attack...pinging...overload on database.. hunging & chocking

[marhoons]

hello dears,

my problem is someone or more than one; trying attack my website by opening my dynamic pages (working through database) more than 100 times per min and refreshing that pages during a day, that mean causing to consuming my limit queries on server & killing the database connection (chocking) & exceeding the bandwidth and causing the huge traffics.

 

from the statics my daily visitor average is 28000 Hits before but in last 4 days ago up to 48000 Hits that mean there is something up normal as I checked the logs on my root  I deduce that traffic comes from same destination with same URL (duplicated), that mean he is refreshing the page!.

 

i Modified my script by using cookies to close all connection if he refreshing the page in more than 5 times per min, but that isn't the finle suluation if he disable the cookies from his browsers my modifed isn't useful.

 

$_SESSION["str_attack"] = 1;

if (!$_COOKIE["timerv"])
{
setcookie("timerv","1");
}
else
{
$h= $_COOKIE["timerv"] +1;
setcookie("timerv",$h);
}

if ($current_time % 2 ==0)
{
if (isset($_SESSION["str_attack"]) && $_COOKIE["timerv"] > 5)
{
setcookie("timerv","");
print "<script>self.close();</script>";
exit();
}
} 

 

please.. advice me!

need your help brothers...

[marhoons]

nobody reply!

[quiettech]

Let him do it.

 

Place something like this on your affected scripts (unchecked):

 

<?php
$logip = $_SERVER['REMOTE_ADDR'];
$log = date("D M j G:i:s T Y") . ' - ' . $logip . ' - ' . gethostbyaddr($logip) . ' - ' . $_SERVER['PHP_SELF'] . "\n";

$hf = fopen('/access.log', 'a');
fwrite($hf, $log);
fclose($hf);
?>

 

Let him have a field day. Change your script 24 hours later to detect this same IP, but keep recording. This time, when the script sees that IP, you change the page to show him the log you recorded. Open a ticket with your webhost and send them the log. Ask for advise and send also the log to the ISP of that little troll.

 

I'm unsure as to how you should protect yourself for these type of attacks in the future. I'll investigate if no one answers here first. Stay tuned.

[Xeoncross]

create a file called ".htaccess" and add this to it then place it in your site root:

 

<IfModule mod_rewrite.c>

    # If you know the IP:
    Deny from 192.168.1.1
    
    # OR you can do this

    RewriteCond %{HTTP_REFERER} porn\.com
    RewriteRule .* - [F]

</IfModule>

[discomatt]

Could be DDOS from compromised legit computers. Are you hosting this server yourself or do you have a web host?

[ohdang888]

if($ip = the address of hacker){

echo 'Gotcha!!!!!!!!!!!!!!!!! ';

die();

}

[Xeoncross]

if($ip = the address of hacker){

echo 'Gotcha!!!!!!!!!!!!!!!!! ';

die();

}

 

Don't bother waiting until PHP is run to die(). Use the Mod_rewrite above to stop them as soon as the request is made. Or if you have access to the OS setup something at that level.