Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Attacks to the web server's FQDN.

Discussion in 'Security' started by Bdzzld, Oct 23, 2012.

  1. Bdzzld

    Bdzzld Well-Known Member

    Apr 3, 2004
    Likes Received:
    Trophy Points:

    The last few days the web server of one of our cPanel servers is being attacked from several different IP-addresses over the world (not constantly). The attack is not focused on a web site hosted on the server, but is focused on the FQDN of the server (servername.domainname.ext).

    The problem is that data is being POST'ed to the web server's FQDN, which causes the web server to lock up (all slots are being used) and not allow the clients and visitors of actual web sites access to the web server :

    POST / HTTP/1.1
    I've already added a PORTFLOOD rule to the CSF/LFD firewall, but this also influences the "good" traffic to the web server and thereforce is not a preferred option.

    I've also started adding the IP-addresses of the culprits manually, but this is an everlasting task and does not stop the slots from being used after the IP-address is blocked.

    Can someone suggest an option to counter attack?


Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice