DDOS on clientscript any tips

Do you guys have any tips on how to prevent DDOS attacks on my clientscript? I disabled member profiles from guests but Im completely lost. The attacks started last week non stop and hg was forced to suspend my account. As of today Im up with Black Lotus which protect up to 10,000bps with the plan Im on and as soon my forum went back up the attacks started at 40,000 connections targeting my vb clientscript. I think they are giong to end up knocking me off for good. Im completely lost and helpless. Also I dont have any more money to spend on hosting. Im payin 230 for a shared plan so you can imagine the prices that are next.

Hello Peter,

Try to put an .htaccess within clientscript folder:

Code:

deny from all

Or secure your clientscript folder with user and password protection:

Easy Security Tips for vBSEO customers

Ill try it as soon as Im able to connect as of now impossible. Im going with the htaccess first.
---------------------

Not sure if they just stopped attacking but I uploaded the htaccess and boom my site is back up.

My host told me they were attacking files like these.

53-1 27190 0/6/543 W 1.23 5 0 0.0 0.11 11.50 74.53.58.21 example.com GET
/vbulletin/member.php?u=1205/clientscript/yui/yahoo-dom-eve
54-1 24195 0/217/5933 W 20.94 2 0 0.0 5.00 132.47 64.111.112.16 example.com GET
/vbulletin/member.php?u=1205/clientscript/yui/connection/co
55-1 27191 0/7/2231 W 0.81 1 0 0.0 0.13 223.10 69.89.31.69 example.com GET
/vbulletin/member.php?u=1205/clientscript/yui/yahoo-dom-eve

Using .htaccess protection will stop the attack to "clientscript/" folder, but I forgot that would break forum style. Sorry, my mistake.

Preventing a DDoS attack is a hard task if you are not covered by your hosting providers, specially if your plan is a shared server. They should have mod_security and mod_dosevasive installed with Apache. You can try to decrease or perhaps, with lucky, stop the DDoS attack by blocking attacker IP's:

Try to use that code on your root .htaccess

Code:

order allow,deny
deny from 74.53.58.21
deny from 64.111.112.16
deny from 69.89.31.69
allow from all

Your provider firewalls should block most of these style attacks. I'd look into a new datacenter.

Actually yes they have stopped it completely. Hostgator is not capable of the preventing attacks but as soon as I went with Blacklotus.net they put them to a stop within a few hours. So far so good hopefully it stays like that. Thanks

You can use YUI function in vb forum. (server settings and optimize area) or call these files at another server. And i recommend you to use awknet they are cheaper and good on ddos migration.