The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHPBB Attack season back?

Discussion in 'General Discussion' started by hmm, Apr 10, 2006.

  1. hmm

    hmm Well-Known Member

    Joined:
    Jan 11, 2006
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    Hi,
    I am noticing that for last couple days one of my servers is getting badly hit by PHPBB attacking bots. (around this time only)

    This is what I found in error_logs

    Code:
    [Mon Apr 10 14:24:34 2006] [error] [client 216.3.129.52] mod_security: Access denied with code 403. Pattern match "(system|exec|passthru|cmd|fopen|exit|fwrite)" at THE_REQUEST [hostname "www.xxxxx.com"] [uri "/viewtopic.php?p=1461&highlight=%2527%252Esystem(chr(112)%252Echr(101)%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%252Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%252Echr(34))%252E%2527"]
    Mod_security is stopping it but the issue is, there are too many request like this in very short period of time..this causes mysql to behave abnormally and I have to restart apache and mysql to get rid of the problem...

    Anyone with good solution / idea for this?

    Thanks
    Deep
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They ought not affect MySQL since they're being blocked from running the php script by mod_security.

    Do you have any MySQL tuning implemented, especially a query cache? That might help. Also, reducing the KeepAlives in httpd.conf to 3 from 15 and restarting httpd might help when under attack.
     
  3. hmm

    hmm Well-Known Member

    Joined:
    Jan 11, 2006
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    Hi,
    I will make the keepalives to 3.
    My current query_cashe_size is 64MB..

    Deep
     
Loading...

Share This Page