The strangest thing has been happening to my forum the last month or so...I even changed hosts and urls
All of a sudden I'll get 2000+ simultaneous guests and like 6 members online and it'll basically shut down my forum WTF.....:eek:
I'm starting to think that somebody has it out for me ...
I run a private guitar forum of 350 members with never more than 25 on at the heaviest traffic times, average is probably 5 or so...
I've been doing fine for two years with same membership an all of a sudden...BAM.....2000 guests....This has got to stop

Link to your site? maybe a big site has linked to you?

I've been doing fine for two years with same membership an all of a sudden...BAM.....2000 guests....This has got to stopMost users ever online was 3,358, 11-10-2005 at 01:52 AM.:eek:
That can be reset. http://www.vbulletin.com/forum/showthread.php?t=99912
You also might want to place a index.html page in your root directory.

Link to your site? maybe a big site has linked to you?

Zach......It's www.axehouseconsortium.org (http://www.axehouseconsortium.org)

The last few days it goes from thousands to zero guests and once the number gets up there, it's hard to even bring up the forum, much less post

I found this in my stats and asked my support how the hell all those porn sites got in there

Links from an external page (other web sites except search engines) - Full list
- http://www.ampland.com/mmpage.html 68433 68447
- http://www.bigtitsonline.ws 67766 67766
- http://www.shavedgoat.com/goat.html 35040 35040
- http://www.grampland.com/mmpage.html 19151 19179
- http://www.ampland.com/movies.html 5906 5907
- http://www.goofyshoes.com 4630 4630
- http://www.ampland.com/18.html 4328 4328
- http://www.ampland.com/mature.html 3877 3877
- http://www.ampland.com/tits.html 1487 1487
- http://ampland.com/humor/05/1209.html 1075 1075
- http://ampland.com/mmpage.html 1016 1016
- http://www.teen****.cc 780 780
- http://216.239.39.104/translate_c 46 46
- http://216.239.37.104/translate_c 43 44
- http://marshallhead.proboards25.com/index.cgi 26 26
- http://ampland.com/movies.html 23 23
- http://us.f812.mail.yahoo.com/ym/ShowLetter 15 15
- http://shavedgoat.com/goat.html 11 11
- http://forums.asmallorange.com/index.php 9 9
- http://grampland.com/mmpage.html 7 7
- http://ampland.com/18.html 6 6
- http://smarterstats.eurofasthost.com/Client/frmCustomerWelcome.a... 5 5
- http://www.lordzeta.on.ampland.com/mmpage.html 5 5
- http://www.ampland.com//mmpage.html 5 5
- http://www.ampland.com/mmpage.html/movies 4 4
- Others 46 921

My support tech told me this;

Hello,

This appears to be a hack. The first url as an example

bigtitsonline.ws

if you view this page, it pulls up your page in 1 by 1 frames many times.

http://www.axehouseconsortium.org/forum/" width=1 height=1 scrolling="no"

Using that code. This appears to be part of a hack that is hitting numerous servers on the web right now. I am not sure why your domain was targeted. Unfortunately, since this site is not on our server, there is nothing we can do about it. It is not the owner of these sites that has caused the issue, it is a 3rd party.

Our admin is currently investigating other options for how to resolve this issue. Thank you for your patience.

Regards,
Rob

Its about referal spam, not sure why sites do it..

Not sure what you can do to combat these things :(

Yeah, I hear ya Zach...Thats pretty much what my server owner said....:(

This is his message to me::

Michael,

This isn't really something we can block completely on our end of the system. The .htaccess file you've added should work to a certain extent, but we cannot remove those links from the porn sites your page is linked on. We have no control over their content, so they're free to put that in (as malicious as it may be).

Have you or one of your members done anything recently that may have brought on this sort of attack? I'm sure they didn't just unintentionally put that on their pages, so there must be some reason for it. As with any DDOS attack, the best method of mitigating it is at the source. Find out who put that there and why. If you can convince them to remove it and stop adding it to other sites, that will be the best and most effective way to stop the traffic.

This was my reply

I had a guy named Robbie Boyette join my forum, he's a guitar player whos into all kinds of crap, including porn and when he came on too strong, I banned him from my site and thats when all the trouble began...
Once he knew that he was crippling my site he casually said that he'd host "the axe house," on one of his servers...
Well I flat out refused and then I did an internet search on him and found out that he's got his hands in just about everything, including porn.....
I don't care what people do, their business is their own but now I believe that he's the guy thats been causing all this trouble...Isn't what he's doing illegal...? and even if I asked the guy politely to stop, would he even admit to it...? I tried to be nice to him but now I think he may just want to eliminate my site because he got embarrased when I banned him...
Anyway, I have my suspicions that he's the guy
This is his url http://tptrash.com/

I'd suggest you look up the whois on the domain that's hitting you with this framed "hack", and find who his upstream provider is. After verifying it's not him (and if it is, go up one level), report him for abuse.
For the record, both URLs/sites are hosted on the same IP, and owned by the same person...so, yes, it's likely him screwing with you.

Thanks for that info wbear, I greatly appreciate it.
I'll check it out at once...

Mike

They are the exact URLS sold by a referal spam program called PR storm

Hmmmm.......Most Interesting

This is the guy whos causing my damage....Robbie Boyette
He even admits that he owns the listed porn sites that are messing with my forum, read the bottom of his post
http://board.statsremote.com/viewtopic.php?p=1188&sid=f2626906823157f3c0fd88122d3bb794

Save it, call a lawyer and ask for advice, DDOS is a criminal offense(I believe).

Zach......It's www.axehouseconsortium.org (http://www.axehouseconsortium.org)

The last few days it goes from thousands to zero guests and once the number gets up there, it's hard to even bring up the forum, much less post

I found this in my stats and asked my support how the hell all those porn sites got in there

Links from an external page (other web sites except search engines) - Full list
- http://www.ampland.com/mmpage.html 68433 68447
- http://www.bigtitsonline.ws 67766 67766
- http://www.shavedgoat.com/goat.html 35040 35040
- http://www.grampland.com/mmpage.html 19151 19179
- http://www.ampland.com/movies.html 5906 5907
- http://www.goofyshoes.com 4630 4630
- http://www.ampland.com/18.html 4328 4328
- http://www.ampland.com/mature.html 3877 3877
- http://www.ampland.com/tits.html 1487 1487
- http://ampland.com/humor/05/1209.html 1075 1075
- http://ampland.com/mmpage.html 1016 1016
- http://www.teen****.cc 780 780
- http://216.239.39.104/translate_c 46 46
- http://216.239.37.104/translate_c 43 44
- http://marshallhead.proboards25.com/index.cgi 26 26
- http://ampland.com/movies.html 23 23
- http://us.f812.mail.yahoo.com/ym/ShowLetter 15 15
- http://shavedgoat.com/goat.html 11 11
- http://forums.asmallorange.com/index.php 9 9
- http://grampland.com/mmpage.html 7 7
- http://ampland.com/18.html 6 6
- http://smarterstats.eurofasthost.com/Client/frmCustomerWelcome.a... 5 5
- http://www.lordzeta.on.ampland.com/mmpage.html 5 5
- http://www.ampland.com//mmpage.html 5 5
- http://www.ampland.com/mmpage.html/movies 4 4
- Others 46 921

My support tech told me this;

Hello,

This appears to be a hack. The first url as an example

bigtitsonline.ws

if you view this page, it pulls up your page in 1 by 1 frames many times.

http://www.axehouseconsortium.org/forum/" width=1 height=1 scrolling="no"

Using that code. This appears to be part of a hack that is hitting numerous servers on the web right now. I am not sure why your domain was targeted. Unfortunately, since this site is not on our server, there is nothing we can do about it. It is not the owner of these sites that has caused the issue, it is a 3rd party.

Our admin is currently investigating other options for how to resolve this issue. Thank you for your patience.

Regards,
Rob
Regards

I had the same problem with my site (not my forum)

I just added a javascript code for to brake the frame then all visitor from the attacker's were redirected to my site :D after few hours he stoped

Hope this help

Datacenter, perhaps you could share the javascript code here so Herc and others who may encounter this kind of issue can defend against it?

Datacenter, perhaps you could share the javascript code here so Herc and others who may encounter this kind of issue can defend against it?
Here is:

In your head


<script language="JavaScript" type="text/javascript">
<!--
function breakout_of_frame()
{

if (top.location != location) {
top.location.href = document.location.href ;
}
}
-->
</script>

In your body tag


<body onLoad=breakout_of_frame() >

Thanks :)