doing that via scripting side.

What do you think ?

 

[KeithMcL]

It's a very good topic, but unfortunately it's one I know nothing about at the moment because I've never had to deal with it.

 

[The Sandman]

I solved this issue by allowing a max requests per minute which works fine for me but I think we should work together and suggest the common board coders like IB / VB / PHPBB by addressing this issue and if possible find a way by doing that via scripting side.

What do you think ?

What do the major Board software developers say about this issue?

 

[MSW]

I already contacted a lot of them but no reply. I also don't want to make it too public as many people would abuse this information.

 

[Michelle Waters]

I solved this issue by allowing a max requests per minute

How do you do this?

 

[Wayne Luke]

If you are using Apache, install MOD_EVASIVE on your server to prevent attacks like these. Too many page loads and they simply get a 403 Forbidden Error for a short time.

If you are using IIS, then you can upgrade to Windows Server 2003 and use the anti-DOS protocols it has built-in.

Issues like this have to be address at the server and router level. There really isn't much you can do about it in the code.

 

[tamarian]

The best thing to do, IMHO, is test your server by attacking it yourself. Install Nessus on your home machine, and run all the latest batteries of tests. Many maybe shocked by how open they are. Another valuable tool is Snort with ACID, to discover what funny stuff is going on live, with links to all relavent resources to fix them/upgrade, etc. A good firewall will help, like APF. Another helpful thing is to uninstall and/or disable any software and services you don't need to run. Also, subscribe to security mailing lists and services, and none-censored ones like Full-Disclosure where you can find out about vulnerabilities before they are fixed, which at least gives you the option of disabling vulnerable services until it's fixed.

 

[Morning Radio]

If linux, try APF with the anti-dos module.
http://www.rfxnetworks.com/
Glenn

 

[tamarian]

Wayne, any useful info you can share on how that lengthy vb DDOS was resolved?

 

[Wayne Luke]

The attacker gave up on his demands. Unless you have thousands upon thousands of dollars to spend on hardware, this is how they are resolved.

Microsoft averted being DDOSed by MyDOOM last week only by spending millions on duplicating their server farm.

 

[tamarian]

The attacker gave up on his demands. Unless you have thousands upon thousands of dollars to spend on hardware, this is how they are resolved.

Sad, but true