CMS Made Simple Forums

I just checked my access logs from last night and several different IPs are running a repetitive script that adds "/index.php" to the end of the url until there are around 300 "/index.php/index.php/index.php....".  One IP ran it for one hour with 1200 entries and used 12MB.
IPs:
213.98.138.81
200.182.225.143
210.128.205.131
69.13.193.162
213.211.129.186
67.19.240.202

I blocked these IPs, but there should be a way to prevent it.  Has anyone else had this problem?  Can I add a line to the .htaccess to rewrite if more than one index.php is executed?  If so, how should this be written?

Thanks-

the question is... did it cause any problems.

Stupid nerds can try all combinations of URLS all they want, it's really only a security issue if it causes havoc and corrupts your site.

Otherwise, you can block IP's and/or use mod_security or something to prevent the ddos stuff, but it's not a security problem, just bandwidth thieves.

You are correct, I do not think it did anything more that steal bandwidth.  I viewed DOS as a security issue.  Sorry if I mis-titled. 

Do you have any suggestions or resources to obtain information to prevent this - I have researched on the internet without success.  I thought maybe someone else might have experienced the same issue and resolved it.

mod_security is the only way, and I'm no regex guro.  but they'll still steal bandwidth

OK - thanks. 

If I find something that works, I'll follow up with a post.

As long as you don't have a robust mod_rewrite / mod_security solution you can modify index.php with:

if (strlen($_SERVER['REQUEST_URI']) > 666 ) {
    header("HTTP/1.1 404 Not Found"); exit;
}

only works when the devil is speaking >;0