The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DOS attack using Google+

Discussion in 'General Discussion' started by audrey, Oct 28, 2013.

  1. audrey

    audrey Well-Known Member

    Joined:
    Oct 18, 2006
    Messages:
    72
    Likes Received:
    1
    Trophy Points:
    8
    Hi

    There is a Google+ flaw allows hackers to execute DDoS attacks using Google servers
    and one of my servers is experiencing this type of DOS attack

    It is a constant attack - been going on for over 18 hours

    I see lots of entries in
    /usr/local/apache/domlogs
    for the site under attack
    like this - all referencing the same Google IP
    66.249.73.196 - - [28/Oct/2013:08:04:00 -0400] "GET /name.html
    HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.h
    tml)"

    I blocked the IP 66.249.73.196 in the CSF firewall and in the IP deny manager in cPanel for the site
    Neither of these blocks helped at all.

    Any advice would be appreciated

    Thanks
    Audrey
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you suspect that your server is being attacked you might want to contact your Data Center or Hosting Provider. Anything you could do server side or account side won't be of much use.
     
  3. audrey

    audrey Well-Known Member

    Joined:
    Oct 18, 2006
    Messages:
    72
    Likes Received:
    1
    Trophy Points:
    8
    ok - thanks
     
  4. MissionTech

    MissionTech Registered

    Joined:
    Nov 2, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    If the flood is bigger than your port size it doesn't matter what software you got, is your site offline? If the attack continues your datacenter may null route your connection

    - - - Updated - - -

    The user may be spoofing a flood from google's servers anyway
     
Loading...

Share This Page