Layer 7 Attacks

Liam

smooth and dynamic
Staff member
FindRetros Moderator
Apr 10, 2013
1,275
864
Hi,

I normally wouldn't post in this section, but I'm putting my ego aside this time in search of help.

Since my reopening and effort, I have received Layer 7 Attacks (the typical "The service is unavailable.") from jealous people who clearly find it hard to see another hotel succeed. I have tried many things and can't seem to find a solution.

And I'm honestly not expecting a solution here, tbh. But does ANYONE have a solution?

I would appreciate the support!

Cheers.
 

Ghost

Legacy, it's all anyone leaves behind.
Jun 8, 2012
1,640
503
Hi,

I normally wouldn't post in this section, but I'm putting my ego aside this time in search of help.

Since my reopening and effort, I have received Layer 7 Attacks (the typical "The service is unavailable.") from jealous people who clearly find it hard to see another hotel succeed. I have tried many things and can't seem to find a solution.

And I'm honestly not expecting a solution here, tbh. But does ANYONE have a solution?

I would appreciate the support!

Cheers.

Honestly, I hate to suggest a CAPTCHA but that might be a good bet, as it requires a bot to solve it before proceeding, assuming you have Cloudflare on Lush. Layer 7 Attacks are harder to differentiate from normal requests, not really much else I know that could help, it can be as simple as a spam download of an image or flooding of a login page..
 

Liam

smooth and dynamic
Staff member
FindRetros Moderator
Apr 10, 2013
1,275
864
Thanks for the replies. It just isn't worth the long process or waste of money.

If anyone else has any ideas, I would really be grateful.
 

Liam

smooth and dynamic
Staff member
FindRetros Moderator
Apr 10, 2013
1,275
864
having to spend more money because people are cunts and can't just stay in their own lane and not attack? sad

This.

I have more important bills to pay rather than juggle my real life for a hobby because these degenerates who get spoonfed by their parents wouldn't have a clue or know how to cope living alone. There MUST be another way.

Like I said, I'm not expecting much from this forum - which is why I have always been reluctant to post.

I do appreciate any sort of help or reply though.
 

Johno

:: xHosts :: www.xhosts.uk
Sep 12, 2011
586
255
Here is an idea, I setup a few customers on a similar setup to this

Buy a cheap linux (KVM is possible)
Install Nginx and a bitninja trial (also letsencrypt if you use ssl)
modify the ddos filter rules of bitninja

I would suggest having this mainly for the main domain and do not be pulling all your swfs over this, maybe setup a subdomain for the swfs direct from your server or web hosting platform

You can easily do this for under £10 a month
 

Haid

Member
Dec 20, 2011
363
449
Here is an idea, I setup a few customers on a similar setup to this

Buy a cheap linux (KVM is possible)
Install Nginx and a bitninja trial (also letsencrypt if you use ssl)
modify the ddos filter rules of bitninja

I would suggest having this mainly for the main domain and do not be pulling all your swfs over this, maybe setup a subdomain for the swfs direct from your server or web hosting platform

You can easily do this for under £10 a month
We had something similar for Peak, never needed to purchase these extra services I see so many people doing around here.
 

Liam

smooth and dynamic
Staff member
FindRetros Moderator
Apr 10, 2013
1,275
864
Here is an idea, I setup a few customers on a similar setup to this

Buy a cheap linux (KVM is possible)
Install Nginx and a bitninja trial (also letsencrypt if you use ssl)
modify the ddos filter rules of bitninja

I would suggest having this mainly for the main domain and do not be pulling all your swfs over this, maybe setup a subdomain for the swfs direct from your server or web hosting platform

You can easily do this for under £10 a month

Thanks! This suggestion I can actually work with.

Although, I have never done this before - but will definitely look into it.

Appreciated :)
 

Shxrty

Shorty#1960
Mar 31, 2018
629
163
the user who did this came to my hotel and did the exact same thing and told me to specifically have you add him...

Keep in mind i thought he was talking about a different liam


his discord;
 

Rebel

Spilling the tea, can't you read?🍵
Dec 24, 2015
186
161
the user who did this came to my hotel and did the exact same thing and told me to specifically have you add him...

Keep in mind i thought he was talking about a different liam


his discord;
That’s him? Lmao oh no today he’s messaged me but I’ve yet to have been downed

You must be registered for see images attach


On topic, for the most part I’d suggest hosting your website aka cms and swfs on a protected cpanel host, and using a Protected TCP Proxy, HAPROXY, Or Nginx Proxy, for your client. Which could easily be done by yourself for under £8 using Centos 6-7 Server. Also I’d say use bitninja to block and filter attacks and host your emulator on a vps with only tcp ports open. Also would recommend not hosting your emulator and database, MySQL on the same server Incase of attacks on your query which could prevent cpu spam and emulator crashes.

P.S
I’ve also noticed adding Google reCAPTCHA, and having it display. Only if login attempts are failed or empty and of course any other submit forms submit. Also making sure pages that require a db query or pages you’d have to be logged into your account view should be done as well. So if someone views a page and their not logged in it sends them back to /index.

All these things will help lower your risk of being downed so easily.
 

Attachments

  • 30A9C41E-C045-4A59-A142-A528F3CBC07C.png
    30A9C41E-C045-4A59-A142-A528F3CBC07C.png
    347.6 KB · Views: 27
  • 1585188905971.png
    1585188905971.png
    5.9 KB · Views: 24
Last edited:

Bran

habcrush.pw
Mar 13, 2017
1,789
1,609
the user who did this came to my hotel and did the exact same thing and told me to specifically have you add him...

Keep in mind i thought he was talking about a different liam


his discord;
you & your friends booted @gochad's hotel for no reason so don't act all innocent lmao
 

Rebel

Spilling the tea, can't you read?🍵
Dec 24, 2015
186
161
P.S
I don’t know the guy nor his friend, but I was curious so I asked him to test downing big hotels which he did in seconds as you can see in the screenshots.

How are other sites that are non-habbo related not easily taken down? How do we protect ourselves. I see 100000 thread about how to make a hotel and never one about how to protect your habbo retro. Not even boon is protected from this attack @Sledmore . I think the community should come together as a group and find a fix, yeah in 2020 retros will die most likely but would be nice to enjoy them while flash is allowed on chrome and other browsers still. Some hotels will move to desktop which could avoid this problem in the future.

Also the method @NOC gave you won’t work since I’m sure Zap Hotel is on that same Nginx set up with bitninja like he’s mentioned. Would be pointless to waste your time and money on a possible way that clearly doesn’t work. @li4m

Also he’s just downed findretros and devbest. I was trying to post and seen it down, screenshots are listed below.


image0.png


image0.png


image0.png

image1.png
unknown.png
xUy8fvM-SHGdWLXk4UoYow.png

image1.png

image0.png
 
Last edited:

Users who are viewing this thread

Top