Server under DoS attack for the last 3 days
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
- phidias81
- Joomla! Explorer
- Posts: 271
- Joined: Thu Dec 15, 2011 11:44 pm
- Contact:
Server under DoS attack for the last 3 days
I'm on a cheap shared hosting, I've been with them for a couple of years and I was quite satisfied. Now they are having the biggest problem I encountered so far. It's already 3 days that the server is under DoS attack, and it looks like that are not able to manage the situation. My website went live for a few hours or minutes during these days, but then the attack is starting again later.
When I first asked for explanations they told me "It appears that your site is coming under a massive DoS attack and this is affecting the whole cloud server."
So I would interpret this as if it was my site to be targeted by the attack? I would consider it strange, since it's just a personal travel blog that has no enemy and it's not competing with any big fish.
Is there anything I can do?
If it's for real my website that is targeted, If I would move to another server-hosting, it would solve the problem, or the attack would be "automatically" transferred to the new server? Thank you
When I first asked for explanations they told me "It appears that your site is coming under a massive DoS attack and this is affecting the whole cloud server."
So I would interpret this as if it was my site to be targeted by the attack? I would consider it strange, since it's just a personal travel blog that has no enemy and it's not competing with any big fish.
Is there anything I can do?
If it's for real my website that is targeted, If I would move to another server-hosting, it would solve the problem, or the attack would be "automatically" transferred to the new server? Thank you
At Nomad Travellers you find my travel stories, unusual places and amazing photos: visit my new website and travel from your chair! Make yourself comfortable and start your Nomad Travel! http://www.nomadtravellers.com/
-
- Joomla! Hero
- Posts: 2908
- Joined: Fri Jul 05, 2013 10:35 am
- Location: Parts Unknown
Re: Server under DoS attack for the last 3 days
Since you're on shared hosting, they must be targeting your domain and not IP address. So the attack would continue even on another host/IP address. But better hosts have DDoS protection.If it's for real my website that is targeted, If I would move to another server-hosting, it would solve the problem, or the attack would be "automatically" transferred to the new server?
You can implement firewall/DDoS protection on your site or use a service like CloudFlare.
Have you checked the logs? Which parts of your sites are being attacked? Is it login form? Maybe some specific extension?
- phidias81
- Joomla! Explorer
- Posts: 271
- Joined: Thu Dec 15, 2011 11:44 pm
- Contact:
Re: Server under DoS attack for the last 3 days
I already use Cloud Flare (The free part) but it looks like the only help is that it's showing a copy of my homepage. As for the other questions I don't know, because I have no access to cpanel and I sincerely am not that "advanced" to understand this details
At Nomad Travellers you find my travel stories, unusual places and amazing photos: visit my new website and travel from your chair! Make yourself comfortable and start your Nomad Travel! http://www.nomadtravellers.com/
- JAVesey
- Joomla! Hero
- Posts: 2637
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Server under DoS attack for the last 3 days
Are they attacking your fronted or the admin section?
I had an issue with the latter, so installed AdminExile to mask the Admin URL. Works well. This also has "brute force" protection included. If you're not using it then give it a go. Excellent extension in my experience.
I had an issue with the latter, so installed AdminExile to mask the Admin URL. Works well. This also has "brute force" protection included. If you're not using it then give it a go. Excellent extension in my experience.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
- phidias81
- Joomla! Explorer
- Posts: 271
- Joined: Thu Dec 15, 2011 11:44 pm
- Contact:
Re: Server under DoS attack for the last 3 days
I haven't tried the backend, for sure the frontend was not accessible. My url is already masked with another plugin, and I have several security plugins installed for brute force, injections, etc.
In this moment the attack stopped, and my host migrate the accounts to a different server, so now i's working. Let's see for how long will it work
In this moment the attack stopped, and my host migrate the accounts to a different server, so now i's working. Let's see for how long will it work
At Nomad Travellers you find my travel stories, unusual places and amazing photos: visit my new website and travel from your chair! Make yourself comfortable and start your Nomad Travel! http://www.nomadtravellers.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Server under DoS attack for the last 3 days
This is your weak server environment. I believe we have pointed this out to you several times in other posts. As stated multiple times before with all your hacks posted : You host sucks" and change host!
Leo
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- phidias81
- Joomla! Explorer
- Posts: 271
- Joined: Thu Dec 15, 2011 11:44 pm
- Contact:
Re: Server under DoS attack for the last 3 days
Updates: It looked like the attack stopped after the third day, but now I started again 2 days ago, and still going on. This despite I was moved to a different server, so it looks like they are really targeting my website, and I don't understand why.
If I look for a new host, how can I understand if they will be able to manage DoS attacks or not?
If I look for a new host, how can I understand if they will be able to manage DoS attacks or not?
At Nomad Travellers you find my travel stories, unusual places and amazing photos: visit my new website and travel from your chair! Make yourself comfortable and start your Nomad Travel! http://www.nomadtravellers.com/
- exhug
- Joomla! Apprentice
- Posts: 26
- Joined: Wed Nov 26, 2014 3:19 pm
- Contact:
Re: Server under DoS attack for the last 3 days
use ddos protection by cloudflare payed it will stoped for:phidias81 wrote:Updates: It looked like the attack stopped after the third day, but now I started again 2 days ago, and still going on. This despite I was moved to a different server, so it looks like they are really targeting my website, and I don't understand why.
If I look for a new host, how can I understand if they will be able to manage DoS attacks or not?
it will Checking your browser before accessing for 5sec to stop the attack and you can block range ip 90% are china bots.
- phidias81
- Joomla! Explorer
- Posts: 271
- Joined: Thu Dec 15, 2011 11:44 pm
- Contact:
Re: Server under DoS attack for the last 3 days
Well, that's really out of my budget. It cost 200$ per month, and consider I don't make any money with my website and I pay around 1€ per month for my shared hosting
At Nomad Travellers you find my travel stories, unusual places and amazing photos: visit my new website and travel from your chair! Make yourself comfortable and start your Nomad Travel! http://www.nomadtravellers.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Server under DoS attack for the last 3 days
Nobody asks you to pay so much money for hosting but you get what you pay fro with Euro 1/month;y..Crap in security and that is why you are already putting assist requests in for month's now due to hacks , attacks and all kinds of crap and that will continue unless you will finally admit that cheap or almost free hosting is PITA!
With all respect based on your history of posts here it makes no sense to pride support with such weal hosting solutions you think you can rely on.... The only one responsible for the problems you have been facing for month's now is you!
Leo
With all respect based on your history of posts here it makes no sense to pride support with such weal hosting solutions you think you can rely on.... The only one responsible for the problems you have been facing for month's now is you!
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- Joomla! Apprentice
- Posts: 8
- Joined: Thu Dec 11, 2014 5:16 am
Re: Server under DoS attack for the last 3 days
Hi Friends!
Through it !!!
1- Did the following: LOCK these suspicious IPs! BAN !!!
* PS: CAUTION to not lock! Lol ... Check first of all the IP of your computer! : D
Joomla has a very good file showing: errors and intrusion attempts. And the best: IPs !!!
This place is where it is:
/logs/error.php
There is thus displayed:
==========================================================
#
# <? php die ('Forbidden.'); ?>
#Date: 24/05/2013 01:53:48 UTC
#Software: Joomla Platform 11.4.0 Stable [Brian Kernighan] 03-Jan-2012 00:00 GMT
#Fields: Date time priority category ClientIP message
24/05/2013 01:53:48 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Invalid password
04/06/2013 06:56:47 INFO xxx.xxx.xxx.xxx Joomla FAILURE: No blank password is allowed
08/06/2013 22:56:18 INFO xxx.xxx.xxx.xxx Joomla FAILURE: No blank password is allowed
06/15/2013 21:00:39 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
24/06/2013 19:23:20 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
24/06/2013 19:23:28 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
24/06/2013 19:23:42 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Invalid password
02/07/2013 16:35:30 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:31 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:32 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:33 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:34 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
11/23/2013 20:04:58 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:00 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:01 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:01 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:02 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
==========================================================
So I went in ".htacces" and implemented these rules for suspicious IPs:
# START IP BAN!
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
# END IP BAN!
Also, check in your control panel of your hosting, there is this option of blocking IPs, so easy plus the option to block IPs.
In addition, check with your Hosting company as DDos attacks are the trantando and, if they have a security system. Some charge more for this service.
2- Also block the / Administrator any extension of Joomla or the capabilities of .htacces and .htpasswd.
3- Also if you are using any search field, use any extension of joomla for Google search on your site, so it is avoided that some field allow SQL Injection. So your site is more secure.
Phew!
Big hug!
Success there!
Thank you!
Through it !!!
1- Did the following: LOCK these suspicious IPs! BAN !!!
* PS: CAUTION to not lock! Lol ... Check first of all the IP of your computer! : D
Joomla has a very good file showing: errors and intrusion attempts. And the best: IPs !!!
This place is where it is:
/logs/error.php
There is thus displayed:
==========================================================
#
# <? php die ('Forbidden.'); ?>
#Date: 24/05/2013 01:53:48 UTC
#Software: Joomla Platform 11.4.0 Stable [Brian Kernighan] 03-Jan-2012 00:00 GMT
#Fields: Date time priority category ClientIP message
24/05/2013 01:53:48 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Invalid password
04/06/2013 06:56:47 INFO xxx.xxx.xxx.xxx Joomla FAILURE: No blank password is allowed
08/06/2013 22:56:18 INFO xxx.xxx.xxx.xxx Joomla FAILURE: No blank password is allowed
06/15/2013 21:00:39 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
24/06/2013 19:23:20 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
24/06/2013 19:23:28 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
24/06/2013 19:23:42 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Invalid password
02/07/2013 16:35:30 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:31 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:32 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:33 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
02/07/2013 16:35:34 INFO xxx.xxx.xxx.xxx Joomla FAILURE: User does not exist
11/23/2013 20:04:58 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:00 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:01 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:01 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
11/23/2013 20:05:02 INFO xxx.xxx.xxx.xxx Joomla FAILURE: Username and password do not match or you do not have an account yet.
==========================================================
So I went in ".htacces" and implemented these rules for suspicious IPs:
# START IP BAN!
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
deny from xxx.xxx.xxx.xxx
# END IP BAN!
Also, check in your control panel of your hosting, there is this option of blocking IPs, so easy plus the option to block IPs.
In addition, check with your Hosting company as DDos attacks are the trantando and, if they have a security system. Some charge more for this service.
2- Also block the / Administrator any extension of Joomla or the capabilities of .htacces and .htpasswd.
3- Also if you are using any search field, use any extension of joomla for Google search on your site, so it is avoided that some field allow SQL Injection. So your site is more secure.
Phew!
Big hug!
Success there!
Thank you!
- JAVesey
- Joomla! Hero
- Posts: 2637
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Server under DoS attack for the last 3 days
As I keep saying on here, use the AdminExile extension. It allows you too:linuxwebman wrote:2- Also block the / Administrator any extension of Joomla or the capabilities of .htacces and .htpasswd
1. Set the path to /administrator to something only you know (and change the path whenever you want)
2. It has "brute force" protection for the front- and back-end.
Take a look
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28