The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mitigate DoS attack against web site?

Discussion in 'Security' started by ajmills, Apr 20, 2014.

  1. ajmills

    ajmills Registered

    Dec 31, 2004
    Likes Received:
    Trophy Points:
    Hi all, I hope you can help with a customer's site that is being, potentially, DoS attacked.

    What's happening is that the image galleries on the site are being continually hit by a single IP (this has happened a couple of times) to the point where their site goes down due to making it exceed its bandwidth limit. The latest attempt has resulted in 60,000+ hits to the galleries within a day. The server and site handles the requests OK, it's just the amount of data being transferred. It's a fairly limited interest dancing holiday to Cuba web site with snapshots from previous holidays in the galleries, so there's no real reason for this (other than a disgruntled competitor, or something).

    Anyway, I have blocked the IP addresses on a server wide basis in the firewall (CSF) to prevent further access from those IPs.

    But what would be ideal would be to block the IP automatically for that one site after say, the galleries had been accessed 1000 in 24 hours (as an example). I believe I may be able to do something like this in mod_security (or even mod_evasive?), but I am struggling to find out how.

    I would appreciate suggestions on how best to deal with this.

    An example line from the logfile:

    ************.***.***.*** - - [05/Apr/2014:10:49:02 +0100] "GET /index.php?option=com_igallery&task=image.addHit&format=raw&id=196 HTTP/1.1" 200 1 "http://www.******" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may also want to check to see if there are any settings or addons you can implement with the script in-use that can help prevent these types of attacks.

    Thank you.

Share This Page