• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 363
  • Last Modified:

stop floading http request

since 5 weeks now ,some one is sending 100s of http request per second and caused the shut down of my forum several times.

is there a way to automaticaly stop this type of attacks?
or a php page that can blcok the ip?
any solution ...
0
uk1900
Asked:
uk1900
  • 4
  • 4
  • 2
  • +1
3 Solutions
 
chops_ukCommented:
You're experiencing DOS (Denial Of Service) . This should be stopped by a firewall configured to drop DOS packets.
What's the forum platform? there's code written for PHPBB which blocks spambots registering.. so doing this may help.. as it could block the IP addresses of other miscreants.. assuming you can't get the host to implement DOS protection for you...
0
 
chops_ukCommented:
I should have mentioned that the DoS attack is *probably* quite low level.. so it's actually stopping your hardware responding, rather than stopping the forum software working, hence the need for DoS firewall hardware service in front of the Forum machine.
0
 
chops_ukCommented:
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
houssam_balloutCommented:
Well I agree with chops_uk , since the firewall helps you with that better than the code,
anyway , take a look at this page:
http://forums.digitalpoint.com/showthread.php?t=67344

0
 
uk1900Author Commented:
hi guys,
I have vbulletin forum running  in VPS. virtuozzo with plesk
about the  Firewall Setup:
---------------------
Firewall is not active now. To activate firewall choose one of firewall operation modes.
Select firewall mode
Normal firewall mode
Advanced firewall mode with default policy Accept
Advanced firewall mode with default policy Drop
----------------------
 
?
0
 
chops_ukCommented:
I'm not sure what the firewall's like..
as you currently have no firewall, you can use either option:
1) activate the firewall and choose default accept .. then implement the DoS prevention
2) activate the firewall and choose default drop.. then open the ports which vbulletin needs (probably 80 for http and maybe ftp).. then then implement the DoS prevention.

2 would be more secure, but more work.. but at least you'd be more secure :)
0
 
khaledfCommented:
I would recommend requesting from you hosting company to install and configure mod_evasive for this kind of attack.
it will block that ip when it accedes the minimum requests per second.
0
 
uk1900Author Commented:

I have no idea how I can implement the DoS prevention!
I clicked on add rule: I got what u see in the: Snippet u can see what
Add Rule   
 
 
General Settings 
Name*  
Policy Accept Drop Reject 
Protocol tcp udp 
Source Address and Netmask  
Source Port or Port Range  
Destination Address and Netmask  
Destination Port or Port Range  
Enable  
Chain Input Output Forward 
The rule's position in the chain 
 

Open in new window

0
 
uk1900Author Commented:
thank you khaledf,
I will check that
0
 
uk1900Author Commented:
any one know how to install mod_evasive ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now