Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic DOS attacks (Read 3006 times)
Bill Myers
New Member
*
Offline


Using YaBB since 2002

Posts: 46
Location: Los Angeles, CA
Joined: Feb 13th, 2014
Gender: Male
Re: DOS attacks
Reply #4 - Oct 4th, 2014 at 4:29am
Print Post  
Exactly. I'm discussing two different things, although spam-bot automation is still the problem with both.

As this subject states, "DOS attacks" is the main issue I was addressing, which was prompted by your initial post.

In that same post of yours, under the subject "Error log", I then addressed the mention of an "auto-ban function for 'guest' IPs throwing repeated errors in a very short time." An admin no longer needs to be worried about spam-bot automation that tries to access their forum.

As for malicious code being injected into YaBB's files, they really don't need to worry about that if "scripting blocking" is activated in The Guardian™ with or without email notification having been selected.

As for malicious code affecting a server's access, etc., as I mentioned, having a reliable host is the prudent thing to do. As such, yabbforum.com can, and has been infected with malicious code while the forum itself doesn't have to be infected by malicious scripts if the settings in YaBB have been properly enabled.
  

Morning, noon, or night, have a great one!
Back to top
IP Logged
 
Dandello
Forum Administrator
*****
Offline


I love YaBB 2.7!

Posts: 1759
Location: The Land of YaBB
Joined: Feb 12th, 2014
Gender: Female
Re: DOS attacks
Reply #3 - Oct 4th, 2014 at 3:48am
Print Post  
Do not confuse spambots attempting to register or post with deliberate attempts to inject malicious code into a website or program by exploiting possible weaknesses. No amount of anti-spam measures will stop an attack of that nature because they're not trying to register!
  

Perfection is not possible. Excellence, however, is excellent.
Back to top
WWW  
IP Logged
 
Bill Myers
New Member
*
Offline


Using YaBB since 2002

Posts: 46
Location: Los Angeles, CA
Joined: Feb 13th, 2014
Gender: Male
Re: DOS attacks
Reply #2 - Oct 4th, 2014 at 2:56am
Print Post  
Jon deserves a lot of credit, no doubt, but those attacks that seem to have been geared specifically with YaBB in mind to target specific weaknesses in the program's architecture isn't anything that's unique. That's what these spam-bot programmers do, they write code to target any, and all sites, which of course include forums; not just YaBB even though it may seem that YaBB is being targeted specifically.

In general, server geeks seem to never fully realize or fully understand that sophisticated spam-bot coders are able to do what they can do. They simply won't believe it.

Meanwhile, being that ignorance is bliss, people like me simply accept the fact that spam-bots can do what they can do, i.e., they can easily decipher CAPTCHA for instance, so we defeat them by using basic tools such as those that are currently available in YaBB's newest release to stop spam bots cold. I don't need to know how CAPTCHA is deciphered. All I need to do is to accept the fact that it's a battle that spam-bot automation has won.

I say to that, "So what?" A deciphered CAPTCHA means nothing in our forum because spam-bots still can't gain access. Cheesy

I guess what's hard for me to understand is why anyone would bother trying to figure out the details of how spam-bot automation works when simple measures to defeat them are at our disposal. On the other hand, there are some people who obviously like to figure this stuff out. It gives them a purpose, and it makes them feel good. More power to them! After all, I'm sure their hard work benefits all of us down the road.

Bottom line: In general, the number of adverse effects of DOS attacks, and the like are directly related to how well a host manages these very common issues. In general again, this really doesn't have anything to do with YaBB itself. With a dependable host, YaBB operates perfectly fine.
  

Morning, noon, or night, have a great one!
Back to top
IP Logged
 
Dandello
Forum Administrator
*****
Offline


I love YaBB 2.7!

Posts: 1759
Location: The Land of YaBB
Joined: Feb 12th, 2014
Gender: Female
Re: DOS attacks
Reply #1 - Oct 4th, 2014 at 12:16am
Print Post  
To give Jon his due - it looks like these attacks may have been geared specifically with YaBB in mind targeting specific weaknesses in the program's architecture - weaknesses we are working to strengthen. 

And no - Guardian would NOT have caught these.
  

Perfection is not possible. Excellence, however, is excellent.
Back to top
WWW  
IP Logged
 
Bill Myers
New Member
*
Offline


Using YaBB since 2002

Posts: 46
Location: Los Angeles, CA
Joined: Feb 13th, 2014
Gender: Male
DOS attacks
Oct 3rd, 2014 at 10:48pm
Print Post  
Dandello wrote on Oct 3rd, 2014 at 9:41pm:
We're currently testing a "three-strikes you're out" auto-ban function for 'guest' IPs throwing repeated errors in a very short time. This is an idea JonB and I have talked about  - especially in light of the DOS attacks that have been aimed at YaBBForum.com.

These aren't things caught by Guardian as we're looking at the same IP throwing errors in an inhumanly short time.. 

Jon's probably just realizing this because he's evidently operating that forum on a server he himself manages versus having it operated, and managed by a host. DOS attacks routinely hit servers all the time, but they're only noticed when a host is unable to stop the attacks. These days, the better hosts have a good handle on how to effectively manage a DOS attack when it happens so that their clients aren't adversely affected.

In any case, an auto-ban function as you described it seems to be a good thing for YaBB to have, especially if a forum is hosted by a company that doesn't have the experience to manage DOS attacks effectively. The thing is, an inexperienced host will likely have access to their servers denied, so even though the servers themselves may very well remain operational, it won't do any good if access to them is cut off.

As for those bots causing errors in such a speedy fashion, I know from seeing it myself that The Guardian™ does catch all of them if spam-bot attempts are being made to access the forum. This is one of the reasons that I stopped having email notifications about those errors sent to me ... many hundreds, and sometimes thousands a day, of which I didn't need to see every single one of them.

By the way, even with this kind of auto-ban feature in effect, this won't stop DOS attacks from happening. Those attacks have to be stopped at levels before the server level. More accurately, they can never really be stopped; just bounced away from the intended target, i.e., the host. It's also not uncommon for a hosting company to need help from levels above them.

DOS attacks are a nasty business. Smiley
  

Morning, noon, or night, have a great one!
Back to top
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint