Page 1 of 1

Site Keeps getting attacked

Posted: Tue May 24, 2011 5:21 pm
by psurrena
Hello,

Thought I'd run this by you guys and see what you think a good solution is. My companies site has been getting DDOS'd on and off for the past few months. We are running a Wordpress site at MediaTemple on a DV4.0 server.

One thing I've noticed is that there are attempts to attach a query to certain .png files. I run this command when in ssh:

Code: Select all

grep png access_log | tail
An example from the log would be:

Code: Select all

 /img/icons/twitter.png?v82=77&tq=gJ4WK%2FSUh5TBhRMw9YLJmMSTUivqg4aUzJJEfqHXarVJ%2BQhhYGg%3D HTTP/1.0" 403 1200 "-" "mozilla/2.0"
I then go to the Firewall on MT and add the IP or IP range (86.80.0.0/16).

The top of my .htaccess file looks like this:

Code: Select all

#MT-DDOS-MITIGATION
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/img/icons/(facebook|twitter) [NC]
RewriteRule ^(.*)$ http://psfk.com/img/icons/blank.txt [L,R=301]
#END-MT-DDOS-MITIGATION

#HTTP/1.0 DDoS prevention 
RewriteEngine on 
RewriteCond %{THE_REQUEST} HTTP/1\.0 
RewriteRule .* - [F,NC,L]
I prefer to block the IP's from the firewall so the server doesn't even process the block.

It's seems like such a dumb approach...
1) wait for the problem
2) Look at logs all day and block IP by IP.

Is there anything else I can do to help prevent this from happening? Thanks in advance.

Re: Site Keeps getting attacked

Posted: Fri May 27, 2011 3:35 pm
by pickle
My site got hammered the minute I include Wordpress on the homepage. Our fix was to include a caching plugin in Wordpress - as it's quite inefficient on it's own. The plugin du jour seems to be W3 Total Cache.

Re: Site Keeps getting attacked

Posted: Fri Nov 25, 2011 8:02 am
by Hermit TL
Sorry if I am stating the obvious (but I myself have a tendency to overlook the simplest things), assuming you have a router, have you checked to see if it provides you with an type(s) of option to detect and block DDOS attacks. Or try Googling IDS (intrusion detection system) which when installed properly should be able to do automatically what you are doing manually and far more quickly.