The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Especific HTTP Atack - how to stop it?

Discussion in 'General Discussion' started by IRCBrasil, Mar 16, 2006.

  1. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Look this messages on my /etc/httpd/logs/access_log

    There are thousands of this, and when i block it, begin with another ip.

    Before i did a netstat -anp |grep 'tcp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n and i found 1600 conections by this ip. I have modsecurity and libsafe installed, but they are not helping very well.

    Some one could give-me some sugestions how to stop this kind of atack?

    thanks
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    With 1,600 concurrent connections, you are under a nasty DDoS attack. Have you tried, although I don't believe they would make big difference, APF and BFD? I also suggest installing Mod Evasive, and Tripwire. Did you harden your server? Also make sure you don't have bad or insecure Php files?
     
    #2 AndyReed, Mar 16, 2006
    Last edited: Mar 16, 2006
  3. fred123123

    fred123123 Well-Known Member

    Joined:
    Jul 23, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    You should contact your provider ( Datacenter probably ), they probably know how to help you with this...
     
  4. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil


    You have DDOS instaled?

    # wget http://www.inetbase.com/scripts/ddos/install.ddos
    # sh install.ddos
     
  5. maximus_marcus

    maximus_marcus Well-Known Member

    Joined:
    Mar 9, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    It can be stopped only the Data center by which they will nullroute the main shared Ip for some time still this stops.

    Regards,
    Marcus
    The New Phase Of Support
     
Loading...

Share This Page