1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Site Hacked & Hammered Repeatedly By IP Addresses

Discussion in 'Security' started by SeoVeteran33, Jul 30, 2007.

  1. #1
    My entertainment site was recently hacked and had all of its pictures and videos deleted. I was quickly able to restore the media and change all passwords but I'm still feeling vulnerable.

    Now my site is getting hammered by certain IP addresses which I'm guessing are hackers trying to use brute force to get my password or even bring my site down.
    SEMrush
    The problem I'm having now is that I'm getting TONS of "Server Busy" errors to my site. As of now, over the last 5 days, I've accumulated 30260 Server Busy hits and my users are having trouble watching my videos (traffic is the same but videos watched per day are cut in half). I know this is related to the hacking.

    Does anyone know what the "Server Busy" errors are about?? What can I do to stop this??
     
    SeoVeteran33, Jul 30, 2007 IP
    SEMrush
  2. cianuro

    cianuro Peon

    Messages:
    1,857
    Likes Received:
    106
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I would contact your hosting company about this providing all the details and IP addresses.
     
    cianuro, Jul 30, 2007 IP
  3. gslboy

    gslboy Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Don't know this is the correct answer , but you better contact your hosting company and block that IP address temporally. I think " Server Busy " is a generic error. Do you have any other error codes ?
     
    gslboy, Jul 30, 2007 IP
  4. SeoVeteran33

    SeoVeteran33 Well-Known Member

    Messages:
    390
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    108
    #4
    Here are the additional error codes I'm getting. The Server Busy errors stand out the most to me.

    206 Partial Content 783975
    404 Document Not Found 96128
    503 Server busy 37221
    301 Moved permanently (redirect) 2924
    416 Requested range not valid 202
    403 Forbidden 15
    500 Internal server Error 2
    405 Method not allowed 1

    There has to be a better way to protect myself. I've been poking around here in the security section and I found "Brute Force Detection" (BFD) and "Advanced Firewall Protection" (AFP).

    Does anyone have any experience using either or both of these?
     
    SeoVeteran33, Jul 31, 2007 IP
  5. aycintl

    aycintl Peon

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    maybe its a DDOS attack. don't really know much of it. but I think that this what they are doing. its a method that they can send large amount of data into your server and makes your server down, like server busy. just contact your host regarding this. and if you have cpanel you can block ip addresses their.
    but if your running your own server try updating your web server(update your apache server if your using one)

    sorry don't know that much.
     
    aycintl, Jul 31, 2007 IP
  6. SeoVeteran33

    SeoVeteran33 Well-Known Member

    Messages:
    390
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    108
    #6
    aycintl, hey thanks for the help man! I don't know anything so every bit of help is very appreciated.

    I have shared hosting with Dream Host. Currently my "Server Busy" error hits are over 40,000 in the last 7 days. I think normal is 0 to like 10.

    I will look into DDos Attacks, thanks!
     
    SeoVeteran33, Jul 31, 2007 IP
  7. cyanide

    cyanide Peon

    Messages:
    483
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Since you're in a shared setting, there's not much you can do, but contact the host.... this could be affecting other users on the server as well.
     
    cyanide, Aug 3, 2007 IP
  8. Kommunicate

    Kommunicate Peon

    Messages:
    60
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I doubt it was a DDOS attack. If it was, your web server probably wouldn't still be responsive. What's likely happening is that someone is trying to find flaws or exploits in your server via the http protocol using automated scripts than can generate thousands of requests.

    If you have access to your Apache configuration, you could try to turn-off KeepAlive. This will cut down on the server busy errors. You might also ask your host to install mod-security. While it's not the fastest product in the world, it will cut down on some of the invalid http requests (206,405,416,500) you are getting.
     
    Kommunicate, Aug 3, 2007 IP