Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mitigate DoS attack against web site?

Discussion in 'Security' started by ajmills, Apr 20, 2014.

  1. ajmills

    ajmills Registered

    Joined:
    Dec 31, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    Hi all, I hope you can help with a customer's site that is being, potentially, DoS attacked.

    What's happening is that the image galleries on the site are being continually hit by a single IP (this has happened a couple of times) to the point where their site goes down due to making it exceed its bandwidth limit. The latest attempt has resulted in 60,000+ hits to the galleries within a day. The server and site handles the requests OK, it's just the amount of data being transferred. It's a fairly limited interest dancing holiday to Cuba web site with snapshots from previous holidays in the galleries, so there's no real reason for this (other than a disgruntled competitor, or something).

    Anyway, I have blocked the IP addresses on a server wide basis in the firewall (CSF) to prevent further access from those IPs.

    But what would be ideal would be to block the IP automatically for that one site after say, the galleries had been accessed 1000 in 24 hours (as an example). I believe I may be able to do something like this in mod_security (or even mod_evasive?), but I am struggling to find out how.

    I would appreciate suggestions on how best to deal with this.

    An example line from the logfile:

    Code:
    *********.co.uk-Apr-2014:***.***.***.*** - - [05/Apr/2014:10:49:02 +0100] "GET /index.php?option=com_igallery&task=image.addHit&format=raw&id=196 HTTP/1.1" 200 1 "http://www.******.co.uk/" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,886
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You may also want to check to see if there are any settings or addons you can implement with the script in-use that can help prevent these types of attacks.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice