Some one attacked my site now site's bandwidth is getting over so fast.i can see in error logs diffrent Ip addreses are trying to access dloht.exe.I tried blocking those IPs but new IPs are replacing those IPs but all are trying to access dloht.exe. Please advise..
I have deleted that exe file from server.. But those IPs still hitting the same address.. My hosting company unfortunately not good.How can i detect bots? Any other security measures i can take to fix this problem?
Did you try using a DDoS protection like Cloudflare? Is the attack directed at you or a site in your same server? Bots are computers comprised by the hackers to do things like DDoSing. The more the bots the more the power is.
What kind of server (VPS, Linux, etc) and what app(s) are you running (WordPress, Joomla)? The reason this is important is that the type of defense is dependent both on what type of server and what apps you are running. It sounds like your server/website may have been compromised, especially dloht.com is not something you put there. Once you have been compromised, whoever compromised you will tell his script kiddie buddies and they will continue to come back until you secure your server and applications. So the first step is to make sure your server/website is "hardened" (secured) and your application(s) are updated to the latest version.
they hardly eating any bandwidth if the file does not exist (and server sends back not found which is probably around 100 bytes however if it does overload your server in DDOS manner, you should try to block those IPs or entire IP ranges
What we do when clients get attacked like that is trace the attack block and ensure they have enough bandwidth.
You can enable Hotlink Protection on the website which will work as a supplement to stop in stealing your bandwidth.
From what you have said, it seems like you are attacked by the DDoS attack in which a multitude of compromised systems attack a single target. You can use Cloudflare. Hope, it will help you.
While some users have already mentioned CloudFlare, I thought I would highlight what the actual feature is if you signup. You can use "I'm Under Attack" to help mitigate the attack.
My hosting company changed my server.I don't know how it will affect my site's genuine traffic..But problem of the attack has been resolved. My site have phpbb3,wordpress, bbpress.I believe 1 of these have opened a security hole for hackers.. My server is linux..There should be a way to completely shut down the site in case of such attacks.. not find any.. Is cloudflare available on the cpanel?
I had tried both the option to enable hotlinking and blocking the IPs but didn't work for me/ blocking the ip add those ips in httpd.conf which make httpd.conf bigger and its not very good solution.. it doesn't work well..
It depends on if your hosting provider is a CloudFlare hosting partner or not. If not, you would need to signup directly.