You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 300 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Some sort of attack? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Trek
Nuke Cadet
Nuke Cadet


Joined: Apr 17, 2004
Posts: 6


PostPosted: Sun Oct 24, 2004 12:32 pm Reply with quoteBack to top

Nuke 7.4

Recently I've been seeing hits to my modules.php without any parameters.

Normally, this is no big deal, who cares... however today I was hit by about 350 different IPs all to this exact module. Basically killing my site by bringing the CPU usage way up.

A check of the IPs shows that they are pretty much all over the place, nothing really common in them. The hosts were all resolved to the following domains however:

dip.t-dialin.net
aol.com
dip0.t-ipconnect.de

Example:

217.255.12.223 pD9FF0CDF.dip.t-dialin.net
80.137.73.57 p50894939.dip0.t-ipconnect.de
80.144.170.109 p5090AA6D.dip.t-dialin.net

As you can see, it looks like some sort of bot, etc... Anyone know what this is or have any suggestions on how to block it since the IPs are all over the place?

Thanks for any help!
Find all posts by TrekView user's profileSend private message
sting
Site Admin
Site Admin


Joined: Jul 24, 2003
Posts: 1986

Location: Apparently ALWAYS Online. . .

PostPosted: Mon Oct 25, 2004 6:39 pm Reply with quoteBack to top

I have seen something similar recently to the search function of modules.php.

I suggest using a package that will handle these types of requests in turn. (Yes, try sentinel and see if that helps).

I have even gone so far as to replace the search function on the site and redirect the link to a hack page, set it so that no one sees the link. If someone goes to it - they aren't supposed to be there.

-sting

_________________
Is it paranoia if they are really out to get you?

-------------------------------------------------------
sting usually hangs out at nukehaven.net
Find all posts by stingView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
baloch
Nuke Cadet
Nuke Cadet


Joined: Jan 26, 2004
Posts: 5


PostPosted: Thu Oct 28, 2004 4:54 pm Reply with quoteBack to top

I had the same problem with my site, hitting with more than 700+ ip's at the same time, normally the log showed its on index.php or modules.php both of them got hit, tried a lot but couldnt find any solution to this so had to close down the site, i was tired of changing hostings from one to another company no one was able to help, so i'm like without phpnuke noww Sad

was using admin secure, sentinel, protector, nothing helped even tried the dDoS blocker from austin.. didnt work.

it seemed like someone is using a script which loads proxy list, some large number or proxies and hit the site with database queries, couldnt find any solution for this so far.. if anyone have a clue, please let me know so i could start my site again
Find all posts by balochView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.128 Seconds - 524 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::