Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Doulos
Life Cycles Becoming CPU Cycles



Joined: Jun 06, 2005
Posts: 732

PostPosted: Sat Sep 25, 2010 1:13 pm Reply with quote

Hello,

I am getting hammered by someone from several IP address' in China with:
Quote:
120.32.120.55 - - [25/Sep/2010:06:08:31 -0500] "GET [ Only registered users can see links on this board! Get registered or login! ] HTTP/1.0" 403 - "-" ""
59.56.124.158 - - [01/Sep/2010:08:30:15 -0500] "GET [ Only registered users can see links on this board! Get registered or login! ] HTTP/1.0" 404 - "-" ""

This IP address is hitting my site 4-10 times every half hour, each hit is about 1 second apart. This site is on a shared server with other sites that require worldwide access so I cannot block it at the firewall. Is there any way to block them other than with htaccess (which I have done as you can see)?

Thanks
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Sat Sep 25, 2010 2:47 pm Reply with quote

You basically have: Firewall : Server : Site.

If your host is not able to block them at the server level (Web Server) then .htaccess (Site) is your only option.
 
View user's profile Send private message
Doulos







PostPosted: Sat Sep 25, 2010 3:14 pm Reply with quote

That is what I figured. Thanks.
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Tue Sep 28, 2010 5:05 pm Reply with quote

It might be worth trying to find the user-agent, if it's the same for each IP it might be an easier method to use for bocking the attacks, or even as a secondary line of defense should they start using more IP's..
 
View user's profile Send private message Send e-mail
Doulos







PostPosted: Tue Sep 28, 2010 7:43 pm Reply with quote

The above information is the only thing that shows in the access-log.
 
slackervaara
Worker
Worker



Joined: Aug 26, 2007
Posts: 236

PostPosted: Tue Sep 28, 2010 11:42 pm Reply with quote

bbantispam has effectively stopped all spam on my site for a couple of years. The secret is to put installation code for bbantispam in config.php. [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
Doulos







PostPosted: Wed Sep 29, 2010 12:49 pm Reply with quote

I am not talking about spam as in spamming a forum. I am referring to just hitting my site 500 times a day and filling my access logs with the same thing. All instances if this occurring have been from. I am adding them to htaccess but they keep switching IP's. But, don't they still show up in my logs - just with a 403 error, instead of 404?
 
Guardian2003







PostPosted: Wed Sep 29, 2010 1:04 pm Reply with quote

Email your host explaining the situation and ask them to add the list of IP's to their firewall. They'll be the first ones to suspend your account for being over bandwidth usage or resource abuse, so get in there first!
If you have times/dates in your logs they might even be able to match them with the real server logs and fine some common denominator they can use to block them.
They will probably find most of the domains on that server are being targetted.
 
slackervaara







PostPosted: Wed Sep 29, 2010 1:15 pm Reply with quote

What about the protection against DOS attacks offered by NukeSentinel? I have this option enabled.
 
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Sep 30, 2010 12:48 pm Reply with quote

Doulos
What sort of htaccess response are you using?

slackervaara
That works for a very specific type of DoS attack. Empty user-agent I believe. May cause issue with some proxies (bad ones basically) and some scripts that import content from other sites for example. If you enable it and there are no issues it should be great. If there are issues it might worked around with an exclusion or by adding a UA to the source is possible.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
Doulos







PostPosted: Thu Sep 30, 2010 5:31 pm Reply with quote

Actually, that site does not use RN, but it is written in PHP.

What do you mean by "htaccess response"?
 
sixonetonoffun







PostPosted: Sat Oct 02, 2010 8:02 am Reply with quote

I meant did you use mod rewrite or? Just thinking of what would be the most resource friendly approach ect... Always fun to see what others are doing in response to issues like this.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©