hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Over 200 requests per second from the same 5 IPs
Reply

Forum Jump

Over 200 requests per second from the same 5 IPs

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 10-19-2009, 03:16 PM
chasebug chasebug is offline
Web Hosting Master
 
Join Date: Apr 2009
Posts: 1,320
Question

Over 200 requests per second from the same 5 IPs


I block them in htaccess but their repeated attacks is making my server load crazy.
I installed AFP but it doesn't do anything, where do I set rules on automatic blocking?



Sponsored Links
  #2  
Old 10-19-2009, 03:20 PM
Chris_M Chris_M is offline
Community Liaison
 
Join Date: Oct 2004
Location: Ohio
Posts: 1,595
If you know the IP's just do apf -d IP# for each and forget it.

__________________
WebNX.com - Professional Hosting Solutions Premium Los Angeles Servers and Colo
Quality Dedicated Servers in Los Angeles From single core to 64 core servers 2GB ram to 512GB Ram
1 hard drive to 45+ drive setups. sales @ webnx.com

Like us on Facebook https://www.facebook.com/WebNX


  #3  
Old 10-19-2009, 05:48 PM
CodyRo CodyRo is offline
Web Hosting Master
 
Join Date: Feb 2006
Location: Buffalo NY
Posts: 1,237
Assuming it's Linux based:

Code:
iptables -A INPUT -s 1.2.3.4 -j DROP

__________________
Cody R. - Chief Technical Officer
Quality Shared and VPS Hosting
Hawk Host Inc. Proudly serving websites since 2004
PHP 5.3.x & PHP 5.4.x & PHP 5.5.X Support!

Sponsored Links
  #4  
Old 10-19-2009, 06:02 PM
TheServerExperts TheServerExperts is online now
Web Hosting Master
 
Join Date: Feb 2004
Location: USA
Posts: 1,569
Did you try dos deflate?

http://deflate.medialayer.com

__________________
http://www.screwattack.com (games review)

  #5  
Old 10-19-2009, 06:05 PM
madaboutlinux madaboutlinux is offline
Web Hosting Master
 
Join Date: Jul 2009
Posts: 1,543
Quote:
Originally Posted by chasebug View Post
I block them in htaccess but their repeated attacks is making my server load crazy.
I installed AFP but it doesn't do anything, where do I set rules on automatic blocking?
If the IPs are similar, block the IP using route:

route add IPADDR reject

where, IPADDR is the IP address of the attacker.
'reject' install a blocking route, which will force a route lookup to fail.

__________________
| LinuxHostingSupport.net
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  #6  
Old 10-19-2009, 08:10 PM
plumsauce plumsauce is offline
******* Unleaded
 
Join Date: Feb 2004
Posts: 3,802
Have you traced back the ip addresses to find out who they belong to?

Once you know who manages the ip blocks, you need some logs. Write to the abuse and noc addresses for the company who has been assigned those addresses. Explain briefly and accurately what is happening and that it is coming from machines within their ip space and ask them to please attend to it. They will probably ask for logs. It may take some days, but in most cases they will determine whether the source machine is compromised or run by a rogue operator and take the appropriate action.

__________________
edgedirector.com
managed dns global failover and load balance (gslb)
exactstate.com
uptime report for webhostingtalk.com

  #7  
Old 10-19-2009, 08:29 PM
adminpaul adminpaul is online now
WHT Addict
 
Join Date: Sep 2008
Posts: 158
Install csf + lfd and block the ip using the command csf -d <IP>

  #8  
Old 10-19-2009, 08:45 PM
TailoredVPS TailoredVPS is offline
Web Hosting Master
 
Join Date: Aug 2008
Location: Vancouver, Canada
Posts: 650
Quote:
Originally Posted by CodyRo View Post
Assuming it's Linux based:

Code:
iptables -A INPUT -s 1.2.3.4 -j DROP
Yes, I would recommend using iptables as well.

__________________
Tailored VPS offers fully customizable VPS Hosting
Powered by OpenVZ | Servers located in the USA | 99.9% Uptime

  #9  
Old 10-20-2009, 02:46 AM
chasebug chasebug is offline
Web Hosting Master
 
Join Date: Apr 2009
Posts: 1,320
Using apf -d IP# to block IP now.

Is iptable better and why is it better?

  #10  
Old 10-20-2009, 03:06 AM
madaboutlinux madaboutlinux is offline
Web Hosting Master
 
Join Date: Jul 2009
Posts: 1,543
Quote:
Originally Posted by chasebug View Post
Using apf -d IP# to block IP now.

Is iptable better and why is it better?
APF and CSF firewalls use iptables itself. These firewalls have made it easy to deal with blocking IPs on different criteria and various alerts for people those who are not use to with iptables.

__________________
| LinuxHostingSupport.net
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  #11  
Old 10-20-2009, 09:08 AM
BudWay BudWay is offline
Web Hosting Master
 
Join Date: Jan 2004
Posts: 1,183
Install csf and use rate limiting to try to block/cease this.

  #12  
Old 10-20-2009, 09:22 AM
inspiron inspiron is offline
Support Facility
 
Join Date: Jun 2009
Posts: 2,317
Yes, get install the csf firewall and try using the command given below,

# csf -d IPaddress

__________________
Support Facility | 24/7 web hosting technical support services
Technical support | Server management | Data migration

Technical Articles

  #13  
Old 10-20-2009, 11:36 AM
eth00 eth00 is offline
Web Hosting Master
 
Join Date: Apr 2003
Location: NC
Posts: 2,938
If you do install either APF or CSF don't use the direct iptables commands, as soon as you restart the firewall (which happens daily) the rules will be lost. For just blocking the IP like you want either will be just fine.

If properly setup apf -d or csf -d should be blocking it. If it is not then something is probably setup wrong or your kernel may not support all of the required iptables modules.

I would also suggest contacting the abuse dept for those ips, that may help depending on what country they are in.

__________________
John W
www.eth0.us

  #14  
Old 10-20-2009, 04:13 PM
pfer pfer is offline
Newbie
 
Join Date: Oct 2009
Posts: 6
You might also want to throttle the ips

lists.netfilter.org/pipermail/netfilter/2006-April/065456.html

  #15  
Old 10-20-2009, 05:17 PM
CKGroup CKGroup is offline
Disabled
 
Join Date: Apr 2009
Location: England, UK
Posts: 643
I've alway's use the apf firewall on all 3 of my server's and it does a good job as Chris said apf -d iphere to block the the ddos'er

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Requests : Brushed-Red Design Offers 2 11-21-2008 11:05 AM
Requests : redeyejedi Design Offers 0 11-19-2008 03:06 PM
Requests : simplyg123 Design Offers 0 11-17-2008 12:47 AM
Requests : CallumBellamy Design Offers 0 11-05-2008 09:38 AM

Related posts from TheWhir.com
Title Type Date Posted
CloudFlare Releases Transparency Report Detailing Government Requests in 2013 Web Hosting News 2014-02-27 15:18:50
Government Requests for Verizon User Data Increased in 2013: Transparency Report Web Hosting News 2014-01-24 11:16:08
DOJ Opposes Tech Firms' Request to Publish PRISM Data Web Hosting News 2013-10-03 11:04:07
Microsoft Releases Second Law Enforcement Request Transparency Report Web Hosting News 2013-09-30 10:15:20
LeaseWeb Releases First Law Enforcement Transparency Report Web Hosting News 2013-04-11 10:54:27


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?