|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
08-03-2011, 04:00 PM
|
#1 |
|
Confirmed User
Join Date: Mar 2003
Location: Very small penis
Posts: 5,809
|
Server experts, can a "new IP each time" burst attack be stopped?
Server experts, can a "new IP each time" burst attack be stopped?
proxypass can do this if IP's are used more than one time.. but if the attacker uses a new IP on each un/pw combination he tests, can the attack then be stopped? |
|
|
|
08-03-2011, 10:57 PM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 9,228
|
sometimes bots send http/1.0 requests instead of 1.1. Turn on logging and see what kind of requests you are getting.
__________________
Mechanical Bunny Media Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development |
|
|
|
|
08-04-2011, 12:03 AM
|
#3 |
|
..I Heart Cannibal Corpse
Industry Role:
Join Date: Sep 2007
Location: California
Posts: 4,327
|
yes, but that is custom htaccess, treat it like a proxy
__________________
... |
|
|
|
|
08-04-2011, 12:48 AM
|
#4 |
|
Confirmed User
Join Date: Aug 2009
Posts: 478
|
If it's a dictionary attack a pattern sequence can be recognized.
This can be stopped in several ways. Does your host not do this for you? I will lend you a hand if you like. Some tips: If the ips are all the same C Class, just block the C class. If the ips are all coming from the same provider, block their asn at your router until they acknowledge and fix the problem. :-) |
|
|
|
|
08-04-2011, 03:05 AM
|
#5 |
|
Confirmed User
Join Date: Jan 2005
Posts: 2,270
|
Although not impossible, the chances of your member site being picked out by an attacker who is only taking 1 ip per connection is a bit odd. The best way to deal with this is to keep a log of connections to the server, and then go through them. There is a good chance that even though there is ip rotation going on, they are using the same cycle of ips sooner or later. If not there is other ways to deal with this issue. Feel free to contact me, and allow me to look into your issue. I will find out whats going on and figure out a solution for you. My services would be free to till the point of resolving it.
Let me know. peace
__________________
E-mail marketing - Automation Scripting - IP Space AIM: splitjoelp ICQ: 254759453 skype - splitjoelp 702-941-6465 |
|
|
|
|
08-04-2011, 05:22 AM
|
#6 |
|
Choice is an Illusion
Industry Role:
Join Date: Feb 2005
Location: Land of Obama
Posts: 42,635
|
If this is an ongoing issue, or concern, or yours than you should look at DDoS Protection from a company called "fortressitx". They offer something they call "special sauce" to help mitigate things like this. It is costly, but if this is going to be an ongoing hassle, shell out the cash and look into their solution.
Good luck. |
|
|
|
|
08-04-2011, 08:34 AM
|
#7 |
|
Confirmed User
Industry Role:
Join Date: Jan 2003
Location: In a Tater Patch
Posts: 2,321
|
We deal with these attacks time to times. I'm not going to get into how we block it or what we look for and/or what we use to block it but yes, it is blockable and easier than many would think.
__________________
Managed Hosting - Colocation - Network Services Yellow Fiber Networks icq: 19876563 |
|
|
|
Submit 
