Site attack

[dachshund]

Hi all,

 

I seem to be coming under some sort of hacker attack by which hundreds of "visitors" go to the index.php page followed by a code which is a number then an equals sign then another number, for example "?1o4t95spb5=8abd1befd07bd4"

 

Does anyone know what this is and how it can be stopped?

 

Thanks

[dachshund]

any ideas?

[dachshund]

or how I can just echo 'invalid request' if they go to an address like that?

[Irate]

Did you modify anything on your server recently?

 

If the access such site, well...

 

Try this.

 

<?php
foreach($_GET as $g) {
if(preg_match("~[\da-zA-Z]+~i",$g)) {
echo "Invalid request.";
}
}
?>

[davidannis]

If you look at the logs are the requests coming from a reasonably small group of IP addresses. You may be better off blocking by IP address. Looks like you have a denial of service attack, which can be difficult to defend against.

 

For more information on DoS attacks see https://www.us-cert.gov/ncas/tips/ST04-015

[dachshund]

it appears the links are being sent out to people as messages on facebook via. hacked accounts. has anyone heard of this happening before?

[davidannis]

Your site may have been hacked and the page index.php is being used to deliver malware. Check your site carefully.