Layer 7 Attacks

li4m

Posting Freak
FindRetros Moderator
Messages
743
Likes
293
#1
Hi,

I normally wouldn't post in this section, but I'm putting my ego aside this time in search of help.

Since my reopening and effort, I have received Layer 7 Attacks (the typical "The service is unavailable.") from jealous people who clearly find it hard to see another hotel succeed. I have tried many things and can't seem to find a solution.

And I'm honestly not expecting a solution here, tbh. But does ANYONE have a solution?

I would appreciate the support!

Cheers.
 

Lotus

Legacy, it's all anyone leaves behind.
Messages
1,542
Likes
464
#2
Hi,

I normally wouldn't post in this section, but I'm putting my ego aside this time in search of help.

Since my reopening and effort, I have received Layer 7 Attacks (the typical "The service is unavailable.") from jealous people who clearly find it hard to see another hotel succeed. I have tried many things and can't seem to find a solution.

And I'm honestly not expecting a solution here, tbh. But does ANYONE have a solution?

I would appreciate the support!

Cheers.
Honestly, I hate to suggest a CAPTCHA but that might be a good bet, as it requires a bot to solve it before proceeding, assuming you have Cloudflare on Lush. Layer 7 Attacks are harder to differentiate from normal requests, not really much else I know that could help, it can be as simple as a spam download of an image or flooding of a login page..
 

li4m

Posting Freak
FindRetros Moderator
Messages
743
Likes
293
#4
Thanks for the replies. It just isn't worth the long process or waste of money.

If anyone else has any ideas, I would really be grateful.
 

li4m

Posting Freak
FindRetros Moderator
Messages
743
Likes
293
#6
having to spend more money because people are cunts and can't just stay in their own lane and not attack? sad
This.

I have more important bills to pay rather than juggle my real life for a hobby because these degenerates who get spoonfed by their parents wouldn't have a clue or know how to cope living alone. There MUST be another way.

Like I said, I'm not expecting much from this forum - which is why I have always been reluctant to post.

I do appreciate any sort of help or reply though.
 

NOC

Connected as... root
Messages
216
Likes
68
#7
Here is an idea, I setup a few customers on a similar setup to this

Buy a cheap linux (KVM is possible)
Install Nginx and a bitninja trial (also letsencrypt if you use ssl)
modify the ddos filter rules of bitninja

I would suggest having this mainly for the main domain and do not be pulling all your swfs over this, maybe setup a subdomain for the swfs direct from your server or web hosting platform

You can easily do this for under £10 a month
 
Messages
324
Likes
366
#8
Here is an idea, I setup a few customers on a similar setup to this

Buy a cheap linux (KVM is possible)
Install Nginx and a bitninja trial (also letsencrypt if you use ssl)
modify the ddos filter rules of bitninja

I would suggest having this mainly for the main domain and do not be pulling all your swfs over this, maybe setup a subdomain for the swfs direct from your server or web hosting platform

You can easily do this for under £10 a month
We had something similar for Peak, never needed to purchase these extra services I see so many people doing around here.
 

li4m

Posting Freak
FindRetros Moderator
Messages
743
Likes
293
#9
Here is an idea, I setup a few customers on a similar setup to this

Buy a cheap linux (KVM is possible)
Install Nginx and a bitninja trial (also letsencrypt if you use ssl)
modify the ddos filter rules of bitninja

I would suggest having this mainly for the main domain and do not be pulling all your swfs over this, maybe setup a subdomain for the swfs direct from your server or web hosting platform

You can easily do this for under £10 a month
Thanks! This suggestion I can actually work with.

Although, I have never done this before - but will definitely look into it.

Appreciated :)
 

JMG

Give yourself a try
Staff member
Messages
3,345
Likes
1,505
#12
Sucks that this is still happening lol. 9/10 it’s another hotel owner that’s jealous of you.

I would be happy to pay for something for you :up:
 

Vaping

To love Is Hard, To be loved is Harder.
Messages
180
Likes
24
#15
the user who did this came to my hotel and did the exact same thing and told me to specifically have you add him...

Keep in mind i thought he was talking about a different liam
[ To view this link you must register here. ]

his discord; [ To view this link you must register here. ]
 

Rebel

Discord: 𝕵𝖚𝖘𝖙𝖎𝖓#4599
Messages
153
Likes
115
#16
the user who did this came to my hotel and did the exact same thing and told me to specifically have you add him...

Keep in mind i thought he was talking about a different liam
[ To view this link you must register here. ]

his discord; [ To view this link you must register here. ]
That’s him? Lmao oh no today he’s messaged me but I’ve yet to have been downed

1585188939840.png

On topic, for the most part I’d suggest hosting your website aka cms and swfs on a protected cpanel host, and using a Protected TCP Proxy, HAPROXY, Or Nginx Proxy, for your client. Which could easily be done by yourself for under £8 using Centos 6-7 Server. Also I’d say use bitninja to block and filter attacks and host your emulator on a vps with only tcp ports open. Also would recommend not hosting your emulator and database, MySQL on the same server Incase of attacks on your query which could prevent cpu spam and emulator crashes.

P.S
I’ve also noticed adding Google reCAPTCHA, and having it display. Only if login attempts are failed or empty and of course any other submit forms submit. Also making sure pages that require a db query or pages you’d have to be logged into your account view should be done as well. So if someone views a page and their not logged in it sends them back to /index.

All these things will help lower your risk of being downed so easily.
 

Attachments

Last edited:

BR4N

mediocre graphics artist
Messages
957
Likes
696
#17
the user who did this came to my hotel and did the exact same thing and told me to specifically have you add him...

Keep in mind i thought he was talking about a different liam
[ To view this link you must register here. ]

his discord; [ To view this link you must register here. ]
you & your friends booted @gochad's hotel for no reason so don't act all innocent lmao
 

Rebel

Discord: 𝕵𝖚𝖘𝖙𝖎𝖓#4599
Messages
153
Likes
115
#19
P.S
I don’t know the guy nor his friend, but I was curious so I asked him to test downing big hotels which he did in seconds as you can see in the screenshots.

How are other sites that are non-habbo related not easily taken down? How do we protect ourselves. I see 100000 thread about how to make a hotel and never one about how to protect your habbo retro. Not even boon is protected from this attack @Sledmore . I think the community should come together as a group and find a fix, yeah in 2020 retros will die most likely but would be nice to enjoy them while flash is allowed on chrome and other browsers still. Some hotels will move to desktop which could avoid this problem in the future.

Also the method @NOC gave you won’t work since I’m sure Zap Hotel is on that same Nginx set up with bitninja like he’s mentioned. Would be pointless to waste your time and money on a possible way that clearly doesn’t work. @li4m

Also he’s just downed findretros and devbest. I was trying to post and seen it down, screenshots are listed below.









 
Last edited:

Users Who Are Viewing This Thread (Users: 1, Guests: 1)

  • chx

Top