The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Attacks to the web server's FQDN.

Discussion in 'Security' started by Bdzzld, Oct 23, 2012.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    The last few days the web server of one of our cPanel servers is being attacked from several different IP-addresses over the world (not constantly). The attack is not focused on a web site hosted on the server, but is focused on the FQDN of the server (servername.domainname.ext).

    The problem is that data is being POST'ed to the web server's FQDN, which causes the web server to lock up (all slots are being used) and not allow the clients and visitors of actual web sites access to the web server :

    Code:
    POST / HTTP/1.1
    
    I've already added a PORTFLOOD rule to the CSF/LFD firewall, but this also influences the "good" traffic to the web server and thereforce is not a preferred option.

    I've also started adding the IP-addresses of the culprits manually, but this is an everlasting task and does not stop the slots from being used after the IP-address is blocked.

    Can someone suggest an option to counter attack?

    Thanks.
     
Loading...

Share This Page