Portal Home > Knowledgebase > Articles Database > Under attack | URGENT
Under attack | URGENT
| Posted by Markovic, 09-07-2009, 03:07 PM |
| Hello, I'm getting flooded.
IP.IP.IP.IP www.mysite.com - [07/Sep/2009:22:36:28 +0400] "GET /cms/ HTTP/1.1" 403 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
Is that OfficeLiveConnector a bot? How could I block all those OfficeLiveConnectors with mod_rewrite?
|
| Posted by Ore Stone Radio, 09-07-2009, 04:31 PM |
| Do you have csf or apf etc.?
You should be able to block the IP address using iptables if not.
|
| Posted by DATARTIM, 09-07-2009, 04:49 PM |
| How bad is the attack ?
Using iptables will be the best way to block particular ips/blocks.
Consider getting server management to help maintain your servers security.
|
| Posted by Hosting24, 09-08-2009, 04:03 AM |
| Are you on shared or dedicated server? If it's dedicated, just add attacker IPs to server firewall and attack should be stopped. If it's shared server, you may want to ask hosting provider to add attacker IPs to server firewall using root access. On the other hand, it's possible to block IPs using .htaccess file. Let me know if you need any help doing that.
|
| Posted by mugo, 09-08-2009, 04:12 AM |
| Guess it wasn't really that urgent....
|
| Posted by Markovic, 09-08-2009, 02:20 PM |
| Of course I have the firewall but there was about 3k bots and every of them was making only 2 connections to the server. I won't be blocking 3k ip addresses if there is some was to I can block every IP who is using that OfficeLiveConnector.
Anyway, I managed to block them, Thanks to everyone who tried to help me with this.
|
| Posted by FastServ, 09-08-2009, 03:44 PM |
| Likewise, please be considerate and help others by posting how you solved it.
Regards
|
Add to Favourites 
Print this Article
Also Read
