Results 1 to 7 of 7

Thread: get ATTACKED!!

  1. #1

    get ATTACKED!!

    my server RedHat Enterprise with cPanel has been getting attacked since Jul 5th. There are about 50 requests per second to my apache; something like this - - [08/Jul/2005:01:54:21 -0400] "GET /yay/bdclong.txt HTTP/1.1" 200 0 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"

    1. The IPs changes all the time.. so far over 7,000 IPs.
    2. The strange is that 90% of the requests are from Win98.
    3. They're all request for /yay/bdclong.txt
    4. About 50 requests per second
    5. It boost my load to 17.x 15.x 13.x
    6. The hits are from Taiwan/China

    I can't use apf to block them because the IP keeps changing..

    1. It is DDoS?
    2. How to solve this?

  2. #2
    Does that file exists ?
    Lookup the refferer its possible that its linked from a forum.
    Consider blocking all taiwan/china ips using a database like

  3. #3
    Join Date
    Dec 2002
    chica go go
    Try installing APF and BFD. They can be downloaded from the projects section of .

    You could add a rule in there to automatically block users who are accessing /yay/bdclong.txt .

  4. #4
    it's probably a SYN flood. I can't add the IPs. They keep changing, so far over 7,000 IPs. Yes, I have apf and it couldn't help. I can't block all traffic from China and Taiwan as well.

    The file /yay/bdclong.txt doesn't exists. They are no referers..

  5. #5
    Join Date
    Dec 2003
    Sunny So. Calif.
    I've never used APF myself, but I read that there is an anti-DOS feature which may not be active by default. You may want to see if activating that may help.

    You may also want to check if it's possible to block this from even getting to your server (via a perimeter firewall) if your datacenter can do it.

  6. #6
    Join Date
    Dec 2002
    chica go go
    well, one thing you could do to alieviate the damage is link your error_log to /dev/null . As well as link the access log of the specific domain to /dev/null .

    ln -s /dev/null /usr/local/apache/logs/error_log
    ln -s /dev/null /usr/local/apache/domlogs/thedomain.ext

  7. #7
    Join Date
    Jun 2005

    Did you install mod_security on your server? If not install it first. And also disable keepalive in httpd.conf. touch a blank file "bdclong.txt" in that path.

    Let me know the status

    With regards,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts