I just checked my access logs from last night and several different IPs are running a repetitive script that adds "/index.php" to the end of the url until there are around 300 "/index.php/index.php/index.php....". One IP ran it for one hour with 1200 entries and used 12MB.
IPs:
213.98.138.81
200.182.225.143
210.128.205.131
69.13.193.162
213.211.129.186
67.19.240.202
I blocked these IPs, but there should be a way to prevent it. Has anyone else had this problem? Can I add a line to the .htaccess to rewrite if more than one index.php is executed? If so, how should this be written?
Thanks-
Another Security Issue
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
Re: Another Security Issue
the question is... did it cause any problems.
Stupid nerds can try all combinations of URLS all they want, it's really only a security issue if it causes havoc and corrupts your site.
Otherwise, you can block IP's and/or use mod_security or something to prevent the ddos stuff, but it's not a security problem, just bandwidth thieves.
Stupid nerds can try all combinations of URLS all they want, it's really only a security issue if it causes havoc and corrupts your site.
Otherwise, you can block IP's and/or use mod_security or something to prevent the ddos stuff, but it's not a security problem, just bandwidth thieves.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: Another Security Issue
You are correct, I do not think it did anything more that steal bandwidth. I viewed DOS as a security issue. Sorry if I mis-titled.
Do you have any suggestions or resources to obtain information to prevent this - I have researched on the internet without success. I thought maybe someone else might have experienced the same issue and resolved it.
Do you have any suggestions or resources to obtain information to prevent this - I have researched on the internet without success. I thought maybe someone else might have experienced the same issue and resolved it.
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
Re: Another Security Issue
mod_security is the only way, and I'm no regex guro. but they'll still steal bandwidth
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: Another Security Issue
OK - thanks.
If I find something that works, I'll follow up with a post.
If I find something that works, I'll follow up with a post.
-
shaimelz
Re: Another Security Issue
As long as you don't have a robust mod_rewrite / mod_security solution you can modify index.php with:
if (strlen($_SERVER['REQUEST_URI']) > 666 ) {
header("HTTP/1.1 404 Not Found"); exit;
}
only works when the devil is speaking >;0
if (strlen($_SERVER['REQUEST_URI']) > 666 ) {
header("HTTP/1.1 404 Not Found"); exit;
}
only works when the devil is speaking >;0
