Results 1 to 25 of 25
  1. #1

    * Hosting for forum 'at war'? Please help if you can!

    Hello there. I'm a long-time reader, first-time poster, and I'm not even sure if I'm posting in the right forum. Please don't hit me!

    OK, this is my story. I am part of a team that runs a popular band fansite, and as the main part of that site we have a forum with a fair amount of members and close to 1000 posts a day (nothing compared to here, I know, but it can be a lot to cope with considering the posts!!). The site is a "revival" of an old site that the owner closed due to continued personal abuse from troublemakers. With the new site, the old troublemakers remain and have abused the admin and regular members in such a way that we have had to close a couple of times, and are currently closed (they are still abusing members even while it's closed). The troublemakers consider themselves 'at war' with us (although we do not reciprocate that view) and I believe they will not stop attacking us until we give up and close for good.

    Closing is something we as a team are NOT prepared to do! We believe that somewhere that *is* successful should continue to be so, and as a place for our members to exchange views and have fun without a minority of idiots spoiling it. It's an idealistic view, I know, but anything would be an improvement on the situation we have now.

    We have discussed the idea and feel that it is time for us to move to another host, as our current one, while providing on the whole good service, is sometimes too much to cope with. None of us pretend to be programming or internet gurus, so ideally we need somewhere that is managed; however, as this is a free service to people we do not have a massive budget, of course. The majority of the admin team and forum members are based in the UK, but have some members all around the world. I would love to know if there is a service out there that can manage what we need, but doesn't charge the earth for things we don't need. I'm not completely certain of what our maximum budget would be per month/year yet, but will let people know when I do.

    I believe that bandwidth will be an important issue; our current providers allow 20GB a month and we almost always use that up before the end of the month, sometimes well before, and are also planning to expand our content. We plan to change our forum software from phpBB to vBulletin as an attempt to have more control over the troublemakers; is this a wise move? Most importantly, we need a company who will be able to spot troublemakers and protect us as best as possible from their probable attacks. If we can isolate the troublemakers and block their access, all the better! But we do need help. We simply do not have enough time to learn every trick of the trade.

    I ask all of you more seasoned in hosting than me (that would be almost all of you! ) - is there someone who could accommodate us? Please say there is - we want to carry on!

    (Apologies for massively long post; just wanted to make a point )

  2. #2
    I use HostRocket for my site, which also uses forums, and I'd recommend them. They've also got a special going at the moment which provides extra bandwidth and space, take a look: www.hostrocket.com - though the price may be a bit much for you...? I'm not sure though since you didn't specify a budget.

    About these troublemakers - are there any phpBB hacks for blocking members through IP? If not, I'm fairly sure phpBB allows you to control who signs up and who does not - if you can, set it so that you have to approve every registration. I know Invision Board allows this (www.invisionboard.com - very good, and free). vBulletin may also be a good idea as they have IP and email banning facilities.

  3. #3
    Join Date
    Oct 2002
    Location
    Virginia
    Posts
    788
    you can ban by name and IP in phpbb but there are ways around both, i dont know how much more vbulletin will help there

  4. #4
    Thank you for that, I will have a look at them and discuss with the rest of the team

    We were planning to go with Invision Board as it happens, but one of the main troublemakers also runs one and we're worried that he'll have "inside knowledge" on how best to attack us (I wouldn't put it past him!). phpBB does have some ways of blocking IPs but we know from past experience that our main band of troublemakers use proxies and change them quickly... they won't stop. Banning their usernames/IPs makes them even more determined to attack us in other ways... Also we've not been happy with some of the other limitations of phpBB of late. Our 'head honcho' has basically said "go for it" and she's happy to get vBulletin for us. (We're a predominantly female team, by the way )

    Some of the trouble is hard for me to explain, but I hope I'm making myself reasonably clear so far!

  5. #5
    Join Date
    Nov 2002
    Location
    Canada
    Posts
    1,545
    Well if you found a good host, I'm sure they would take steps to find out the identities of the people attacking your site (if they were doing it on an ongoing basis) and notify the proper authorities.

  6. #6
    Join Date
    Nov 2002
    Location
    CA, USA
    Posts
    1,903
    Get Vb for your forum. Ask you host to turn take some extra security measures to make sure they won't be able to hack it. Most likely, they get to your your db by the backdoor.
    ◊ James | sales@vnpixel.com |
    ◊ aim: vnpixel • msn: support@vnpixel.com • yahoo: vn_pixel
    ◊ http://www.vnpixel.com

  7. #7

    Due to the problems you describe

    I would recommend a dedicated server solution. Otherwise, you are going to adversely impact other users of the server and find yourself quickly terminated. On a shared server, the reasons you are causing problems (through attacks by outsiders) are really irrelevant as there are too many other customers to consider.

  8. #8
    Join Date
    Nov 2002
    Posts
    255
    Even the most benign boards wind up with a miscreant or two (or more) from time to time.

    I'm not sure of the nature of your problems, but there are two basic types: (1) unwanted posts and (2) denial of service (DOS) attacks, hacks, and the like.

    If your problem is unwanted posts, and bans don't work, both Invision Board and vBulletin (but not phpBB) have options for moderators to preview posts before they go public. Of course, the large number of posts that you experience would require a lot of moderator resources to preview posts. Still, you might consider doing this temporarily until the miscreants get bored and move along.

    I feel your pain.

  9. #9
    Join Date
    Apr 2003
    Posts
    530
    IP ban the, ban their email addies, ban their usernames, threaten legal action if you have to.

    I would suggest going with vBulletin and a dedicated server as well, it would help you secure it. I'm available to install firewalls and other security measures, along with helping to get rid of the troublemakers as quickly as possible. If you go with a linux system that is, I hate trying to secure windows boxes =\.

    My partner and I are available through email and AIM.
    AIM: Talon9Karrde and karvoxx
    EMail: talonkarrde@stardust-one.net and bradb@stardust-one..net

  10. #10
    I think cove has touched on the heart of the matter.

    It really depends on what type of attacks you are experiencing. There may be other security measure that would be easy to implement and provide strong security without needing configuration changes on a shared envrionment. If you could tell us what type of attacks it may help us steer you in the right direction.


    As for the host you choose, I would think that the larger the host the less time they would want to spend dealing with DDOS attacks. The quickest solution is to suspend the account and time is rarely spent looking for individual solutions when you have hundreds or thousands of individuals. This is a good reason for you to avoid paying by the year.. Also try and get a 30 day trial period. When you narrow down your choices make sure to do a search on the host here and ask for some input on them...

    <edit> Talon you might want to edit your post, you are not allowed to make offers in this forum. </edit>

  11. #11
    Join Date
    Apr 2003
    Posts
    530
    Originally posted by Watcher_TVI
    I think cove has touched on the heart of the matter.

    It really depends on what type of attacks you are experiencing. There may be other security measure that would be easy to implement and provide strong security without needing configuration changes on a shared envrionment. If you could tell us what type of attacks it may help us steer you in the right direction.


    As for the host you choose, I would think that the larger the host the less time they would want to spend dealing with DDOS attacks. The quickest solution is to suspend the account and time is rarely spent looking for individual solutions when you have hundreds or thousands of individuals. This is a good reason for you to avoid paying by the year.. Also try and get a 30 day trial period. When you narrow down your choices make sure to do a search on the host here and ask for some input on them...

    <edit> Talon you might want to edit your post, you are not allowed to make offers in this forum. </edit>

    Yea, I realized that right after I posted. I decided to be nice and will do it for free

  12. #12
    Join Date
    Nov 2002
    Posts
    255
    At some point, you are going to post in the Web Hosting Requests forum to try to find a host. When you do, I suggest that you be as up front there as you are here and let them know what they are getting into by bidding for your business. A lot of candor goes a long way. There are some very decent hosts around here who will go out of their way to help you out. You know what I'm going to say next: you will get what you pay for, so be prepared to pay for the extra services that your host will need to give to your site.

  13. #13
    Join Date
    May 2003
    Location
    Fremont, CA, USA
    Posts
    307
    As Incognito touched on earlier, if your boards are as massive as you say they are, then I would strongly recommend you NOT go with a shared hosting plan such as from hostrocket. From personal experiences, I know hostrocket is not a good host to have large forums with. So yes.. if you're really into it, I would recommend you invest into a dedicated server.

    If your members are really active and you have that many.. you might want to ask for some donations. I'm sure you'll have some loyal members chip in for you. But like cove said, "you will get what you pay for"

  14. #14
    Join Date
    Mar 2003
    Location
    London Ontario, Canada
    Posts
    986
    If you encounter frequent "attacks" from a number of individuals, the approach you want to take is not filter them at the application layer, but at the network layer. I would considering changing firewall rules rather than trying to get your application to block them.

    I would do this for the simple reason, trouble makers, may not be able to "post" but they can attack the IP (machine) or other services. If they are intent on malicous behavior, they should be kept away from the machine and all services and not just the bulletin board.

    Likewise, you can also employ anti-spam rules, or sendmail configurations to block emails from them. Of course no solution is 100% fool proof, but an agressive approach is the best defense.

    Any good (compentant) company should be able to help you out with implimenting these solutions.

    Cheers
    Jeff
    www.idologic.com
    www.demologic.com
    A company committed to people serious about their websites - If you don't DO LOGIC - what do you do?Check Us Out

  15. #15
    Thank you all for your replies; very much appreciated. I will be looking more in-depth to the things you have suggested to me and discussing with the rest of admin if possible.

    We have woken up to further trouble today, but it would appear that we have NOT in fact been hacked; more that their happy band are simply playing mind games with us and our users. If I am honest I don't believe they actually have the knowledge to be able to do damage, although you never can tell. Their main trick is to use masked email headers including our domain name, emailing users to tell them they have been banned, or emailing us to tell us our database has been deleted (that is the latest trick, although a quick dive into the site control panel proved its falsity).

    They like to make it look as if they know more about hacking etc than they actually do; it's psychological more than anything. In an ideal world, a managed dedicated server would be perfect for us, but I fear that within our budget it's just not feasible; also, this *is* "just a hobby" as some people would say (my partner, for one, who left the forum team due to repeated and serious abuse from the troublemakers). I believe that something even quite basic may be able to keep them out; I have just not dealt with firewalls/security in relation to hosting before. I agree that just denying them access to posting is not a strong enough measure, and if it takes denying them any access to the site at all then so be it. They can always moan elsewhere.

    I believe that if we were looking for somewhere else, that these people are *not* actually attempting to hack us (just playing games with us), but precautions to keep them out would be the main thing needed. However, if they actually do know how to play very dirty, what extra precautions would we need to take, etc.

    Apologies once again for the length of this post. I find it hard to explain things in technical terms sometimes and I am actually the shyest of our team... but also the only one who has a little knowledge.

  16. #16
    Join Date
    Nov 2002
    Location
    CA, USA
    Posts
    1,903
    good luck with your forum mate.
    ◊ James | sales@vnpixel.com |
    ◊ aim: vnpixel • msn: support@vnpixel.com • yahoo: vn_pixel
    ◊ http://www.vnpixel.com

  17. #17
    Join Date
    Aug 2002
    Location
    Denmark
    Posts
    432

    dump it

    I would dump the forum if thats not the primary reason for the site.

  18. #18
    Join Date
    Feb 2003
    Posts
    84

    Re: dump it

    Originally posted by msh
    I would dump the forum if thats not the primary reason for the site.
    don't post if you can't help

  19. #19
    So whats the site address?

    I say go after the trouble makers. Prosecute them as terrorists under the Patriot Act.

  20. #20
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,408
    To truly combat a determined set of troublemakers you need a dedicated machine, because you want to do ip blocking at the network level not the forum level. You're gonna end up banning IPs that other sites on a shared server might not want to ban and to really start getting rid of these idjits you'll need to block them from not just web services but all services.

    First you require validated accounts, where the system sends them an email with the old "click here to activate" this requires them to go through the trouble of making fake emails to sign up.

    As you identify the miscreants, ban their ips, if they keep signing up for accounts using some oddball domain (not yahoo.com but something not recognizable) then ban that whole domain from the server, if it seems they're using say their own hosted domain to create throwaway email addresses. You're not real likely to ban a legitimate person if it's not a big isp you're blocking but just some peon domain.

    As they use ips to post crap, ban those ips, at the server level, and yes probably the first IPs banned will be proxies but in my experience a small percentage of legitimate traffic comes from these proxies anyway so nuke those IPs from the system and force the juveniles to keep finding new ips and proxies to post from.

    The trick is to make it so much "work" to harass your forum that they eventually get tired of bothering. If they spam your forum (posting lots of messages at once) you can set 'posts per time' in most forums, say "no more than 1 post per 30 seconds" or something similar, won't stop spamming but it'll sure as heck slow it down.
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  21. #21
    Join Date
    Dec 2002
    Location
    The Shadows
    Posts
    2,925
    I would also suggest a dedicated server. You can get a server from like Rackshack for 100 bucks/month and 100 setup, and then get someone to manage it for 50-100/month

    Get some of your members to donate to you, or offer web hosting to your members, "elite" accounts where you get cool features, or something else that you could charge a little bit for
    Dan Sheppard ~ Freelance whatever

  22. #22
    You may want to look at a vds solution if you cant afford a dedicated server.
    Reseller plans are an endagered species... TiServers coming soon.

  23. #23
    Join Date
    Dec 2002
    Location
    The Shadows
    Posts
    2,925
    Yes, a VDs or even a VPS would proably be good for you.
    Dan Sheppard ~ Freelance whatever

  24. #24
    Generally, you can't stop bored people from attacking you 100% in whatever ways (flame posts, DOS, or others). Gary pretty much got it right. You simply have to outlast them.

    I also fully agree with blocking it on the network level/server level and not on the application layer (i.e. your forum).

    As you personally self-professed, none of you are technical by nature or training. Get a system admin who is, and who can help you deal with some of these issues as they happen.

    Lastly if they are just making idle threats, you can't stop them. Allow them to. Same thing as them masquerading as your forum and sending members emails. In the first place, they shouldn't have the emails of the members directly. Secondly, you can also start some education by posting a sticky note/annoucement to tell them of the problems you are facing, and asking them to check with you if they have any doubts at all on any claimed email. You can further bring it a step further by emailing all your members.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  25. #25
    Join Date
    Apr 2003
    Location
    Austin, TX
    Posts
    304
    I'm glad sprintserve made the point - they shouldn't have access to the member's email addresses. If you are sincere about retaining this forum and rebuilding it in a more secure manner, and if it's true that the "troublemakers" are annoying jerks who don't know a microchip from a potatoe chip - you should try rebuilding the forum in a manner that hides member contact information from anyone other than admins. You may go as far as to ask members to sign up as new users - to build the new forum from scratch - and suggest that they use new email addresses if they have one available. In the meantime, try the sticky note idea and also perhaps require login entrance to the forum area? (only active members can get in and view posts and user info)

    I have seen a couple of forums deny signup from users with yahoo or hotmail email addresses - in order to minimize frequent "resignups" from troublemakers with aliases. Of course, there are so many free email providers these days, I am unsure if this is very effective. I agree that the real solution would be to acquire a dedicated server where you have the ability to block on the network level. With a forum of significant activity and security needs, this is the realistic requirement. The donations idea may work for you - otherwise your team might want to evaluate how much they cherish this hobby - some hobbies are worth the investment if you truly enjoy them.
    JC, www.webii.net
    Premium Hosting Services Since 1996
    Custom Development- www.webxess.net

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •