Site Keeps getting attacked

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
User avatar
psurrena
Forum Contributor
Posts: 355
Joined: Thu Nov 10, 2005 12:31 pm
Location: Broolyn, NY

Site Keeps getting attacked

Post by psurrena »

Hello,

Thought I'd run this by you guys and see what you think a good solution is. My companies site has been getting DDOS'd on and off for the past few months. We are running a Wordpress site at MediaTemple on a DV4.0 server.

One thing I've noticed is that there are attempts to attach a query to certain .png files. I run this command when in ssh:

Code: Select all

grep png access_log | tail
An example from the log would be:

Code: Select all

 /img/icons/twitter.png?v82=77&tq=gJ4WK%2FSUh5TBhRMw9YLJmMSTUivqg4aUzJJEfqHXarVJ%2BQhhYGg%3D HTTP/1.0" 403 1200 "-" "mozilla/2.0"
I then go to the Firewall on MT and add the IP or IP range (86.80.0.0/16).

The top of my .htaccess file looks like this:

Code: Select all

#MT-DDOS-MITIGATION
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/img/icons/(facebook|twitter) [NC]
RewriteRule ^(.*)$ http://psfk.com/img/icons/blank.txt [L,R=301]
#END-MT-DDOS-MITIGATION

#HTTP/1.0 DDoS prevention 
RewriteEngine on 
RewriteCond %{THE_REQUEST} HTTP/1\.0 
RewriteRule .* - [F,NC,L]
I prefer to block the IP's from the firewall so the server doesn't even process the block.

It's seems like such a dumb approach...
1) wait for the problem
2) Look at logs all day and block IP by IP.

Is there anything else I can do to help prevent this from happening? Thanks in advance.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Site Keeps getting attacked

Post by pickle »

My site got hammered the minute I include Wordpress on the homepage. Our fix was to include a caching plugin in Wordpress - as it's quite inefficient on it's own. The plugin du jour seems to be W3 Total Cache.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Hermit TL
Forum Commoner
Posts: 69
Joined: Mon Nov 21, 2011 12:16 am

Re: Site Keeps getting attacked

Post by Hermit TL »

Sorry if I am stating the obvious (but I myself have a tendency to overlook the simplest things), assuming you have a router, have you checked to see if it provides you with an type(s) of option to detect and block DDOS attacks. Or try Googling IDS (intrusion detection system) which when installed properly should be able to do automatically what you are doing manually and far more quickly.
Post Reply