Aleksandr Timashov Posted November 17, 2023 Share Posted November 17, 2023 I had the DDOS attack to my board. But I can`t access to adminCP during attack. Could I change config files to disable guest access to board and decrease server load? Link to comment Share on other sites More sharing options...
Marc Stridgen Posted November 17, 2023 Share Posted November 17, 2023 You should contact your hosting company regarding this issue. If there are a huge number of requests going to your server, they need to be blocked at server level. G17 Media 1 Link to comment Share on other sites More sharing options...
Aleksandr Timashov Posted December 2, 2023 Author Share Posted December 2, 2023 I agree with you, but attack on L7 level can't prevent any hosting provider. Link to comment Share on other sites More sharing options...
Randy Calvert Posted December 2, 2023 Share Posted December 2, 2023 (edited) 13 minutes ago, Aleksandr Timashov said: I agree with you, but attack on L7 level can't prevent any hosting provider. Turning off the site to guests does not stop an attack. It still takes resources to generate that site offline message etc. You don’t mitigate TRUE DDoS attacks on the server itself. It’s mitigated higher up in the stack such as at a firewall or with something that has capacity to handle them. If you try to mitigate a DDoS in software, I promise you will lose if it’s any sort of real attack. Even things like mod_dosevasive don’t really mitigate any recent modern attack. Ideally you want to fight the attack as far away from your site/server as possible. This reduces the chance of potential collateral damage. Edited December 2, 2023 by Randy Calvert Marc Stridgen and Jim M 2 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted December 4, 2023 Share Posted December 4, 2023 On 12/2/2023 at 6:40 PM, Aleksandr Timashov said: I agree with you, but attack on L7 level can't prevent any hosting provider. Actually it can only be prevented by the hosting provider. If there are 1000s of requests a second for example, it doenst matter if we show a guest page, a login page, or anything else. There are still 1000s of requests for that resource Link to comment Share on other sites More sharing options...
Aleksandr Timashov Posted December 10, 2023 Author Share Posted December 10, 2023 @Marc Stridgen I think you could add option that blocks guest access and add captcha in login page. Could you add them in next version of IPS? Link to comment Share on other sites More sharing options...
Miss_B Posted December 10, 2023 Share Posted December 10, 2023 1 hour ago, Aleksandr Timashov said: I think you could add option that blocks guest access and add captcha in login page. Could you add them in next version of IPS? You can ask about that/suggest it at the Feedback forum. https://invisioncommunity.com/forums/forum/499-feedback/ Marc Stridgen 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted December 11, 2023 Share Posted December 11, 2023 17 hours ago, Aleksandr Timashov said: @Marc Stridgen I think you could add option that blocks guest access and add captcha in login page. Could you add them in next version of IPS? I feel you may still be missing the point there. If they hit the page 1000s of times a second, it doesnt matter what is on the page, whether it be captcha or otherwise. It will still cause issues. This kind of thing has to be taken care of at a hosting level (as we indeed do on cloud) Jim M 1 Link to comment Share on other sites More sharing options...
Recommended Posts