The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache Hammering - help

Discussion in 'EasyApache' started by robcyb, Mar 8, 2005.

  1. robcyb

    robcyb Active Member

    Joined:
    Apr 20, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hey all,

    I have a rather large problem with my server, whereby I have been hammered for requests to a page that no longer exists on a customers account.

    The page was a buggy script, and allowed users to take control of some services, the vulnerability has now been removed, however now requests for the page keeps coming in, and has been for over 3 months, from multiple IP addresses.

    Does anyone know how I can stop this from happening, I know the IP range is mostly from Turk Telekom (turkey). I have blocked more than 50 IP's that these attacks keep coming in from, however more come up every day. I have contacted turk telekom abuse, and they have not replied.

    Would anyone know what I can do? I am somewhat stuck, and the DC will charge me $100 per 30 minutes investigating this, which I cannot afford.

    This has, as I said earlier, been going on for some time now, and it occasionally crashes apache with more than 200 requests.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Adding a 404 error page from cPanel to this account doesn't help?
     
  3. robcyb

    robcyb Active Member

    Joined:
    Apr 20, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    I have simply put in a .htaccess file.

    You can see the folder they keep accessing here:

    http://www.haberkurd.com/portal/

    I have been adding IP addresses on a daily basis, and its getting somewhat tedious to say the least. I have not had any response from Turk telekom abuse, probably because they don't have any linguistic department knowing my luck.

    All attacks to the sites are coming in through that directory, to files such as search.php, and filling queries with redundant data.
     
Loading...

Share This Page