1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Currently under a DOS attack... HeLP?

Discussion in 'Security' started by proprod, Aug 4, 2007.

  1. #1
    Hi,

    My website is currently under a DOS attack which from what I've read has to do with the vulnerability of the aardvark topsites script's button.php

    Ok, so I've deleted the topsites script and with advice from a fellow phpLD forum moderator, I've replaced button.php with a blank version, so no error log entries. Fact is, it's day three and I'm getting hit at some times 40-50 times a second. It's brought my directory to a stand-still and has probably cost me my TextLinkAds account.

    I've narrowed it down to a couple of referring sites, almost always with a different IP address (probably proxy sites), the country of origin is Turkey.

    Now, my question is... do I wait this out and then try to recover or is there something I can be active in doing? Is there something that my host should be doing? I've filed a complaint with the Internet Crime Complaint Center, not sure if that will do any good... but.

    So, please if you have any experience or insight into this, please help me out :)
     
    proprod, Aug 4, 2007 IP
  2. login

    login Notable Member

    Messages:
    8,849
    Likes Received:
    349
    Best Answers:
    0
    Trophy Points:
    280
    #2
    You should contact the host to the sites that attack you and get them to ban their accounts. I did that once and it worked.
     
    login, Aug 4, 2007 IP
  3. proprod

    proprod Active Member

    Messages:
    216
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    90
    #3
    I can't find their hosting information. I did get their nameservers addresses, but when I visit that one, it's all in Turkish and some sort of list, not a hosting company.

    I did find a semi-solution to try to make them stop, but it's not any better than I'm already doing, basically .htaccess rewrite based on referrer, which still fills my access_log.

    I am quite frustrated. What have I ever done to anyone, lol...

    Edit: Maybe I rejected their link ;)
     
    proprod, Aug 4, 2007 IP
  4. login

    login Notable Member

    Messages:
    8,849
    Likes Received:
    349
    Best Answers:
    0
    Trophy Points:
    280
    #4
    You can block the attackers IP address. I did that also. Your host can block every port.
     
    login, Aug 4, 2007 IP
  5. proprod

    proprod Active Member

    Messages:
    216
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    90
    #5
    Almost a different IP address everytime.

    I WAS able to locate their registrar... I just emailed them with my dilemma and the FBI complaint number, hehe, maybe that will pull some weight.

    As above, different IP address almost every time and the fact is, my host sucks... so they are no help, also, blocking in .htaccess still allows them to hit my site, so it's either 50 hits a second to a blank php file or 50 hits a second to my .htaccess file, which still pretty much disables my site... I will wait to see what the registrar has to say.

    If anyone else can chime in on this or are bored and want to do a DOS back to them for me, that'd be great, hehe... just kidding of course.
     
    proprod, Aug 4, 2007 IP
  6. citruscommerce

    citruscommerce Peon

    Messages:
    917
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Darn turks ;-)
     
    citruscommerce, Aug 4, 2007 IP
  7. adsblog

    adsblog Active Member

    Messages:
    659
    Likes Received:
    27
    Best Answers:
    0
    Trophy Points:
    70
    #7
    you can block IP via cPanel . and you should contact server admin .
    because you can't stop this attack yourself .

    last suggest : " take down your site for 4-5 days or redirect it to highest hitter "
     
    adsblog, Aug 4, 2007 IP
  8. inworx

    inworx Peon

    Messages:
    4,860
    Likes Received:
    201
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Check the IP address and enter that .htaccess to redirect it to the IP or something. Block it from cpanel first, of course.
     
    inworx, Aug 5, 2007 IP
  9. scriptmakingman

    scriptmakingman Active Member

    Messages:
    280
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    58
    #9
    PM me, i can help you.
    I have made botnets before, so i know how to stop them. :D
     
    scriptmakingman, Aug 8, 2007 IP