Post by Karen » Wed Mar 16, 2011 4:42 pm

Not related to OC, per se, but I know someone on this forum will be able to give me some guidance.

A few days ago my sites (I have two OC websites on one virtual server) were both down for about 5 minutes. When I called my host, they said a bot had crawled it and increased the hits to the point that it took down the server.

Now, I'm certain Googlebot,etc. wouldn't do this. Can someone tell me how to watch the traffic on my server? And maybe disallow this particular bot in the future? I have a cpanel, but as you can tell, I know nothing.

Thanks.

Using OC version 1.4.8b
http://catandcaboodle.com/


User avatar
Active Member

Posts

Joined
Thu Jun 10, 2010 2:51 pm
Location - WA State, USA

Post by MattW » Wed Mar 16, 2011 7:23 pm

You could try installing something like DDoS-Deflate

http://deflate.medialayer.com/

Image


User avatar
New member

Posts

Joined
Sat Aug 28, 2010 11:37 am
Location - Sheffield

Post by Karen » Thu Mar 17, 2011 4:19 am

Looks interesting. Have you used it (or anyone here)?

Using OC version 1.4.8b
http://catandcaboodle.com/


User avatar
Active Member

Posts

Joined
Thu Jun 10, 2010 2:51 pm
Location - WA State, USA

Post by MattW » Thu Mar 17, 2011 7:30 am

Karen wrote:Looks interesting. Have you used it (or anyone here)?
Yes, I use it on all 3 of my servers (and it works).

Image


User avatar
New member

Posts

Joined
Sat Aug 28, 2010 11:37 am
Location - Sheffield

Post by Karen » Thu Mar 17, 2011 8:54 am

That's great news!

Do you mind if I ask (a bit embarrassed about this, but): how, exactly, do I install it? It looks like the entirety of the code is right there on the web page, but I haven't a clue how to put this in place.

Using OC version 1.4.8b
http://catandcaboodle.com/


User avatar
Active Member

Posts

Joined
Thu Jun 10, 2010 2:51 pm
Location - WA State, USA

Post by MattW » Thu Mar 17, 2011 6:15 pm

As long as you have command line access as root to the VPS, follow the below instructions to install it

Code: Select all

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

Image


User avatar
New member

Posts

Joined
Sat Aug 28, 2010 11:37 am
Location - Sheffield

Post by JAY6390 » Thu Mar 17, 2011 7:23 pm

Hey Matt

What exactly does the code do?

ImageImageImage

SEO MEGA KIT PLUS - Get your site ranking higher in the search engines
Better Product SEO URL's - Perfectly structured product links
SEO URL's Route Editor PRO - Make ANY url on your site have clean keywords - even third party extensions (remove index.php)


User avatar
Guru Member

Posts

Joined
Wed May 26, 2010 11:47 pm
Location - United Kingdom

Post by MattW » Thu Mar 17, 2011 9:16 pm

It's basically checking a netstat for the number of connections per IP address, and if it breaches the set threshold, it will temporarily block that IP address with the IPTables firewall.

Image


User avatar
New member

Posts

Joined
Sat Aug 28, 2010 11:37 am
Location - Sheffield

Post by JAY6390 » Thu Mar 17, 2011 9:27 pm

ah cool ok thanks for the info, certainly is a simple solution that looks really useful :)

ImageImageImage

SEO MEGA KIT PLUS - Get your site ranking higher in the search engines
Better Product SEO URL's - Perfectly structured product links
SEO URL's Route Editor PRO - Make ANY url on your site have clean keywords - even third party extensions (remove index.php)


User avatar
Guru Member

Posts

Joined
Wed May 26, 2010 11:47 pm
Location - United Kingdom

Post by MattW » Thu Mar 17, 2011 11:29 pm

Yeah, it's really good. You also get the following mail when it's detected something
-----Original Message-----
From: root
Sent: 02 March 2011 21:59
To: ME
Subject: IP addresses banned on Wed Mar 2 21:59:01 GMT 2011

Banned the following ip addresses on Wed Mar 2 21:59:01 GMT 2011

85.17.126.223 with 222 connections

Image


User avatar
New member

Posts

Joined
Sat Aug 28, 2010 11:37 am
Location - Sheffield

Post by JAY6390 » Thu Mar 17, 2011 11:32 pm

Very nice. I take it that is in the conf file to add the email address to send to?

ImageImageImage

SEO MEGA KIT PLUS - Get your site ranking higher in the search engines
Better Product SEO URL's - Perfectly structured product links
SEO URL's Route Editor PRO - Make ANY url on your site have clean keywords - even third party extensions (remove index.php)


User avatar
Guru Member

Posts

Joined
Wed May 26, 2010 11:47 pm
Location - United Kingdom

Post by MattW » Thu Mar 17, 2011 11:34 pm

Sure it

Code: Select all

##### Paths of the script and other files
PROGDIR="/usr/local/ddos"
PROG="/usr/local/ddos/ddos.sh"
IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"
CRON="/etc/cron.d/ddos.cron"
APF="/etc/apf/apf"
IPT="/sbin/iptables"

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
#####          option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO="ME"

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600

Image


User avatar
New member

Posts

Joined
Sat Aug 28, 2010 11:37 am
Location - Sheffield

Post by JAY6390 » Thu Mar 17, 2011 11:37 pm

As soon as I asked, I just thought to myself "I could just look myself!" and vim'd in, edited some settings (150 connections is a bit high imo, and 600 seconds for ban is a bit low). Thanks for this, will keep my server in better shape no doubt :)

ImageImageImage

SEO MEGA KIT PLUS - Get your site ranking higher in the search engines
Better Product SEO URL's - Perfectly structured product links
SEO URL's Route Editor PRO - Make ANY url on your site have clean keywords - even third party extensions (remove index.php)


User avatar
Guru Member

Posts

Joined
Wed May 26, 2010 11:47 pm
Location - United Kingdom

Post by ifyouseek » Sun Apr 24, 2011 12:04 pm

Ok, i have been running opencart for over a year and today the site has suffered from a DDOS attack.

The company that provided my hosting have fully locked my hosting account and say they will not reactivate, i have been permanently banned!!!!

Im still completely in the dark as to how the ddos attack occoured and im unsure if i reinstall my cart on a new server the new company will just banned me also if another DDOS occours (or it could still be ongoing)

Does anyone have ANY advise on this matter?

How does this ddos-deflate run on server, is it a php script or is it something that gets installed to the cpanel? Or does it not work on cpanel/linux servers?

Im really at a loss on what to do now, please any advise would be greatly appricated, we are losing customers hour by hour... not to mention what google will do with our search engine rankings if this problem isn't fixed within the next few hours.

AHHHHHHHHHHHHH, HELP ME!!! lol

Active Member

Posts

Joined
Thu May 06, 2010 4:40 pm

Post by Xsecrets » Sun Apr 24, 2011 12:20 pm

DDOS stands for Distributed Denial Of Service it has nothing to do with your hosting or opencart it means that lots and lots of machines from all over the internet are flooding your server with traffic to try to take it down. There really isn't anything you can do about it. There are some firewall tricks that can possibly help, but overall if you are targeted by a DDOS and you're not google or amazon or someone with lots of resources you are just pretty much SOL.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter


Guru Member

Posts

Joined
Sun Oct 25, 2009 3:51 am
Location - FL US

Post by ifyouseek » Mon Apr 25, 2011 7:08 am

it is a little to do with my hosting. I was on a shared server which meant that when the ddos attack started the admin of my server locked out my domain so it doesn't crash the other 600 sites also on the same server.

The hosting company simply locked out my hosting and pretty much told me they no longer wanted my bussiness!!

So now i have a deicated server, also i specifically asked the hosting company if i wouls get suspended or banned if another ddos occours, they assured me that i won't get banned and also i have alot more server resources now so it would need to be a really big attack to take me offline.

Active Member

Posts

Joined
Thu May 06, 2010 4:40 pm
Who is online

Users browsing this forum: No registered users and 2 guests