Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
baloch
New Member
New Member


Joined: Aug 30, 2004
Posts: 3

PostPosted: Sat Sep 04, 2004 4:24 am Reply with quote

Hello, I was wondering if anyone could help me with something, I’m having this problem with my server since last one month



The problem is it gets attacked on port 80 may be with some kind of DoS attack, with thousand or hundred of spoofed IP’s and around 500 hits per second, apache starts taking too much resources and it takes the box down and so is mysql coz the site is database driven site running on phpnuke, it happens only with one of my site if I close that site , it gets ok.



The apache error log flood with these entries



[Thu Aug 19 13:39:31 2004] [error] [client 64.83.77.78] (13)Permission denied: access to / failed because search permissions are missing on a component of the path

[Thu Aug 19 13:39:31 2004] [error] [client 64.83.77.78] (13)Permission denied: access to / failed because search permissions are missing on a component of the path

[Thu Aug 19 13:39:31 2004] [error] [client 200.56.224.5] (13)Permission denied: access to / failed because search permissions are missing on a component of the path

[Thu Aug 19 13:39:31 2004] [error] [client 200.56.224.5] (13)Permission denied: access to / failed because search permissions are missing on a component of the path

[Thu Aug 19 13:39:32 2004] [error] [client 200.57.151.145] (13)Permission denied: access to / failed because search permissions are missing on a component of the path





Or the access log like this



203.41.31.251 - - [01/Sep/2004:10:39:52 -0500] "GET / HTTP/1.1" 302 5 "-"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b; MultiZilla v1.5.0.2g)
Gecko/20030827"

194.29.202.243 - - [01/Sep/2004:10:39:52 -0500] "GET / HTTP/1.1" 302 5 "-"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b; MultiZilla v1.5.0.2g)
Gecko/20030827"

217.160.206.25 - - [01/Sep/2004:10:39:53 -0500] "GET / HTTP/1.1" 302 5 "-"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b; MultiZilla v1.5.0.2g)
Gecko/20030827"

210.21.203.229 - - [01/Sep/2004:10:39:53 -0500] "GET / HTTP/1.1" 302 5 "-"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b; MultiZilla v1.5.0.2g)
Gecko/20030827"







I thought my dedicated server is not capable of managing these kind of attacks as I’m not an expert server administrator, I tried to change hosting to z3.com’s server, but it happened on the first day and they had to suspend my account then again I tried webhostfreaks.com and they even couldn’t manage it and suspended the account, now I don’t have a clue what to do just trying to find some expert linux guru to solve this problem, though the guys from webhostfreaks told me no guru can defend this kind of attack but I guess its not the end of the world there must be some cure for this.

and now the attacks are even faster, if they start they take the box down in 2 or 3 minutes and load average goes upto 150, i tried mod_rewrite to redirect those attacks didnt work, i tried mod_dosevasive it wast effective either, anyone have a clue what could be the solution for this ? i'm even ready to pay for the support if anyone gonna help me with this
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©