dachshund Posted August 24, 2013 Share Posted August 24, 2013 Hi all, I seem to be coming under some sort of hacker attack by which hundreds of "visitors" go to the index.php page followed by a code which is a number then an equals sign then another number, for example "?1o4t95spb5=8abd1befd07bd4" Does anyone know what this is and how it can be stopped? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/ Share on other sites More sharing options...
dachshund Posted August 25, 2013 Author Share Posted August 25, 2013 any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446717 Share on other sites More sharing options...
dachshund Posted August 25, 2013 Author Share Posted August 25, 2013 or how I can just echo 'invalid request' if they go to an address like that? Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446719 Share on other sites More sharing options...
Irate Posted August 25, 2013 Share Posted August 25, 2013 Did you modify anything on your server recently? If the access such site, well... Try this. <?php foreach($_GET as $g) { if(preg_match("~[\da-zA-Z]+~i",$g)) { echo "Invalid request."; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446722 Share on other sites More sharing options...
davidannis Posted August 26, 2013 Share Posted August 26, 2013 If you look at the logs are the requests coming from a reasonably small group of IP addresses. You may be better off blocking by IP address. Looks like you have a denial of service attack, which can be difficult to defend against. For more information on DoS attacks see https://www.us-cert.gov/ncas/tips/ST04-015 Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446747 Share on other sites More sharing options...
dachshund Posted August 26, 2013 Author Share Posted August 26, 2013 it appears the links are being sent out to people as messages on facebook via. hacked accounts. has anyone heard of this happening before? Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446769 Share on other sites More sharing options...
davidannis Posted August 26, 2013 Share Posted August 26, 2013 Your site may have been hacked and the page index.php is being used to deliver malware. Check your site carefully. Quote Link to comment https://forums.phpfreaks.com/topic/281528-site-attack/#findComment-1446838 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.