1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Some one is attacking on my site and eating my bandwidth.

Discussion in 'Security' started by iwantvarun, Jul 21, 2012.

  1. #1
    Some one attacked my site now site's bandwidth is getting over so fast.i can see in error logs diffrent Ip addreses are trying to access dloht.exe.I tried blocking those IPs but new IPs are replacing those IPs but all are trying to access dloht.exe.
    SEMrush
    Please advise.. :(
     
    iwantvarun, Jul 21, 2012 IP
    SEMrush
  2. textads

    textads Peon

    Messages:
    28
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Can you rename dloht.exe for some time?
     
    textads, Jul 21, 2012 IP
  3. thomson3241

    thomson3241 Peon

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Contact your hosting company or maybe find some better security or get a bot detection
     
    thomson3241, Jul 21, 2012 IP
  4. iwantvarun

    iwantvarun Active Member

    Messages:
    200
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #4
    I have deleted that exe file from server.. But those IPs still hitting the same address..

    My hosting company unfortunately not good.How can i detect bots? Any other security measures i can take to fix this problem?
     
    iwantvarun, Jul 21, 2012 IP
  5. TechieH

    TechieH Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Did you try using a DDoS protection like Cloudflare? Is the attack directed at you or a site in your same server?

    Bots are computers comprised by the hackers to do things like DDoSing. The more the bots the more the power is.
     
    TechieH, Jul 23, 2012 IP
  6. Ray Baron

    Ray Baron Member

    Messages:
    148
    Likes Received:
    10
    Best Answers:
    3
    Trophy Points:
    43
    #6
    What kind of server (VPS, Linux, etc) and what app(s) are you running (WordPress, Joomla)?

    The reason this is important is that the type of defense is dependent both on what type of server and what apps you are running. It sounds like your server/website may have been compromised, especially dloht.com is not something you put there. Once you have been compromised, whoever compromised you will tell his script kiddie buddies and they will continue to come back until you secure your server and applications.

    So the first step is to make sure your server/website is "hardened" (secured) and your application(s) are updated to the latest version.
     
    Ray Baron, Jul 25, 2012 IP
  7. atxsurf

    atxsurf Peon

    Messages:
    2,394
    Likes Received:
    21
    Best Answers:
    1
    Trophy Points:
    0
    #7
    they hardly eating any bandwidth if the file does not exist (and server sends back not found which is probably around 100 bytes
    however if it does overload your server in DDOS manner, you should try to block those IPs or entire IP ranges
     
    atxsurf, Jul 25, 2012 IP
  8. TiffanyJ.SSS

    TiffanyJ.SSS Member

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    33
    #8
    What we do when clients get attacked like that is trace the attack block and ensure they have enough bandwidth.
     
    TiffanyJ.SSS, Aug 2, 2012 IP
  9. droppedwebsites

    droppedwebsites Guest

    Messages:
    28
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Try using cloudflare. It will reduce attacks on your site using the customisable security options.
     
    droppedwebsites, Aug 3, 2012 IP
  10. MilesWeb

    MilesWeb Well-Known Member

    Messages:
    856
    Likes Received:
    33
    Best Answers:
    7
    Trophy Points:
    123
    #10
    You can enable Hotlink Protection on the website which will work as a supplement to stop in stealing your bandwidth.
     
    MilesWeb, Aug 4, 2012 IP
  11. RankViper

    RankViper Peon

    Messages:
    29
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    From what you have said, it seems like you are attacked by the DDoS attack in which a multitude of compromised systems attack a single target. You can use Cloudflare. Hope, it will help you.
     
    RankViper, Aug 5, 2012 IP
  12. mygold

    mygold Peon

    Messages:
    1,164
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #12
    Use DDOS protection like cloudflare. That can solve your problem.
     
    mygold, Aug 5, 2012 IP
  13. damoncloudflare

    damoncloudflare Greenhorn

    Messages:
    78
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #13
    While some users have already mentioned CloudFlare, I thought I would highlight what the actual feature is if you signup. You can use "I'm Under Attack" to help mitigate the attack.
     
    damoncloudflare, Aug 7, 2012 IP
  14. iwantvarun

    iwantvarun Active Member

    Messages:
    200
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #14
    My hosting company changed my server.I don't know how it will affect my site's genuine traffic..But problem of the attack has been resolved.

    My site have phpbb3,wordpress, bbpress.I believe 1 of these have opened a security hole for hackers..

    My server is linux..There should be a way to completely shut down the site in case of such attacks.. not find any..

    Is cloudflare available on the cpanel?
     
    iwantvarun, Aug 8, 2012 IP
  15. iwantvarun

    iwantvarun Active Member

    Messages:
    200
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #15
    I had tried both the option to enable hotlinking and blocking the IPs but didn't work for me/

    blocking the ip add those ips in httpd.conf which make httpd.conf bigger and its not very good solution.. it doesn't work well..
     
    iwantvarun, Aug 8, 2012 IP
  16. damoncloudflare

    damoncloudflare Greenhorn

    Messages:
    78
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #16
    It depends on if your hosting provider is a CloudFlare hosting partner or not. If not, you would need to signup directly.
     
    damoncloudflare, Aug 8, 2012 IP