Way To Block Too Many POST Requests
Apr 17, 2007if there is a rule to add to firewall or mod_security to ban any IP which is sending more xx number of POST requests to the same URL?
View 6 Replies
ADVERTISEMENT
Redirect Or Block POST Request With .htaccess
Apr 22, 2009if there is anyway to block/redirect the POST request to another page using .htaccess ?
The reason is my site is getting hammer with DDOS attack where they target my index page with request like below: ....
Should I Block Ping Requests
Jul 25, 2009Should I block ping request to my servers from WAN?
View 12 Replies View RelatedBlock GET Requests To Specific Files
Apr 12, 2009I am getting a lot of GET requests from different IPs to 4 nonexistent PHP files on my server. Is there any way to block the requests to avoid the resources use of apache that these requests are generating?
I have installed mod_security but Im not sure about how the block rule should be.
The requests are going to images/log.php, images/log2.php, images/log3.php and images/logi.php of one of the sites hosted on the server, is there any way to block there requests for a specific domain or path?
Block Http Requests Coming Via Proxy
Jun 24, 2007I want to block all http requests coming to my website via proxy. Is there any way/script to achieve this on the server?
View 5 Replies View RelatedCan't Post With @ Symbol
Sep 14, 2006I am running on a VPS system, and I have some auction software and I run Vbulletin as well..
When someone trys to do a Private MEssage via Vbulletin using anything with the @ in it.. Like an e-mail address. And hit submit, it says " /private.php access is denied.
But it also does it when I post news in the auction site. Which leads me to believe their is something screwed up with one of the server settings.. But I dont know what?
Another Vaguhost Post
Feb 4, 2008Well i started off with them in december. here is my review
- Waited a week after payment for service. ticket replys "will be up tonight" or "working on it now" now came a week later.
- then when it did come online cpanel/whm licence was invalid, resulting in 4 more days of "will be fixed today" replys to my tickets
- finaly server up and whm working, fantastico licenc invalid, here foes another 5 days
- same time as fantastico: whmcs licence invalid guess how long? (had to threaten to cancel to get it)
Dispite all this when i finally got online they promised a free month for the issues, server ran great for about a week and i was happy at this point.
then ran into several small issues, ftp shutting down, site downtime, not being able to edit files and folders, nothing major just little things, but lots of them.
cron issues, RV took a week to get installed. wrong amount of ips that to this day was never corrected.
support tickets started to disapear, and respond times grew massivly, bandwidth exceeded pages sprung up daily and randomly on all mycustomers pages, and mail to this day has never worked properly.
then i get invoiced in the middle of jan for another 3 months. not only did i not have my time i paid for but didnt get the free month for the issues, at this point they try to upsell me to pay the full year at discounted price and my issues still are not fixed.
At this point im through with this, i havent spent 3+ years building the customers i have to loose 3 in 1 week due to there serice. After seeing other simmilar posts here and how they reject refunds, I was promised in both msn chat and there own ticket system they DO offer a money back guarantee and have 7 screen shots of different convos with it being guaranteed. PayPal will not interfere as its a service therefor if i do not recieve 2 of the 3 month i have paied fore i am doing a credit care charge back.
Jeff has lied far too often. We have even checked into his "Llc" which he is most definetly not. and this is illegal.
Jeff when you read this no BS responces not "we dont refund" this is not a choice for you, it is an understanding on my part that you keep one of the three months payment or i will do a 100% credit card chargeback which will result in your paypal deducting it and charging you $15 for the process. refund 2 months, and i want it this week, not next month. Dont bother deleting my tickets and email/msn convos i have everything screenshoted. your a crook, and a fraud. I cant believed that in between all this the 1 or so week it did somewhat work i actually posted positive reviews and supported/defended your business.
Remote POST
Jun 4, 2007how can i forbid POST to be sent from outside website and allow it to be sent from the website of origin like if you are on domain.com POST command must be allowed only if you are sending it from taht domain/referer?
View 9 Replies View RelatedPost Command Details
Apr 6, 2007In httpd-status i see that some IPs hardly sending POST command to index.php but can i somehow find out what exactly they are trying to post and into which form on that page ?
View 5 Replies View RelatedPost Your CSF Score & Warnings
May 26, 2007We were able to get the score up to 62/70. Will need the server management company's advice and help to try and get rid of more of the red warnings.
What is your score and which red warnings do you have left? Post them please.
Score: 62/70.
Will ask server management company about these red warnings:
A1. /dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
A2. You should install the mod_evasive apache module from source to help prevent DOS attacks against apache. Note that this module breaks FrontPage functionality
A3. You should modify /usr/local/lib/php.ini and set:
enable_dl = off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in php.ini
A4. On most servers anacron isn't needed and should be stopped:
service anacron stop
chkconfig anacron off
chkconfig --del anacron
Probably going to leave these red warnings for now:
B1. For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication. For more information read this article and this article
B2. You should modify /usr/local/lib/php.ini and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
B3. To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable phpsuexec when you build apache/php. Note that there are sideeffects when enabling phpsuexec on a server and you should be aware of these before enabling it
B4. You have package updating disabled, this can pose a security risk as OS vendor and cPanel security updates may not be applied in a timely manner WHM > Update Config >cPanel Package Updates > Automatic
Gigenet: Post-migration Review
Oct 17, 2009It's been close to a month since we've migrated away from our former provider to Gigenet, and after monitoring the activity and health of our new servers, I felt it was time to write a review.
This isn't about bashing our old partners, the data center and our former managed hosting provider. I'm leaving names out of this, and I'll appreciate it if the couple people on WHT who know our old providers keep that info to themselves, because this is not about them; it's about Gigenet.
Support
Tickets/support is about as good a place as any to start. Our old setup had all management running through our managed hosting provider, and tickets were either closed unanswered, or we might wait days to get a response, which was too often less than helpful.
Our setup now includes standard management through Gigenet, and we've contracted Rack911 to handle management of some very specialized services and security requirements we wouldn't expect Gigenet or any other data center-based management team anywhere to handle. That's another (very positive) review for another day.
During the course of migrating (five servers during three weekends), we opened perhaps 10 tickets regarding server config, IPs, provisioning certain services, etc., and the longest we had to wait for any ticket to get answered was 9 minutes. In all but one case, the first response resolved the ticket - the remaining ticket did require more back-and-forth communication, which is to be expected. Even better, instead of hearing about everything that can't be done (something we'd come to expect from our previous provider), they focused on what could be done, and they did it. Things were handled properly and professionally every time.
Best of all, I can actually call my admins or chat with them, sort out issues in minutes instead of days or months.
Hardware Performance
Despite how much happier we are with the response we're getting from our admins, this benefit pales in comparison to the performance increase we've seen since we moved.
We have a single client who accounts for three of the five servers we're hosting right now. Again, I'm leaving names out, because this is not their endorsement of Gigenet - it's our endorsement. The performance boost we've seen since moving has been nothing less than astonishing.
Of those three servers, let's consider the old Web server config:
- Xeon Quad Core, one of the mid-2008 E series
- 6GB RAM
- Public 100MBPS connection
- SATAII 250GB HD
And now the new Web server:
- Core i7 920
- 8GB RAM
- Public 100MBPS connection
- 10k Raptor 147GB x2, RAID1
So, it's a step up. Is it a significant step up? I'll leave that to hardware geeks to debate. But I don't think anyone can argue that the increase in hardware does not match the increase in performance when you look at these numbers:
Old Web Server
Typical Load: 2 - 5
High Traffic Load: Always 15+, often 40+, sometimes reaching 200+ and requiring a restart
Typical Idle: 85%
High Traffic Idle: 0%, and it could stay buried for 15-30 minutes at a time!
New Web Server:
Typical Load: .1 - .3
High Traffic Load: .5 - 1 (I've only seen it go above 1 twice)
Typical Idle: 95-100%
High Traffic Idle: 80-90%
We have even more revealing numbers from when we did some post-migration stress testing. I won't get into details here (I might be doing a more thorough write-up about this in the future), but the general conclusion was that the new server could handle 6x the traffic of the old server and still serve pages faster than the old server did even with all traffic already routed off that server.
I attribute this to three things (caveat: I'm not a hardware expert, and this is my best guess).
1) The hardware is a step up, and that will account for some performance boost.
2) Rack911 optimized this server from day one.
3) The components/build are simply higher quality.
If you happen to know the client who uses these three servers, again, please keep this info to yourself, but try surfing their site now, and you tell me whether it's faster, like maybe 3-4x faster! They've been getting quite a few people complimenting them on their site's performance over the last few weeks. I'd like to take credit for that, but I can't.
----------
So there you have it - another satisfied customer of Gigenet (and Rack911). I hope over time my experience with them continues to be the same quality it is now. We're paying a bit more than we were before (for both hosting and administration), but we're getting so much more for our money!
WiredTree 1 Year Review (Re-Post)
Mar 24, 2009I have been a WiredTree customer for about one year and I am very happy with their services. One of the top VPS providers available on the world, WiredTree runs its servers in its own datacenter and it is the real peace in mind company. On January 15th 2008 I've started a VPS 512 in WiredTree using a a WHT promo offer and encountered not only one problem with billing, hardware, software, support!! I'm running 16 monster websites of my selected customers on this VPS under cPanel optimized for VPS release 4-R32603 - WHM 11.24.2 - X 3.9. OS: CENTOS 4.7 i686 on Virtuozzo. I've recently rebooted my VPS by command line (SSH) due a new app install exigence and this task was performed in few seconds without only one problem with cPanel!! The VPS 512 has this spec:
WiredTree Fully Managed VPS512 with Cpanel
* Intel Dual Xeon Clovertown (8 CPU Cores)
* 512MB Guaranteed SLM RAM
* 2048MB Burstable RAM
* 500GB Bandwidth (100Mbps Uplink)
* 50GB RAID-10 Disk Space
* Fully Managed - 24x7 Toll-free Phone + Helpdesk Support
* 24x7 Proactive Monitoring and Service Restoration
* ServerShield Server Hardening
* 4 Dedicated IPs
* cPanel / WHM
* Virtuozzo Power Panel
Nightly Off-Server RAID Backups included
A great point in this VPS 512 is the number os disk inodes allowed for its 50GB disk space: 10,485,760 (in generally default VZPP disk inodes for 50GB are only 600,000). Disk inodes number it is a very important item in VPS spec because with much disk inodes you can host much directories and subdirectories; if the inodes number is little you will fill an entire virtual HDD (your VPS) quickly if you are hosting websites with a long files tree.
I did my order using the verified corporate PayPal account of @Macarlo Networks, Inc. and in few hours I received a phone call from WiredTree and then, few minutes after this, the welcome e-mail with my login. WiredTree is not a reseller and control it's own NOC in Chicago, Illinois, a best point for all bandwidth requests from U.S. and other countries.
My rating after one year with WiredTree:
Uptime: 10/10
Management: 10/10
Support: 10/10
Price: 10/10
Billing: 10/10
Domain for verification: http://macarloshark.com/
For evaluate the WiredTree's VPS 512 for this review I hosted there the above referred 16 websites, all setup in few minutes by cPanel version 11.15 with Fantastico De Luxe and more...Using a tarball downloaded also in few minutes from our external backup server, in Nedw York (BQBackup) I put all 16 websites data in my VPS 512, registered in my partner Dotster, Inc. the new name servers for macarloshark.com and after the propagate proccess I started all websites just fine and in high speed, including for same extra-heawy webpages we have just for evaluations on VPSs and physical dedis.
Then I started the WHT Unixbech test on January 2009 and see the output below: ....
Mod_secuirty POST Payload Error500
May 9, 2007I've been having problems with the server company. These have been based around me getting an error 500 (SQL injections from CRITICAL to EMERGENCY) in mod_security when testing out a CMS built using PHP and MySQL.
After months of reading about internet security, SSL, XSS, mod_security docs etc. etc.
I've managed to get the 'add' page working by escaping the $_POST stuff and making things in general less dynamic in order to make the SQL statements less open to attack and avoid getting the error again.
Now I'm back to the 'edit' page and I seem to have escaped everything and basically built it in exactly the same way as the add.php page, except using different SQL and a little SQL beforehand to drag out the database entry, and I'm still getting error 500.
The error logs still claim this is a $_POST payload attack, but I can't see where this could be coming from.
Does anyone know where it is likely to be coming from (form hidden inputs, what you can/can't put in the SQL statement, anything like that)?
Who Like To Post Your Websites Hosted With Faskvps Or Sarora
Mar 30, 2009Who will post your websites here hosted with faskvps or sarora?
I saw so many reviews about them, but seldom see the websites with these two hosting companies.
This Is 2 Months Update For My Old Post About Serverboost.com And Its Good
Dec 30, 2008This is a 2 months update for serverboost.com hosting and i must say i was wrong when i said they are a gold hosting, because they are more than a gold hosting. I am sorry serverboost because i said that, they are your only friends in the time of need. When everything goes wrong in your website this the adress you need to remember and this only. So i thought to myself wait this is not gold. this is more than that. This is friendship and it worth more than gold. I feel like i am home , its your new family and this is worth mre than gold pireod. Experience 10/10 Bandwith 10/10 Availbility 10/10 Support 10/10 They use a datacenter in Netherlands on We-Dare network.
and remember if you think there prices is a little high just contact them in the chat and i am sure you will never go out.
my website is [url]
Post Install @Base Packages On CentOS 5
Oct 3, 2007Wondering if anyone know how to install all the packages for the @Base category in the CentOS 5 install from yum. I did not check this during install and can't figure out an easy way to see and install all the packages in the @Base category.
Also tried some searching and can't seem to find a way to install package groups from yum.
Apache Logs - Viewing POST Data
Mar 20, 2007I suspect that somebody is trying to do SQL injections on one of my websites. Is the POST information that is send using forms logged anywhere so I can read it in the same way I can read the GET requests in Apache logs?
View 6 Replies View RelatedPlesk 11.x / Linux :: Cannot Send Big Files With POST
Dec 12, 2013I have a problem with file upload. I changed php.ini files in /etc/php5/cgi and user and php.ini to work with big files. I changed accordingly max_filesize, post_max_size, memory_limit.Also changed suhosin memory_limit and some other stuffs. I cant get files bigger than ~100MB to be sent through forms with post! Below is ok.Is there any method to do this with plesk 11.5?? I saw docs on this particular topics with plesk 10 on internet but nothing for plesk 11.
View 8 Replies View RelatedWhat Is A Fast Host That You Users Can Post Adult Content?
May 8, 2008looking for a a quality webhost where users can post adult content. Know any?
View 6 Replies View RelatedOpen Port 3000 On Server For Canada Post
Feb 19, 2008How can I open port 3000 on my linux server.
I need it for Canada Post live shipping quotes.
Submitting POST Info Triggers A Request To Download The Page
Jan 17, 2007Not sure if this is the appropriate forum to post this question in. If so, please move to the correct forum.
Anytime some creates a new thread or sends a new pm, it will ask them to download the .php page after submitting the POST. I am wondering if anyone else has had this problem and what can I do to resolve it?
Over 200 Requests Per Second From The Same 5 IPs
Oct 19, 2009I block them in htaccess but their repeated attacks is making my server load crazy.
I installed AFP but it doesn't do anything, where do I set rules on automatic blocking?
HTTP Requests With Crontab?
Apr 20, 2005I set up a cron to run every minute & I'm running a PHP script by way of cron like
wget http://example.com/some_script.php
Now does each request of Cron is a seperate HTTP Request or what? Say my script takes more than 1 minute to execute completely but before its completed, its called again. So, will that effect the PHP script running because of previous HTTP Request or will it create a new HTTP Request & let the previous request finish its operation? Technically, it shouldn't block/affect the previous request, but I'm not sure!!
Server Sending Bad Requests
Jul 25, 2008my server is still effed up from the MPack attack that I received.
I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?
72.233.79.2 (malwarebytes.org) Server Log:
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/errors.php?error=[url][unique_id "tNAGeH8AAAEAAEsfD7wAAAAO"]
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/forums/errors.php?error=[url][unique_id
"tNAPAn8AAAEAAD7mqWQAAAAl"]
[url]is the RKHunter scan log
[url]is the ChkRootKit scan log.
I'm going through this thread right now:
[url]("How-to detect a possible intruder?") and I've come across a handful of hidden directories:
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xh
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xhide.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/convertxdccfile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_admin.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_dccchat.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_display.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_main.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_md5.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_misc.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_statefile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_transfer.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_upload.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_utilities.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/convertxdccfile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_admin.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_config.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_dccchat.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_defines.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_display.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_globals.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_headers.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_main.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_misc.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_statefile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_transfer.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_upload.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_utilities.c
I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do:
rm -fr "/arcade/images/. /"
and then locate ". "
I still get:
/home/mifbody/public_html/vbulletin/adserver/banners/.
/home/mifbody/public_html/vbulletin/alice/src/admin/.
/home/mifbody/public_html/vbulletin/arcade/images/.
Pending Requests To Mellowhost
Oct 31, 2008I think mellowhost has gone now,
I have some pending request and helps request.
there is nothing to reply.
even the ffmpeg services have some error and they only 3mb allow to upload file.
i dont know happen to this company...
I post here not for bad reviews, otherwise to call their attentions.
because even i use the forums for mellowhost, and submit some tickets. nothing response from them.
Over 1000 Http Requests
Jan 12, 2008Quote:
netstat -anpl|grep 80|grep 74.xx.179.xxx|wc -l
990
I observed too many http requests into the server, so just wonder how your guys twaek server to accept over 1000 request and more?
Wierd Httpd Requests
Mar 3, 2007I've just been having a look through my logwatch e-mail, and have seen the following that I've not seen before:
Code:
A total of 3 unidentified 'other' records logged
GET http:/ /74.52.21.101/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.100/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.102/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
NB. I've added a space in the URL to break the link.
what is happening here, as this looks to be something dodgy.
What Else Would Be Blocking HTTP Requests
Jan 19, 2007I have a guy who can't get to any of the 100 or so virtual hosts on my RHEL3 server.
It's running the latest Apache RPM from RedHat. I also have mod_evasive and mod_security running.
Here's what I know. The guy *CAN* connect via SSH and FTP. The guy *CAN* see the default web page when he hits the IP in his web browser (e.g. he types [url]into the address bar on IE). But when he uses any of the host names on the server he *CAN NOT* see anything. He gets timeout errors.
His IP in NOT in ANY error logs, it's not in mod_evasive or mod_security, it's not in IPTABLES, it's not anywhere I can see.
I must be missing something. Anyone have any ideas?
What would be in front of Apache blocking his requests?
# Of Apache Requests - Modify
Feb 8, 2007I have a dedicated box with softlayer and I have noticed at varying times the past few months that with sites we host, sometimes the connection times out (I'll try to access like 5 or 6 sites within 30 seconds or so and they all drop, then a minute later they load fine).
I opened a support ticket and they said it usually has to do with the # of requests Apache can handle, and that this can be modified. They stated they could: "tweak the apache configuration file in this server that can make it possible to handle more requests."
So my question is what should the # of requests be set to? (I'm not sure what it is now, but I assume whatever the default # is).