1
psaxtiri
I just have my first DOS attack
  • 2007/10/23 13:12

  • psaxtiri

  • Not too shy to talk

  • Posts: 185

  • Since: 2007/6/17


Ok I just have my first DOS attack.

First off all I would like to say that new users at my site not approve automatically.
So a new user with the
Username: newuz00560
e-mail: newuz00560@averecura.org
IP: 89.111.180.225

Send an apply to sign in to my site. I activate his apply.

Today I saw him online and because I knew he was a new user I went and saw how many comments have to my site. He had 55 comments. The number was very big for someone so fresh!
So I went to see his replies and I discover it was spam messages to the News module.

He was sending one comment after another. I delete him and I put his IP to the Ban ips at protector.

1) I would like you to suggest me ways to find if he has left any trace so to find him and present charge against him to Greek authorities.

2) How to see if he has made any other trouble to my site, if he has left virus something like that.

3) what to do to avoid a same attack at the future.

PS: He only achieves to post comments to News module 1.56. Can I do any modifications to it to be more reliable?
Greece.
Xoops 2.0.18.12

2
Anonymous
Re: I just have my first DOS attack
  • 2007/10/23 14:17

  • Anonymous

  • Posts: 0

  • Since:


Hi,

Quote:
psaxtiri wrote:

3) what to do to avoid a same attack at the future.


Go to Admin>Preferences>User Info Settings

1. In the section called "Enter emails that should not be used in user profile" add the following code:

|averecura.org$


to the end of your current list.

2. Add the IP address to the Protector Module's bad IP list.

3. Make sure that you do not allow comments anywhere on your site from anonymous users.

HTH

3
terrion
Re: I just have my first DOS attack
  • 2007/10/23 14:23

  • terrion

  • Friend of XOOPS

  • Posts: 299

  • Since: 2004/9/19


What you are describing is really not a DOS (denial of service) attack.

It's just a spam attack.

I've run into the same problem lately. The way I've had to deal with it is to not allow any comments (even from registered users) to News posts.

I do end up with a bunch of unapproved (pending) comments to news posts, but at least I don't have a site full of spam this way.

Hope this helps,
Terrion
Purchase, renew, or transfer your domain name to Ultranet Domains and get a FREE 10GB hosting account. Virtual Dedicated Servers around $35/monthly, no contract. FREE 24/7 telephone ...

4
irmtfan
Re: I just have my first DOS attack
  • 2007/10/23 15:41

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


if i understand you correctly, you are in the shared server, so most of your questions is not your job to worry about.
also a good configuration in protector can help you to avoid spams to register.
1) you just have an IP and no more
2) its not your job
3) use protector last version

5
psaxtiri
Re: I just have my first DOS attack
  • 2007/10/23 15:48

  • psaxtiri

  • Not too shy to talk

  • Posts: 185

  • Since: 2007/6/17


JAVesey he/she wasn't an anonymous user. I have done what you suggest. Thank you very much.

terrion i call it Dos attack because that's how protector describes it when i went to see if i have attacks. I agree with you that is more Spam attack.


irmtfan is 3.04 the latest version?

PS: I inform my Hosting Company about what have happen.


Thank you all for your answers.

Greece.
Xoops 2.0.18.12

6
irmtfan
Re: I just have my first DOS attack
  • 2007/10/23 15:59

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


no currently its 3.15
you should enable "postcommon_register_insert_js_check" to avoid spams. it works for me perfectly.

7
psaxtiri
Re: I just have my first DOS attack
  • 2007/10/23 17:03

  • psaxtiri

  • Not too shy to talk

  • Posts: 185

  • Since: 2007/6/17


Quote:

irmtfan wrote:
no currently its 3.15
you should enable "postcommon_register_insert_js_check" to avoid spams. it works for me perfectly.


one last thing. I notice that protector 3.015 is a beta version.

Do you think it would be better to wait for the stable version or not?

Is there an upgrade howto for "protector 3.04 to protector 3.015" in English language?
Greece.
Xoops 2.0.18.12

8
irmtfan
Re: I just have my first DOS attack
  • 2007/10/24 7:25

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


yes. it has beta label but it works fine in some high traffic websites include mine.
IMO its stable enough but you should always install a beta version WITH YOUR OWN RISK.
about upgrade i think you can follow this:
1- disable protector by commenting appropriate lines from mainfile.php

2- upload new version and overwrite existing files.

3- update "Protector" from modules admin

4- enable protector again in mainfile.php

9
psaxtiri
Re: I just have my first DOS attack
  • 2007/10/24 11:07

  • psaxtiri

  • Not too shy to talk

  • Posts: 185

  • Since: 2007/6/17


irmtfan i will follow your advise steps in the following days.

Thank you for spending time helping me.
Greece.
Xoops 2.0.18.12

Login

Who's Online

385 user(s) are online (306 user(s) are browsing Support Forums)


Members: 0


Guests: 385


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits