Results 1 to 10 of 10

Thread: I need help

  1. #1
    Join Date
    Aug 2007
    Posts
    56

    I need help

    hello,

    my website is running fine on my local machine, while it is not working on the server, (windows shared hosting and dotnetpannel)

    It was working fine since 5 months with no problems, since 2 weeks i faced hacking due to bad coding which gave the hackers the possiblitly to push a shell and hack my site, I fixed every thing and i closed the bug of my code.

    later after few days, my site was not opening, i thought it was hacked again, i checked all files and code, and searched if there is any shell and found it was 100% clean of hacking files, and to be more sure i zipped the website on the server and downloaded it to local machine and scanned with my antivirus after unzipping, and was clean, i tried to check it under the localhost of my local IIS and it worked perfectly...

    I noticed that the log file of the site is very big for 1 day ( about 200MB), and the total size for 3 days log was about 900MB..
    I ckecked the last log file and found that there was unbelievable number of hits from one IP conituous over 24 hours for the whole day...
    I checked the other logs and found same thing...

    I tried to find an option in the dotnetpannel to block this IP from accessing the website, and i did not find such option... (I think must be developed in future)..

    I searched online how to block IP address from accessing website and found a way of creating .htaccess and place it in the wwwroot for the website, i tried but did not work.

    so I wrote to the hosting company and they blocked the IP and site worked again with no problem, I asked them why .htaccess file did not work and they said (windows server do not support this kind of order).

    Unfortanitly and this morning my site is not working again for the same reason, and i found it was another IP address attacking continuously with no stop...

    i cant tell the company 100 times if the attacker have 100 IP, i need a way which i can control such issue with my hands...

    any idea?

    thanks to all
    Last edited by samisadder; 06-27-2009 at 03:02 AM.

  2. #2
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    You could just set a scheduled event to clear the log file every so often, say every hour or so if keeping the site online was the primary issue.

    I'm not real familiar with Windows hosting, sorry.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  3. #3
    Join Date
    Aug 2007
    Posts
    56
    Quote Originally Posted by MikeDVB View Post
    You could just set a scheduled event to clear the log file every so often, say every hour or so if keeping the site online was the primary issue.

    I'm not real familiar with Windows hosting, sorry.

    it is not problem of space of log file, and i dont have such option in dotnetpanel, the question is:

    do I have a method like .htaccess in linux to work on windows server so i can block whome ever i think i dont want to show him my website through blocking his IP address?

  4. #4
    Join Date
    Feb 2007
    Location
    USA, UK, Singapore
    Posts
    3,481
    May be you can write your own function in Application_Start event of Global.asax file which reads list of IP's or IP blocks for a xml file and does not process the application in case the IP falls within your data. I am not sure but this can be of help.

    On another note, do you get hit from specific block of IP addresses or are they isolated ones? I don't think there should be an issue in blocking IP and your host will be more than happy in getting it done through IIS Management console rather than making any website on their servers from getting affected.

    - Rick
    ██ SoftSys Hosting ██ - 14 Years In Business - 24/7 In-House Support - Enterprise Class Replicated Cloud Servers For HA

    Cloud Hosting With Anti-Malware, IDS/IPS, WAF & Litespeed - Windows 2019 Shared Hosting w/ Plesk

  5. #5
    Join Date
    Aug 2007
    Posts
    56
    Quote Originally Posted by SoftsysHosting-Rick View Post
    May be you can write your own function in Application_Start event of Global.asax file which reads list of IP's or IP blocks for a xml file and does not process the application in case the IP falls within your data. I am not sure but this can be of help.

    On another note, do you get hit from specific block of IP addresses or are they isolated ones? I don't think there should be an issue in blocking IP and your host will be more than happy in getting it done through IIS Management console rather than making any website on their servers from getting affected.

    - Rick
    this is good idea, but what shall i write in the global.asa file?

    thanks

  6. #6
    Join Date
    Feb 2007
    Location
    USA, UK, Singapore
    Posts
    3,481
    Quote Originally Posted by samisadder View Post
    this is good idea, but what shall i write in the global.asa file?

    thanks
    Something like:

    if (IP of request == IP in your db/xml file)
    {
    Response.Redirect("http://www.google.com");
    }
    ██ SoftSys Hosting ██ - 14 Years In Business - 24/7 In-House Support - Enterprise Class Replicated Cloud Servers For HA

    Cloud Hosting With Anti-Malware, IDS/IPS, WAF & Litespeed - Windows 2019 Shared Hosting w/ Plesk

  7. #7
    Join Date
    Jul 2006
    Location
    USA, EU, UK, CA, AUS
    Posts
    1,804
    Windows can use .htaccess. Let me see if I can fish out the right code. Also is there no way to shut down the vulnerability to stop an attack from a range of IP's?

  8. #8
    Seems that blocking the IP each time is not the answer, as this will require ongoing maintenance since they will change IP's all the time, Also they will still get in until its blocked again.

    Seems like the correct solution is to patch whatever exploit you have in your code, this will stop them and the only real "fix" i see to this issue.
    Reseller Choice - Windows Hosting Services Since 2001
    Reliable, Redundant, Performance Hosting
    Reseller - Dedicated - VPS - Cloud - Hyper-V

  9. #9
    You can block IP address using IPsec policy which is very simple. Just google and you will find exact steps with screenshots.

    Regards,
    SysPassion

  10. #10
    Hi GigPak,

    I also faced the same problem. Can you tell me about that patch and how to do that.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •