I've got this problem were these noob script kiddies are making 2000bots + visit my website cousing httpd to totaly lag like hell

I have looked into this but its not the httpd coursing the problem as I replaced the php with a simple index.php blank

It seems it only lags when it querys the db 1000's of times
Is there a way I can stop the db from trying to process this amount of requests IE making it to stop at 50requests at a time

The server has cpanel/whm installed so if You do give me info on how to fix this, Mysql might be located some where else

If You can help thanks so much
:)

Grmble its under attack again lol

20:37:35 up 2 days, 12:24, 2 users, load average: 90.59, 12.88, 38.71

Well the problem with limiting the number of connections is that you will still be at max connections all the time from the botnet. I am assuming you are running linux, have you tried installing APF/BFD?

I am running linux, whats APF/BFD
where can i get it

A search will give you a ton of information on where to get it/how to install it. Bascially it's a frontend to the IPTables (firewall) found in linux. It allows you to block ports very easily and BFD looks for bruteforce attempts and blocks them automatically for you. I am not sure if it would block the website views or not, but if you're getting hit by that many bots as soon as you stop them one way, they'll just start another way (SYN flood or something).

neg They only seem to use visit command would http://www.webhostingtalk.com/showthread.php?s=&threadid=352388
help me

I couldnt post full link as i havent posted 5posts yet

Well they may be only using the visit command right now, but if you stop that what's to stop them from using a different command?

The problem with limiting the number of connections is that you are going to block out all legit users.

Lets say you limit the server to 50 connections.

There are 2000 bots.

Odds are that those bots are going to use up all 50 connections and when I try and visit your website I won't be able to because all the connections are full.

I realy need something like which, If they refresh the website 2times within 3seconds it would block there ip

Would this kind of thing work

Greetings:

Security is a daily thing. Use internet explorer if you want secure server.

lol I think u have posted in the wrong thread

Originally posted by Sherby
I realy need something like which, If they refresh the website 2times within 3seconds it would block there ip

Would this kind of thing work

I am not sure of an actual program that will do that for you, although I am sure there are some out there. With your server so slow though, what happens when I (a true user) hits refresh a bunch of times trying to get the page to load? I'm blocked.

Originally posted by fac3less
Greetings:

Security is a daily thing. Use internet explorer if you want secure server.

:rolleyes: This is the second thread I am in that you have posted about this. Is there a reason for it?

justadollarhostin whats my best bet on blocking this

Well this is what all hosts face, there really is no way to block this sadly. Live it out and do not upset people with botnets is about the only way. You could start blocking their IPs one by one. If you see that a large majority of them are in the same class B you could block that entire class B for the time being. APF/BFD would most likely help out a lot in this situation.

Anyways - the last post was a 'joke'. For the time being I'd definitely check out what type of 'browser' info they're spitting back at the server.

Consider blocking some of the strings (mod_security, mod_dosevasive, BFD would do the trick but it would be slower).. that or snort/snortsam. Enjoy.