Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Anyone has idea regarding the Firewall which drops request at entry point for specific URL request? Currently we have tried are IP and pattern based only to slow down the attack, however, they are being smarter and keep generating new bunch of IP address.
Anyone has idea regarding the Firewall which drops request at entry point for specific URL request? Currently we have tried are IP and pattern based only to slow down the attack, however, they are being smarter and keep generating new bunch of IP address.
iptables -N WWW
iptables -A INPUT -p tcp --dport 80 -j WWW
iptables -A WWW -p tcp -m recent --name WWWDDOS --update --seconds 3600 -j DROP
iptables -A WWW -p tcp -m string --string "attackedfilename.xml" -m recent --name WWWDDOS --set -j DROP
That will drop for at least 1 hour *ANY* port 80 TCP/IP packets coming from users who have requested "attackedfilename.xml" in their previous requests.
After that, they should keep port 80 TCP/IP "silence" for one hour in order to have any access to port 80 on this server.
Did you try this one?
Php Freek wrote:Tried all the rules for IP tables. Not working buddy.
What does "Not working" mean? I've tried it and it works.
There are 10 types of people in this world, those who understand binary and those who don't
Scanned the server with rootkit antispyware, no infection found. Regarding the firewall, put on BFD firewall over APF, still requests are not getting down.
Also IP table is getting full of new ips and it is keeping network and site slow. Please advice for next steps to improve the performace.
This isn't the right place to talk about this. Strike up a conversation at http://www.webhostingtalk.com and I'm sure you will get a lot more help. Alternatively you could try http://serverfault.com/. Good luck, you gonna need it.