Site Hacked & Hammered Repeatedly By IP Addresses

My entertainment site was recently hacked and had all of its pictures and videos deleted. I was quickly able to restore the media and change all passwords but I'm still feeling vulnerable.

Now my site is getting hammered by certain IP addresses which I'm guessing are hackers trying to use brute force to get my password or even bring my site down.

The problem I'm having now is that I'm getting TONS of "Server Busy" errors to my site. As of now, over the last 5 days, I've accumulated 30260 Server Busy hits and my users are having trouble watching my videos (traffic is the same but videos watched per day are cut in half). I know this is related to the hacking.

Does anyone know what the "Server Busy" errors are about?? What can I do to stop this??

 

I would contact your hosting company about this providing all the details and IP addresses.

 

Don't know this is the correct answer , but you better contact your hosting company and block that IP address temporally. I think " Server Busy " is a generic error. Do you have any other error codes ?

 

Here are the additional error codes I'm getting. The Server Busy errors stand out the most to me.

206 Partial Content 783975
404 Document Not Found 96128
503 Server busy 37221
301 Moved permanently (redirect) 2924
416 Requested range not valid 202
403 Forbidden 15
500 Internal server Error 2
405 Method not allowed 1

There has to be a better way to protect myself. I've been poking around here in the security section and I found "Brute Force Detection" (BFD) and "Advanced Firewall Protection" (AFP).

Does anyone have any experience using either or both of these?

 

maybe its a DDOS attack. don't really know much of it. but I think that this what they are doing. its a method that they can send large amount of data into your server and makes your server down, like server busy. just contact your host regarding this. and if you have cpanel you can block ip addresses their.
but if your running your own server try updating your web server(update your apache server if your using one)

sorry don't know that much.

 

aycintl, hey thanks for the help man! I don't know anything so every bit of help is very appreciated.

I have shared hosting with Dream Host. Currently my "Server Busy" error hits are over 40,000 in the last 7 days. I think normal is 0 to like 10.

I will look into DDos Attacks, thanks!

 

Since you're in a shared setting, there's not much you can do, but contact the host.... this could be affecting other users on the server as well.

 

I doubt it was a DDOS attack. If it was, your web server probably wouldn't still be responsive. What's likely happening is that someone is trying to find flaws or exploits in your server via the http protocol using automated scripts than can generate thousands of requests.

If you have access to your Apache configuration, you could try to turn-off KeepAlive. This will cut down on the server busy errors. You might also ask your host to install mod-security. While it's not the fastest product in the world, it will cut down on some of the invalid http requests (206,405,416,500) you are getting.