Some Fu** is attacking my website

B

Bross

Senior Member

Feb 6, 2010

859

355

• Aug 13, 2010

• #1

I logged in to my stats today.
Found over 2000 requests (full bandwith visits) one following the other.
Each request comes 3 seconds after the other. This looks like a DOS attack.

This is a nice website I have. 100% whitehat, 100% unique content. Good positions.
Any suggestions? I have the referring site.. (competitor); but I assume it must be someone just trying to screw him over.. He cannot be that stupid.

If this keeps coming my server will go down..

What u suggest BHers?

 

NulledCode

Elite Member

Jr. VIP

Jun 10, 2010

2,146

1,542

• Aug 13, 2010

• #2

Contact your hosting provider, they should be able to handle it. I think cPanel has an IP Deny Manager or something like that. I never used it so I'm not sure what it does but it sounds like it could help you?

 

B

Bross

Senior Member

Feb 6, 2010

859

355

• Aug 13, 2010
• Thread Starter Thread Starter

• #3

Thanks for the heads up guys. Hosting is on it.. I wish DOS was legal for a nice payback. If you have any creative ideas feed me up

 

Last edited: Aug 13, 2010

The Scarlet Pimp

Supreme Member

Apr 2, 2008

1,336

4,333

• Aug 13, 2010

• #4

learn how to use htaccess, it stops crap like this...

1. http://www.blockacountry.com

2. http://www.the-art-of-web.com/system/hacker-activity/

 

SuperBlackHat

Power Member

Feb 2, 2009

578

117

• Aug 13, 2010

• #5

Its sad that your competitor will try to bring you down in a unscrupulous way rather than beat you legitimately.

 

T

TomasBlackhat

Junior Member

Sep 15, 2009

150

26

• Aug 13, 2010

• #6

^Can't believe you're on a site called "Black Hat World" and just said that.

 

B

Bross

Senior Member

Feb 6, 2010

859

355

• Aug 13, 2010
• Thread Starter Thread Starter

• #7

TomasBlackhat said:

^Can't believe you're on a site called "Black Hat World" and just said that.

Click to expand...

I don't assign the tag "Black hat" to DOSing a competitor website.
You can spam his website with comments, you can blast Xrumer, whatever.. DOS is not blackhat, is screams "I am hopeless, I wish I knew what you were doing".

BH is supposed to be far from hopeless.

 

T

TomasBlackhat

Junior Member

Sep 15, 2009

150

26

• Aug 13, 2010

• #8

I don't assign DOSing to Black Hat either. Much worse, but don't tell me you think spamming comments and blasting Xrumer is a legitimate way to beat someone.

 

C

craigygee

Regular Member

Nov 5, 2009

356

211

• Aug 13, 2010

• #9

Both are illegitimate but it is "Blackhat" regardless and this IS blackhatworld.

 

S

Sanitarium

Regular Member

Sep 27, 2008

312

654

• Aug 14, 2010

• #10

Cyno403 said:

funny, since I made this post... a competitor has launched an attack on my main site, now we are counter attacking...

Click to expand...

 

V

Venture

Regular Member

Jun 25, 2010

333

110

• Aug 14, 2010

• #11

iptables
if your server runs apache, install mod_evasive

 

greentitanium

Senior Member

Feb 8, 2010

1,141

214

• Aug 14, 2010

• #12

i have to say i dont agree.... attacking someones site isnt the same. is there a forum section here dedicated to how to attack websites? there is a difference in talking sh*t about someone and walking up to them and punching them in the face.

 

┼blackrat┼

Senior Member

Jul 31, 2010

980

799

• Aug 14, 2010

• #13

 

L

LyNHS

Regular Member

Jul 20, 2010

281

98

• Aug 14, 2010

• #14

Have you researched mod_security ? That will be hugely beneficial. Trust me.

Also, if you're using cPanel you'll probably have access to your php.ini files - be sure to check the configuration and to see if they're "global" ... changing that will help a lot!

 

C

cruddpuppet

Registered Member

Feb 18, 2009

90

21

• Aug 14, 2010

• #15

Use iptables to point traffic from their server to themselves.

 

bertbaby

Elite Member

Apr 15, 2009

2,025

1,535

• Aug 14, 2010

• #16

The IP blocking might not work and you may want to take closer look at the logs. If they hired a hacker with a botnet you might see the traffic coming from a number of different IP addresses associated with different zombie machines. I'd be interested in knowing what you find.

 

B

Bross

Senior Member

Feb 6, 2010

859

355

• Aug 15, 2010
• Thread Starter Thread Starter

• #17

bertbaby said:

The IP blocking might not work and you may want to take closer look at the logs. If they hired a hacker with a botnet you might see the traffic coming from a number of different IP addresses associated with different zombie machines. I'd be interested in knowing what you find.

Click to expand...

That wasn't something so clever. Had the attack, it took a lot of BW, but the server was OK.
I took the advise here and could indeed put blocks, but since I pay loads to a hosting company... I called them and told them about it + I expect them to handle this without downtime. That's why we have them right?

They added some coding to the core files (blocks I guess) & It was gone.
Everything is OK.. it's over now..

Thanks all.

 

H

holy_spirit

Registered Member

Aug 14, 2009

86

32

• Sep 2, 2010

• #18

Bross said:

That wasn't something so clever. Had the attack, it took a lot of BW, but the server was OK.
I took the advise here and could indeed put blocks, but since I pay loads to a hosting company... I called them and told them about it + I expect them to handle this without downtime. That's why we have them right?

They added some coding to the core files (blocks I guess) & It was gone.
Everything is OK.. it's over now..

Thanks all.

Click to expand...

nice to hear that..

 

Z

zetzux

Newbie

Aug 18, 2010

9

2

• Sep 2, 2010

• #19

Yeah..

 

tacopalypse

Senior Member

Nov 30, 2009

935

2,532

• Sep 2, 2010

• #20

requires a little bit of coding, but..

1. use google to look up a list of known attack sites.

2. make an html file that opens 20 of these sites in iframes.

3. redirect all requests from the offending ip to this html file.

the end