Yesturday I get greeted from an email from hostrocket saying my site had been suspended due to use at one point using over 200 apache processes. I reply to the ticket and after a few hours my site is back online.

I check my site and notice that the forums had received over 500 concurent users (previously had never gone above 56) which is obvioulsy what caused the problem.

Straight away I see my concurent users go above 200 and find that they are all accessing the same page so asume a DOS attack. I ticket hostrocket with no answer.


Today my site has been under attack again and I get another email from hostrocket unrelated to my ticket saying that my account had been suspended because my site is too busy and I need to upgrade to a dedicated server?????

This is stupid?? Is there no way they can stop these DOS attacks

How are you so sure it's a... whatever attack? Are you sure it isn't just a ton of guests viewing a highly linked too thread? I'm not saying it isn't an attack - just consider all of the posibilities first.

I got same thing but 25 i dunno whats up with this...

DOS - denial of service attack.

The fact thatover 500 people were all accessing the same page which was just a forum root and not an actual post is very suspicious. When I was watching the whose online for the forum I would also notice that it would hit one page for about and hour solid and then would switch to a different page.

I cant believe this is genuine traffic as for one everyone is veiwing the same page at the same time and 2 this would mean a tenfold increase in my traffic overnight..

Okay, so it probably is an attack. :p

HR can probably block the IP(s) but knowing HR, they are busy probably...

You can always block IPs.
Depending on what board you use, some have an option of caching pages, so if they view the page 500 times, it wont make 500 queries to the MySQL database, just 500 page views.

The problem is that every one is a different IP address so I guess they are using some kind of software which spoofs the IP.

Im really not sure what to do, HR are not replying to me tickets and my website in currently unavailable so I cannot attempt to try anything with the forum settings.

Is this thing usually down to the host or the customer to resolve?? I would of thought that if someone is bringing one of their servers down it should be the host who should be trying to resolve the problem.


I dont know....... :(

in your server control panel --->IP deny menager--->insert range IP

example ip is 152.868.789.123

Add

block 152.868

etc......

another suggestions

-enable hot link protection
-upload in main dir robots.txt with this txt
User-agent: *
Disallow: /


regards

Thanks,

I would be unable to block the IP addreses as everyone was from a different range but I will give the other 2 things a try if HR allow me to access my site.

how do I enable hot link protection and what does it do??


>>-upload in main dir robots.txt with this txt
>>User-agent: *
>>Disallow: /

What does this do.


Thanks for your help

a more drastic thing would be:
change the forum directory name

and change the link on yer main page to the new location if you have a main page. that way yer users will still be able to find yer forum

or create a plain small page on the old directory telling the forum has moved