Hello, There is somethign i cant understand,someone somehow is POSTing to my idnex page,there is nothing you can post remotly to index.php. There are two forms on index.php to post from index.php to other pages only. Can anyone please tell me how can teh one POST then ? And what can i do to stop POST commands to that page ? I have pus this instruction but it seems to work partialy <Files indexen.php> <Limit POST> Order deny,allow Deny from All </Limit> </Files>
Just because YOU don't provide a way to POST to your index file doesn't mean it's impossible. They could just as easily have created their own HTML file and point the form submission to your index file or used something like cURL. Either way, I don't see what the problem is... you're obviously not using the POST information (otherwise you would have your own form POSTing to it) so unless you're using register_globals (which is a bigger problem) then you shouldn't really have anything to worry about. I don't know enough about .htaccess to comment on the code you have at the bottom there.
Since POST information needs to be processed by your server, what makes you believe that someone is POSTing to your front page and why are you concerned? If the supporting scripts do not process the information, then there is nothing to be concerned with and nothing to block. But, if they are somehow changiung the page via this activity, then you need to look more closely at all the scripts associated with index.php to make sure that they are not processing the information . . . and certainly not simply accepting POSTed values without pulling the data into variables and converting everything to safe values.
Correct,teh problem is that once they start sending POST command thouzands of times every minute,index.php is overloading the server but i am not sure how do i find out what exactly they are psotign and what index.php is trying to do and thus overloading the server ? Also a general idea on how to block POSTing to index.php would help too. That has became a problem for me since they repeat taht kind of attack time to time and everytiem the same way. Mod_evasise is useless in this case too.
By the way Clancey is your project http://www.stat-communications.com/security/ something just for my case ?
You'd be better to block thier ips, domestic connections cannot make thousands of requests a minute and so the chances are they are using a static ( server probably ) ip address, block it or that c class and you problem is null .......
It will not solve this problem. It offers some of the same sort of help as the suhosin project, which hardens PHP. It cleans up user input to make it harder for them launch SQL injection attacks or to insert values into global variables. krakjoe may be right. The only solution may be to block their IP address, if they are hitting you from a single server.