Skip to Content Skip to Menu

🎃 Happy Halloween! Treat yourself with an awesome discount on memberships! Get 20% off now with code SPOOKY-2024!

Help! DDOS attack on cbsubs.folderaccess.php

  • mikerotec
  • mikerotec
  • OFFLINE
  • Posts: 346
  • Thanks: 28
  • Karma: 2
8 years 6 months ago #280995 by mikerotec
So, this morning I get in and our webserver is DOWN.
Seems its being targeted by a botnet ( or just one powerful machine spoofing and rotating IPs? )

Error logs show 25,000 entries a day, the last two days, just like this:
Code:
[Tue Apr 26 06:46:21 2016] [error] [client 95.188.249.64] PHP Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/www/html/joomla.[redacted].com/html/components/com_comprofiler/plugin/user/plug_cbsubsfolderaccess/cbsubs.folderaccess.php on line 102 referer: http://joomla.[redacted].com/en/some-forum/some-technical-questions/administrator/ [Tue Apr 26 06:46:33 2016] [error] [client 194.8.146.241] PHP Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/www/html/joomla.[redacted].com/html/components/com_comprofiler/plugin/user/plug_cbsubsfolderaccess/cbsubs.folderaccess.php on line 102 referer: http://joomla.[redacted].com/en/some-forum/some-technical-questions/administrator/

Seems the IP rotates down a huge list, each IP contributes three hits to the same URL.

I tested that URL, and it takes 0.2 seconds to generate the page:

Access Denied
You do not have permissions to access this page.
Time to create page: 0.201 seconds

Multiply that by 20 hits a SECOND ( maybe more even - I just looked at a small sample ) and its no wonder the database finally crashed after two days. Web logs showing 500 errors starting about 4AM this morning ( I had to reboot the server when I got in at 8AM, it wouldn't respond to ssh login anymore ) :(

Seeking advice - what can I do to prevent this happening again?

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48460
  • Thanks: 8280
  • Karma: 1443
8 years 6 months ago - 8 years 6 months ago #280997 by krileon
Replied by krileon on topic Help! DDOS attack on cbsubs.folderaccess.php
The crypt function can be used without a salt. Looks like PHP 5.6+ throws a warning if no salt is supplied though. Will review adding salt for crypt usage for a later release. For now I recommend changing the encryption method in CBSubs Folder Access parameters. Default is sha1.

Regardless it doesn't particularly matter what file they target. A DDoS is designed to slam you with an overwhelming amount of HTTP requests. Could be login form, registration form, or even your homepage.

You need to contact your host regarding DDoS protection as it needs to be done at the hosting level.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 8 years 6 months ago by krileon.
The following user(s) said Thank You: mikerotec

Please Log in or Create an account to join the conversation.

  • mikerotec
  • mikerotec
  • OFFLINE
  • Posts: 346
  • Thanks: 28
  • Karma: 2
8 years 6 months ago #280998 by mikerotec
Replied by mikerotec on topic Help! DDOS attack on cbsubs.folderaccess.php
Thanks for advice! Where do I find the CDSubs folder access parameters? ( I'm not seeing them anywhere obvious...)

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48460
  • Thanks: 8280
  • Karma: 1443
8 years 6 months ago #281011 by krileon
Replied by krileon on topic Help! DDOS attack on cbsubs.folderaccess.php
CBSubs Folder Access parameters can be found at CBSubs > Settings > Integrations > Folder Access.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: mikerotec

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum