[TUT] Steps To Protect Your Habbo Retro/Website From Layer 7 Attacks [Noob-Friendly]

[Rebel]

Hey Scrubs,
I thought it would be nice to release another way to protect your Habbo Retro without being forced to only use a few hosts in the retro community, like keepus.online or 4it.
Nobody likes to be limited, and I'm one of those people who don't like being limited. I'd rather host on an unprotected host or a big hosting company that isn't in the Habbo Retro community, than trusting someone who has the same interest as me with my files or being able to gain access to my stuff. Which I'm sure many of you, who own retros feel the same way as well? Within this community, one moment someone will be your best friend next, they'll be opening their own hotel, or if you're unlucky you get other Habbo Retro's, people who down you left to right. I know that feeling and didn't want to spend a ton of money of protection because this is just a game I enjoy to play and build a community of players who treat each other like family and stick up for one another so with this being said I feel this is well deserved to our community!

P.S
I know some people are dickheads and don't deserve this but I'm doing this for those people who do, and those who don't want to be forced to use these other companies. I've heard a lot about a new DDOS protection company, they've been downing hotels, and then offering them their protection and playing innocent and taking their money. I hate to see people taken advantage of when they didn't do anything wrong but want to own a game that makes them happy. But others see ways to find flaws and make money off these people, and to me that's twisted, doing dirt behind someone's back and forcing them to use your services. I ain't saying no name or anything, the tea comes out when it finally spills out. It was really sad to see nobody in this community, who knew how to help these upcoming hotels and didn't. I'm shocked outta all these popular Habbo Retro's I am the only one taking the time to try and help people still...... I've done my good and bad within the community but nobody is perfect. But what mattered, is I care enough to help at the end of the day and not charge people money to protect their websites and not give them other choices they know that would work and cost them less. People just looking at how to make a profit off people instead of just helping them, But this TUT is well overdue.

Let's Start......
I will be giving you guys the same protection I use on Zabbo.ME, it's worked for me. I ain't that much of a tech guy JS but I manage and get shit to do the job I want.

I am using IIS (Internet Information Services), It shouldn't matter which PHP you use, but as I said I am telling people the setup I use!

- IP Address and Domain Restrictions (Settings:

You must be registered for see links

)
- PHP 5.6.1
- PeerBlock 1.2 (

You must be registered for see links

)
- Cloudflare (Free Plan)
- S

You must be registered for see links

(

You must be registered for see links

) (

You must be registered for see links

)

After you've bought a plan from Sucuri for $9 a month, you can use their firewall which will stop ONLINE BOOTERS & Most Layer 7 Attacks on your domain from smacking you offline.
The green-colored blocks I've put (

You must be registered for see links

) is the IP you copy and paste to your Cloudflare for your IP for your server. (

You must be registered for see links

)
Also, make server to click on Hosting IP in Sucuri Navigation on the left sidebar (

You must be registered for see links

)
Once you've done that go back to Sucuri then look at the top navigator bar and find Security and click on it (

You must be registered for see links

) make sure your settings are those.

P.S
Before someone says it doesn't work, make sure you haven't exposed your server IP to anyone because then this whole thing is pointless. Please use a TCP proxy in your client.php!

If you need a free TCP proxy check out

You must be registered for see links

Or PM me and I can set you up on one of my proxy servers but I recommend

You must be registered for see links

since they're free and saves you money.

Meh did my best to explain, click on the images to understand it more, I am not going to spoon-feed it, but if anyone needs help or runs into an issue PM me or find me on Zabbo and I'll help you set up this on TeamViewer. Make sure to try at least before asking me to help.

 

[Zachariah]

saves people money by doing this, rather than paying someone to be ddos protected

 

[yoyok]

Peerblock.. shake my head. You know when someone really want to take you offline with a botnet this will not help and its easy to bypass. That fucking peerblock and the IIS dynamic restricition are from small Attack only DoS.

Why using Sucuri and Cloudflare both? Cloudflare is enough.

At all, you are confusing people to use the wrong things.

 

[Rebel]

Peerblock.. shake my head. You know when someone really want to take you offline with a botnet this will not help and its easy to bypass. That fucking peerblock and the IIS dynamic restricition are from small Attack only DoS.

Why using Sucuri and Cloudflare both? Cloudflare is enough.

At all, you are confusing people to use the wrong things.

Of course, I am aware of that, I just use PeerBlock to see the incoming connections whenever my TCP is being spammed. Which I find easier for me, Which is why I’ve listed it because I said I am giving people the same setup I use. Clearly Peerblock wouldn’t help with a layer 7 attack lmao, nor would IIS dynamic restrictions. But it would help with small attacks which is what matters as well. Better safe than sorry? You gotta be a pure dip shit if you assumed it believed that would help block layer 7 DDOS attacks and just not realized I just included it because it’s the setup I have, I recommend Sucuri to block botnets which the firewall has clearly been doing for the past 2 months of now downtime due to online booters anymore.

Also, Cloudflare isn’t enough? You’re the one confusing people. I use Cloudflare and Sucuri because that’s what @Muscab recommended for people to do in a layer 7 attack thread earlier this year and he uses this method for Fresh Hotel. Which has worked for me, So that’s what I’ve done and I’ve tested it myself and it didn’t down my website with this setup? But when I just am using Cloudflare and not using Sucuri as well, I’m able to down my site. But with the Sucuri firewall and Cloudflare on, I am not able to do it. So it clearly does work? Not sure if you read Cloudflare TOS but they stop protecting you on the free plan after a big attack is sent to your domain they take you off their DNS which allows you to go offline. So by using Sucuri, before Cloudflare allows me to go offline, the Sucuri firewall helps me stay online because once Cloudflare DNS stops protecting me and allows me to go offline Sucuri firewall will take play and help my site not go offline.

Post automatically merged: Apr 30, 2020

That fucking Peerblock and the IIS dynamic restriction are from small Attack only DoS.

Sometimes people in the community do small attacks with an HTTP flooder, which would help manage this attack as well and Peerblock you can see the IPs that have been blocked and add them to your Cloudflare to block them completely which is useful as well

Post automatically merged: Apr 30, 2020

At all, you are confusing people to use the wrong things.

You're the one confusing people, I am giving them a fix that has worked for me and bigger hotels like Fresh Hotel and Rise. If people wanna stick with the free Cloudflare plan and not use Sucuri than that’s their choice but this is what I recommend and have literally seen work, as well as my user base. We haven’t had anyone be able to down us since using this setup. So either my Cloudflare account is broken or yours is paid for Cloudflare version? But I’d rather use the firewall Sucuri offers which I find better than what Cloudflare has to offer and it’s cheaper.

So Instead of stating a false comment and confusing people maybe do some background search into it? I'm sure big sites like Fresh and Rise just don't use Cloudflare and Sucuri because they just feel like spending more money?

Post automatically merged: Apr 30, 2020

 

[yoyok]

What a silly combination, you pay for Sucuri 9$ a month? What makes you not to pay Cloudflare package, for a little bit more money.

Everyone with a little bit knowledge know, Cloudflare and Sucuri is not a good combination. One of them is enough.

As example, if someone hit your website, Sucuri will see Cloudflare's IP adress as attacker.
What you are recommending is not a solution but a workaround.

Very, very bad method! Not to mention that Rise and Fresh don't need to be your example on how to setup a hotel-security.

When 'big' hotels have much online does not mean they know how to setup a good protection! On avarage the most hotel owners with 100+ users online doesn't even know how to code themself.
I can give you so many examples of hotels that have more then 1k online, only using Cloudflare, fine tuned php ini settings etc.

It also depends on how your CMS is coded, if you have very poorly codes it may that your script will take forever to load.. that will overload your server.

 

[Rebel]

What a silly combination, you pay for Sucuri 9$ a month? What makes you not to pay Cloudflare package, for a little bit more money.

Everyone with a little bit knowledge know, Cloudflare and Sucuri is not a good combination. One of them is enough.

As example, if someone hit your website, Sucuri will see Cloudflare's IP adress as attacker.
What you are recommending is not a solution but a workaround.

Very, very bad method! Not to mention that Rise and Fresh don't need to be your example on how to setup a hotel-security.

When 'big' hotels have much online does not mean they know how to setup a good protection! On avarage the most hotel owners with 100+ users online doesn't even know how to code themself.
I can give you so many examples of hotels that have more then 1k online, only using Cloudflare, fine tuned php ini settings etc.

It also depends on how your CMS is coded if you have very poorly coded it may that your script will take forever to load.. that will overload your server.

I think you gotta be blind but alright sir, you should've written a tut for these people since you seem to know it all? Oh, wait you didn't but you'd gladly try and tell me about a way that works for me and could for work for other people as well? Like it does for me and many other Habbo retros already. If you want to push your way of doing it then write a tut of your own about it until then I wouldn't recommend, speaking on a way that is proven to work? and My Cloudflare and Sucuri seem to be running everything just fine and fast with no lag? maybe you not doing something the right way? and also a workaround can still get the job you want to be done? Right or wrong? Yeah, it's right because I haven't been hit offline and it does the fix I was looking for? This thread wasn't named " YOyok This is the way it should be no? It's a thread for anybody looking for a fix like mine? if they don't want it nor like the way it's done that's fine. They can do their own way? but either way, it gets the job done, which is why I am sharing this thread. I am almost certain you got a brain problem or something if you can't see that. Don't come on my thread trying to tell me about a way, when you weren't the one who offered me a way that could've fixed my problem I was having from online booters slapping me and other retros offline.

 

[ZaneyRetros]

Good work, it's really good that you're helping people as it's rarely found anymore. Much love.

 

[Parsov]

Or use NGINX, Fail2Ban, Laravel, Cloudflare Pro

Beastly performance and things like loadbalancing etc... Will make your website unstoppable.
Of course your method is another way of doing things but as @yoyok mentioned it's for small attacks.

It's good your trying to help people however in other communities there are attacks that go over 145million requests per second.
At least for myself and I doubt this combination you mentioned would do a little bit of difference for those kind of attacks.

 

[Joe]

Closed upon request.