Urgently need help with something

[thesting]

I've been having problems with some kind of attack on our vbulletin forums.

It is not common ddos from what I figure, it is just using vbulletin somehow to overload mysql server and our server load goes sky high.

 

I had to enable htaccess password protection to keep it away.

Now since I believe it is automated process, I was hoping there was some php code that could be included in vbulletin's index.php that would require visitors to like click OK on some small popup to confirm they are humans but only for one time and then it would be stored via cookie or something.

That would at least keep away some automated bot. It would keep away spiders as well unfortunately but I'd rather have that then use htaccess password.

 

I'd really appreciate some help. Thanks in advance.

[Yesideez]

There are numerous ways but the more secure you make it the more hassle it'll be for humans to access as well.

 

CAPTCHA

Small images with jumbled up letters and/or numbers that have to be typed.

 

Can try that method but not knowing how vBulletin forums work (code-wise) I don't know what wouldbe best.

 

Check out the vBulletin forums themselves - you should find a solution there.

[thesting]

Vbulletin support doesn't provide any help with modifying their original code. I've asked them.

And vbulletin uses Captcha on registration form.

 

But that doesn't help me. I need something that would block an automated process from even seeing vbulletin main page index.php.

 

Because as soon as they get there they cause overload somehow.

 

[laffin]

Well that may be a problem, as u will have to modify vBulletin in order to add any type of human response interface.

 

About the only other way, is to check if the user is already logged in. if not send em to the login page. otherwise load up the standard index page.

 

This could be accomplished with session checking

[thesting]

Well that may be a problem, as u will have to modify vBulletin in order to add any type of human response interface.

 

About the only other way, is to check if the user is already logged in. if not send em to the login page. otherwise load up the standard index page.

 

This could be accomplished with session checking

 

Thanks for the reply

 

I can modify vbulletin files, that's not a problem. It is just that they can't provide any help on how to do it.

 

I'd appreciate any suggestions on adding anything that would require some simple human action and not let an automated process go directly to index.php.

 

Even though I've entered a note in htaccess file that tells visitors what they should enter in username and password fields a lot of them don't go passed it. They either don't understand it as some don't speak English or don't even read it and try entering their forums login details.

 

 

[thesting]

I was reading on sessions and I was wondering could something like this be accomplished.

 

Like to add some code to the beginning of vbulletin's index.php that would check if session is stored in visitors browser, if it is execute the rest of index.php code if not  bring up popup window saying "Click OK to confirm you are not a bot" or something like that, and that click on OK would store a session and then execute the rest of index.php code?

 

Or is that not possible to do without some text form?

 

Or maybe cookies could be used?

 

 

 

[thesting]

Ok, I think I've taken care of it with a help of this tutorial:

 

http://www.linkstraffic.net/programming/php/setcookie.php

 

I've modified it to only have submit button and to set cookie after clicking.

 

Now I could use some help in maybe letting google spider in without cookie check.

 

It is fine for now if they only can't get to index page but if I need to use this protection on other pages then it could be a big issue.