Results 1 to 10 of 10
Thread: I need help
-
06-27-2009, 02:56 AM #1Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 56
I need help
hello,
my website is running fine on my local machine, while it is not working on the server, (windows shared hosting and dotnetpannel)
It was working fine since 5 months with no problems, since 2 weeks i faced hacking due to bad coding which gave the hackers the possiblitly to push a shell and hack my site, I fixed every thing and i closed the bug of my code.
later after few days, my site was not opening, i thought it was hacked again, i checked all files and code, and searched if there is any shell and found it was 100% clean of hacking files, and to be more sure i zipped the website on the server and downloaded it to local machine and scanned with my antivirus after unzipping, and was clean, i tried to check it under the localhost of my local IIS and it worked perfectly...
I noticed that the log file of the site is very big for 1 day ( about 200MB), and the total size for 3 days log was about 900MB..
I ckecked the last log file and found that there was unbelievable number of hits from one IP conituous over 24 hours for the whole day...
I checked the other logs and found same thing...
I tried to find an option in the dotnetpannel to block this IP from accessing the website, and i did not find such option... (I think must be developed in future)..
I searched online how to block IP address from accessing website and found a way of creating .htaccess and place it in the wwwroot for the website, i tried but did not work.
so I wrote to the hosting company and they blocked the IP and site worked again with no problem, I asked them why .htaccess file did not work and they said (windows server do not support this kind of order).
Unfortanitly and this morning my site is not working again for the same reason, and i found it was another IP address attacking continuously with no stop...
i cant tell the company 100 times if the attacker have 100 IP, i need a way which i can control such issue with my hands...
any idea?
thanks to allLast edited by samisadder; 06-27-2009 at 03:02 AM.
-
06-27-2009, 03:06 AM #2Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
You could just set a scheduled event to clear the log file every so often, say every hour or so if keeping the site online was the primary issue.
I'm not real familiar with Windows hosting, sorry.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
06-27-2009, 03:41 AM #3Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 56
it is not problem of space of log file, and i dont have such option in dotnetpanel, the question is:
do I have a method like .htaccess in linux to work on windows server so i can block whome ever i think i dont want to show him my website through blocking his IP address?
-
06-27-2009, 04:03 AM #4Web Hosting Master
- Join Date
- Feb 2007
- Location
- USA, UK, Singapore
- Posts
- 3,481
May be you can write your own function in Application_Start event of Global.asax file which reads list of IP's or IP blocks for a xml file and does not process the application in case the IP falls within your data. I am not sure but this can be of help.
On another note, do you get hit from specific block of IP addresses or are they isolated ones? I don't think there should be an issue in blocking IP and your host will be more than happy in getting it done through IIS Management console rather than making any website on their servers from getting affected.
- Rick██ SoftSys Hosting ██ - 14 Years In Business - 24/7 In-House Support - Enterprise Class Replicated Cloud Servers For HA
Cloud Hosting With Anti-Malware, IDS/IPS, WAF & Litespeed - Windows 2019 Shared Hosting w/ Plesk
-
06-27-2009, 06:10 AM #5Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 56
-
06-27-2009, 08:22 AM #6Web Hosting Master
- Join Date
- Feb 2007
- Location
- USA, UK, Singapore
- Posts
- 3,481
██ SoftSys Hosting ██ - 14 Years In Business - 24/7 In-House Support - Enterprise Class Replicated Cloud Servers For HA
Cloud Hosting With Anti-Malware, IDS/IPS, WAF & Litespeed - Windows 2019 Shared Hosting w/ Plesk
-
06-28-2009, 11:56 AM #7Disabled
- Join Date
- Jul 2006
- Location
- USA, EU, UK, CA, AUS
- Posts
- 1,804
Windows can use .htaccess. Let me see if I can fish out the right code. Also is there no way to shut down the vulnerability to stop an attack from a range of IP's?
-
06-28-2009, 01:41 PM #8Junior Guru
- Join Date
- Jan 2003
- Posts
- 195
Seems that blocking the IP each time is not the answer, as this will require ongoing maintenance since they will change IP's all the time, Also they will still get in until its blocked again.
Seems like the correct solution is to patch whatever exploit you have in your code, this will stop them and the only real "fix" i see to this issue.Reseller Choice - Windows Hosting Services Since 2001
Reliable, Redundant, Performance Hosting
Reseller - Dedicated - VPS - Cloud - Hyper-V
-
07-21-2009, 10:18 AM #9Newbie
- Join Date
- Jul 2009
- Posts
- 6
You can block IP address using IPsec policy which is very simple. Just google and you will find exact steps with screenshots.
Regards,
SysPassion
-
07-23-2009, 04:18 PM #10New Member
- Join Date
- Jul 2009
- Posts
- 4
Hi GigPak,
I also faced the same problem. Can you tell me about that patch and how to do that.
Thanks