Solved

Denial of Service Attacks

Posted on 2010-09-06
4
557 Views
Last Modified: 2012-05-10
I've just had a request from an old client, (site created 8 yrs ago) that he's having a DOS problem, the site was one of my last asp sites and the info he has sent me is shown below.

Can anyone explain this? Help resolve it or is it a case of a rewrite to ASP.NET in which case I need help with the justification!

The attack scenario is thus:

"Some server sends a request like

index.php?option=com_product&controller=../../../../../../../../../../../../
../../../proc/self/environ%00

This makes your IIS server panic and it uses greater than 100% CPU! The type of request is a DOS (Denial of Service) attack, but it looks like a DOS attack for a Unix based machine, not a Windows machine, but it is crippling your server.

It's something to do with your server not being able to handle a "querystring" (to the right of the "?") with a multiple "up directory" ( the ".." parts) - or maybe just one "up directory".

I've been trying to find something that would redirect the above line to something else (or reject it), but not being successful.

I've heard that this problem can be caused by "bad code" - I've written a dummy index.php on your server, but the crash is caused *before* it even requests the index.php page - so I don't think it's a "bad coding" issue!"

Mark
0
Comment
Question by:markej
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
shalabhsharma earned 250 total points
ID: 33612554
0
 
LVL 11

Expert Comment

by:madgino
ID: 33613087
PHP version? IIS version? OS?
 I would suggest an upgrade of php and latest patches for IIS/OS.
0
 
LVL 11

Assisted Solution

by:madgino
madgino earned 250 total points
ID: 33613125
0
 

Author Closing Comment

by:markej
ID: 33757470
I'm not a Sys Admin, I offered my help to an old client and realised I was out of my depth and wanted some specific answers so I could instrhim on what to do!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now