Hello guys.

Recently, my dad's website has been experiencing problems. You see, he has one of these political websites so he gets a lot of hacking attempts from communist Internet "police".

I'm not sure of the CMS, but I know that it utilises Tiny MCE (which so far I think is something related to WYSIWYG editing).

He usually only 30 online visitors at any one time, but just recently, he noticed there to be around 300 visitors. Definitely those "flooders". What the communist Internet police have tried to do a lot to the website was flood it with many many hits.

The problem's been resolved by another member of the site's admin, but I'm unsure how they did so.

Ah, and I can not give the link to this website due to identity issues.

So...if in the future, what should be done? Do any of you guys know of some sort of script, plug-in...basically anything that can deter sucking up bandwidth?

If you have total acces to the server you could set bandwidth limits using the unix shell but I'm not sure how.

Basically program defensively, authenticated defensively and authorize defensively.

Since the site is meant to get out to people its not feasible to have authentication...but that would help.

Having 300 users shouldn't cause any issues. I've seen forums where there are near thousands of users online at the same time without problems.

Have you contacted your web host provider about this? The web host should have ways to prevent this from happening (DDOS attacks) in the first place

Ah thanks very much. I think that now I know the proper terminology for it (i.e. DDOS attacks) then it would be easier to prevent.

Anyway, I found this website http://staff.washington.edu/dittrich/misc/ddos about DDOS attacks. Is anybody the judge of its worth?

Thanks again.

Yes, it seems an DDOS Attack. I remember the last year very important sites were down unbelievable, Imagine Dreamhost down because this kind of attacks.

DDOS is only one way of attack. When a group wants you out, they will use every "gun, knife and maze" available. Be sure to allow post only for registered members with working email accounts(account verification via email). And limit the amount of post per hour and day. Some sites are using 128bit SSL certifies too.

2 years ago I was on the HYIP business, ZoomInvest.com and E-gold.com were some victims of DDOS. Of course, I lost my money , web development is more profitable.

Blessings!