DDOS attack on my server ?

barnea10

• May 30, 2014 00:50

hello I have some kind of attack on my server i notice that many "latest visitors" urls looks like mydomain.com/customer-service?start=7985 added ?start=7985 to the end sometimes with different numbers and i suspect it cause the server to load for long time in the awstat i see this month only 1.9M hits from United States ... the bandwidth usage is at the skys and i dont know how to stop this and to prevent it on this account and other accounts please advice Barnea

• 

  cPanelMichael

  • May 30, 2014 13:33

  Hello :) You should ensure a firewall is installed to help deal with attacks on a basic level. However, depending on the nature of the DDOS attack, you may need to consult with your data center to see what type of solutions they offer for dealing with more complex attacks on your server. You can search "DDOS" on our forums to review discussions from other threads. Thank you.

  0
• 

  quizknows

  • May 30, 2014 19:52

  You should review the index file of your site (especially if it's a php file, index.php) for any injected code which may execute. Is the "start" variable a legitimate variable used by your application? Would a normal visitor ever hit a page with ?start=7985 or any other value? If not, you could use modsecurity to block the QUERY_STRING "start=" with a custom rule.

  0

Please sign in to leave a comment.