Code: Select all
95.5.74.195 - - [07/Jun/2014:20:38:22 -0400] "POST /index.php/1.0" 404 81913 "-" "-"Thanks.
HTTP POST spam
-
soja
- This is my homepage
- Posts: 2389
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Fri May 18, 2012 3:20 pm
HTTP POST spam
For the past few nights I have been getting attacked by multiple IPs all spamming my web server with the same HTTP POST.
When they do this, they exhaust the CPU on my 3-core VDS here. Is there anything I can do to filter this specific attack rather than blocking the IPs in the firewall(this is what I have been doing). Filtering in the firewall works, but every night it is new IP addresses.
Thanks.
Thanks.
Not a NFO employee
Re: HTTP POST spam
Someone else may be able to offer better insight here, but if you're able to grab traffic to the VDS and full the detailed dump are the packets staying consistent? If so, you should be able to form a block using that which should stop it before it reaches your VDS.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
Re: HTTP POST spam
Since the packet is a common HTTP request, there is no way I found with the attack tonight to block it without blocking legitimate traffic as well. I blocked 4 more IPs tonight, bringing the total to 41 IPs blocked :/
Not a NFO employee
Re: HTTP POST spam
This looks like a timeout-based attack. Are you running mod_reqtimeout with appropriate settings?
Re: HTTP POST spam
I was not, I am installing it now, and using cPanels recommended configuration for now. Thanks a bunch for the suggestion, John.
http://docs.cpanel.net/twiki/bin/view/E ... commended)
http://docs.cpanel.net/twiki/bin/view/E ... commended)
Not a NFO employee