PDA

View Full Version : Attack on My Website



Roy Beardmore
02-03-2012, 04:23 AM
I need some help
My hosting company has stopped my website "RoyMech.co.uk" because it is receiving massive traffic from global sources. +1000 times more than normal.
The queries on my webpage seem to be from legitimate computers (possible infected with malware). Can anyone advise why this is occurring and what I can do about it.

HTMLBasicTutor
02-03-2012, 01:46 PM
Do you know where the main batch of visitors are coming from? Country? IP address or range?

Roy Beardmore
02-04-2012, 06:15 AM
No... I have been given a list of DNS numbers/time and in about 2minutes there are litteraly 100s of different numbers .The seem to come from all over the world. Many are the same number with different #xxxx after them.

HTMLBasicTutor
02-04-2012, 10:23 AM
Many are the same number with different #xxxx after them.
That would indicate a IP range.

You can look up some of them at IP-Lookup (http://ip-lookup.net/) to determine what country and ISP they are from. With that information you can get a list of IPs from the ISP to deny access to your site.

Todd W
02-04-2012, 02:41 PM
Why don't you block the countries you are not interested in having visit ?

Roy Beardmore
02-09-2012, 02:52 AM
Hello again thanks for the comments . I have gone through the list of DNS numbers (about 800-1000 visits/s) resulting from 10 minutes activity . They are from all over the world US ,UK ,Turkey, China, Russia.... I am at this time in the hands of my website hosting company.

Is it possible for a server to include a switch which simply turns off access if
the rate of visits exceeds say 5/s and then turns it back on again after 10 minutes.

HTMLBasicTutor
02-09-2012, 12:21 PM
Have you asked your web host about throttling?


Throttling/Disabling
If for whatever reason your sites increased traffic causes problems for the server it may be necessary for the support department to "throttle" your site (restricting the number of simultaneous visitors or maximum throughput, etc.) or possible even disable it. This is done in fairness to the other customers on your server. Remember that you're on a shared hosting platform (hosting plans L1 - L4) and one customer cannot jeopardize the operation of the server for all of the other customers. However, we will do what we can to keep your site up as best as we can. We may even be able to offer suggestions as to what you can do to modify your site to handle the increased traffic or whatever may be happening to adversely effect the servers. Note that this "throttling" is NOT the same as "Bandwidth Throttling" mentioned below! If it is necessary to throttle your site for some reason the support department will contact the owner of the account with the details. If there is a problem with your site that you can resolve, once you've resolved it we will most likely be able to reduce (or completely remove) the throttle that was put in place.


http://wiki.dreamhost.com/Expecting_increased_web_traffic#Throttling.2FDisab ling

Actually I'm surprised they didn't offer/suggest this. You are obviously under attack by a bot.

Roy Beardmore
02-11-2012, 05:12 AM
Thank you very much for your helpful comments I have now checked out throttling as a solution. I am not sure this works against a DDOS.

I now believe I sm subject to a DDOS(Denial of service attack) . I do not know how I can be protected against this without spending a lot........

HTMLBasicTutor
02-11-2012, 06:05 PM
Tried to find something for you but DDOS attacks are hard to solve. Most solutions were at the server level.

You web host should be looking into this.

If they are not willing to help, think it's time to move on. ;)

Roy Beardmore
02-17-2012, 06:16 PM
Hello again
I have moved my website "Roymech.co.uk "to a hosting company which includes DDOS protection as a selling feature. For five days now my website has been on line. The hosting company is "DDOShostingsolutions.com" I am hoping this is the solution. I am a bit nervous though because although my website has been in continous opereration, on two occasions in the same time period , their support page has been down !!.

HTMLBasicTutor
02-17-2012, 08:49 PM
Hope everything works out ok for you there.

Do you get some kind of report if you become under a dos attack?

Chris
02-18-2012, 06:27 AM
I regularly use countryipblocks.net to find countries I wish to ban, in fact I used it just now.

How much advertising revenue do you get from russia or china? None. If you got an order from one or the other would you fill it? Not likely because it is usually a stolen credit card. So why give them access to your site at all when 90% of malicious activity and spam comes from them?

Todd W
02-20-2012, 05:54 PM
For most sites I find just allowing USA/Canada/AU/Europe is fine.

Obviously it depends on the site but sure is faster to allow vs deny :D :D

User agent control is another thing to watch even though it can be faked still good to keep an eye on.