My site was recently attacked. What do I do?

Posted by ChrisH on Server Fault See other posts from Server Fault or by ChrisH
Published on 2010-05-08T16:12:47Z Indexed on 2010/05/08 16:29 UTC
Read the original article Hit count: 288

Filed under:

hacking

|

attack

|

security

This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour.

What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client?

Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

© Server Fault or respective owner

My site was recently attacked. What do I do?

Posted by ChrisH on Stack Overflow See other posts from Stack Overflow or by ChrisH
Published on 2010-05-08T16:12:47Z Indexed on 2010/05/08 16:18 UTC
Read the original article Hit count: 288

Filed under:

hacking

|

attack

|

security

This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour.

What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client?

Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

© Stack Overflow or respective owner

Related posts about hacking

should i bother to block these- rather lame attempt at hacking my server

as seen on Server Fault - Search for 'Server Fault'
I'm running a LAMP stack, with no phpmyadmin (yes) installed. While poking through my apache server longs i noticed things like. 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "POST http://74.208.75.29:6667/ HTTP/1.0" 404 481 "-" "-" 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "CONNECT 74.208.75… >>> More
The newbie's guide to hacking the Linux kernel

as seen on Internet.com - Search for 'Internet.com'
<b>TuxRadar: </b>"We asked prolific kernel hacker (and Linux Format reader!) Greg Kroah-Hartman to tell us what it takes for newbies to patch the Linux kernel - here's what he had to say." >>> More
China Says Google Never Filed Complaint in Hacking Case

as seen on Internet.com - Search for 'Internet.com'
Confusion continues to muddle the Google/China saga, with Chinese officials saying they aren't -- and are -- in talks with Google about hacking and censorship allegations. >>> More
China Says Google Never Filed Complaint in Hacking Case

as seen on Internet.com - Search for 'Internet.com'
Confusion continues to muddle the Google/China saga, with Chinese officials saying they aren't -- and are -- in talks with Google about hacking and censorship allegations. >>> More
community of linux hackers

as seen on Super User - Search for 'Super User'
Do you know of any community of linux hackers. People who are into hacking from network to workstations. Linux hacking windows pc's and other platforms. Please do only tell sites wherein beginners could join. But if you know of any site that gives a jump start for beginners into hacking. Also tell. >>> More

Related posts about attack

Malware Cross Site Scriptinig attack / XSS Attack?

as seen on Server Fault - Search for 'Server Fault'
I have been hit by an Cross Site Scripting / XSS / RFI Attack, where I cant find it anywhere in the source of the files and Hashes on files have not been changed according to OSSEC HIDS that I run real time monitoring on all webdirs. The Attack happens on IE9 Only it and appends java script code… >>> More
Linux Server Management Nightmare: Attack of the Killer Penguins

as seen on Internet.com - Search for 'Internet.com'
OS Roundup: When it comes to Linux server management, if your Red Hat Enterprise Linux distro isn't supported by Red Hat, is it it still Red Hat Linux, or is it 'Frankenstein Linux'? >>> More
Linux Server Management Nightmare: Attack of the Killer Penguins

as seen on Internet.com - Search for 'Internet.com'
OS Roundup: When it comes to Linux server management, if your Red Hat Enterprise Linux distro isn't supported by Red Hat, is it it still Red Hat Linux, or is it 'Frankenstein Linux'? >>> More
Microsoft Releases "Google Attack" Patch

as seen on Internet.com - Search for 'Internet.com'
The patch protects IE users from attacks like those directed at Google in China last week. >>> More
Microsoft Releases "Google Attack" Patch

as seen on Internet.com - Search for 'Internet.com'
The patch protects IE users from attacks like those directed at Google in China last week. >>> More