dachshund Posted August 24, 2013 Share Posted August 24, 2013 Hi all, I seem to be coming under some sort of hacker attack by which hundreds of "visitors" go to the index.php page followed by a code which is a number then an equals sign then another number, for example "?1o4t95spb5=8abd1befd07bd4" Does anyone know what this is and how it can be stopped? Thanks Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/ Share on other sites More sharing options...
dachshund Posted August 25, 2013 Author Share Posted August 25, 2013 any ideas? Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446717 Share on other sites More sharing options...
dachshund Posted August 25, 2013 Author Share Posted August 25, 2013 or how I can just echo 'invalid request' if they go to an address like that? Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446719 Share on other sites More sharing options...
Irate Posted August 25, 2013 Share Posted August 25, 2013 Did you modify anything on your server recently? If the access such site, well... Try this. <?php foreach($_GET as $g) { if(preg_match("~[\da-zA-Z]+~i",$g)) { echo "Invalid request."; } } ?> Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446722 Share on other sites More sharing options...
davidannis Posted August 26, 2013 Share Posted August 26, 2013 If you look at the logs are the requests coming from a reasonably small group of IP addresses. You may be better off blocking by IP address. Looks like you have a denial of service attack, which can be difficult to defend against. For more information on DoS attacks see https://www.us-cert.gov/ncas/tips/ST04-015 Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446747 Share on other sites More sharing options...
dachshund Posted August 26, 2013 Author Share Posted August 26, 2013 it appears the links are being sent out to people as messages on facebook via. hacked accounts. has anyone heard of this happening before? Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446769 Share on other sites More sharing options...
davidannis Posted August 26, 2013 Share Posted August 26, 2013 Your site may have been hacked and the page index.php is being used to deliver malware. Check your site carefully. Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446838 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.