Hello DP What is an iframe attack? Iframe attack can be used to amplify a DDoS any site. For example, using the attack LOIC iframe (JavaScript) to amplify the attack. Simply search for a php script that consumes many resources and make several iframes tiny (not visible, 1x1 pixels) for the person (or botnets) to visit the attacker's Web cargen the URL, which is within the iframe and repeatedly iframes vintages (DoS). An iframe can also be used for CSRF (Cross-site request forgery) A 1x1 iframe is not visible but often loaded can cause a denial of service. <IFRAME SRC="http://www.domain.com/" WIDTH="1" HEIGHT="1"> </IFRAME> <IFRAME SRC="http://www.domain.com/" WIDTH="1" HEIGHT="1"> </IFRAME> HTML: The easiest way to block the attack is using javascript: <script type="text/javascript">if(top.location != self.location)top.location = self.location;</script> Code (markup): If it detects that it is not the only window open in full screen. If your Apache attack is with an attack iframe can look at the apache logs to detect the Referer Example: [..] 83.155.147.165 - - [17/Apr/2012:16:57:25 +0200] "GET / HTTP/1.1" 200 539 "http://domainattack.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 24.141.160.234 - - [17/Apr/2012:16:57:25 +0200] "GET / HTTP/1.1" 200 539 "http://domainattack.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 201.244.210.100 - - [17/Apr/2012:16:57:25 +0200] "GET / HTTP/1.1" 200 539 "http://domainattack.com//" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" 81.31.8.118 - - [17/Apr/2012:16:57:25 +0200] "GET / HTTP/1.1" 200 539 "http://domainattack.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 68.60.213.133 - - [17/Apr/2012:16:57:25 +0200] "GET / HTTP/1.1" 200 539 "http://domainattack.com//" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" [..] Code (markup): We have many ips, many browsers and a single common denominator, the HTTP Referer. We look at the source code of the "Referer" http://domainattack.com/ and surprise! <iframe src=http://forums.digitalpoint.com/ width="1" height="1" align="center" scrolling="No" id="Test" style="border: 2px dashed #78808C"> </iframe></body> Code (markup): We will block it. We use a simple rule of the apache mod_rewrite, for when the referer is the attacker displays a "Forbidden". #attack iframe <Directory "/www/var/public_html/"> RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://()?domainattack.*$ [OR] # and so on RewriteCond %{HTTP_REFERER} ^http://domainattack.com/ RewriteRule .* - [F,L] </Directory> Code (markup): We check if it works: [root@lan root]# curl -e "http://domainattack.com/" http://forums.digitalpoint.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>403 Forbidden</TITLE> </HEAD><BODY> <H1>Forbidden</H1> You don't have permission to access / on this server.<P> </BODY></HTML> PHP: If attacked with a DDoS program to (among several) you look at the "User-Agent": "User-Agent: Mozilla/6.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; HbTools 4.6.2)" Code (markup): Apply a new rule with mod_rewrite but looking at the User-Agent "FunWebProducts". Now let's see how to block HTTP Refererr using mod_security (an Apache module to enhance the security of Apache and php scripts). SecFilterSelective HTTP_Referer|ARGS "webdattacking\.com""deny,nolog,status:403" Code (markup): We simply say that if the Referer is the attacker's web not stored in the log (if the attack is very large would form a large log) and returns an HTTP code 403 (Forbidden). You can also return the attack redirected their requests to the same: SecFilterSelective HTTP_Referer|ARGS "webattacking\.com""deny,nolog,redirect:http://www.webattacking.com" Code (markup): Or get an annoying Alert in javascript to be forced to remove the iframe: SecFilterSelective HTTP_Referer|ARGS "webdattacking\.com""deny,nolog,redirect:http://www.yoursite.com/bucle.html" Code (markup): And in bucle.html put: <html><head><body></script>while(1) { alert("bad boy!"); }</script></body></html> Code (markup): I hope this guide will be of great help!