Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Suspicous attack on web site

  • 11-01-2008 5:54pm
    #1
    ve
    Closed Accounts Posts: 448 ✭✭


    Last week a friend of mine asked me to take a look at his web site as he had content uploaded via a CMS on the site (which he had developed, which was quite basic). Over the last few weeks he said he noticed some content disappearing from the site, so he regularly changed passwords, etc and did what he could.

    Last week I had a look and noticed that a bot (claiming to be from Majestic12 in UK) was hammering his site with requests, and seemed IMO to be the cause. So I implemented a .htaccess fix (as it's apache) which seemed to fend off the bot. Then he calls me again yesterday and said the same thing has happened, and I again looked at the access logs. This time I have got a similar hammering from what I have come to learn is a SPAM harvester from the logged IP (62.163.32.151), so again I have applied a .htaccess fix to block that.

    But what next?. My friend runs a business and has many compeditors locally that would if they could, I'm sure, cause a DoS to his web site. I don't want to jump to conclusions but I have never seen anyone receive as much trouble to such a low profile web site. I'm just wondering could a compeditor perhaps have registered details of his web site, etc with some dodgy corners of the web to attract such sort of crap. I'm quite paranoid, so I have a problem believing that this is simply a case of bad luck for my mate.

    Any thoughts/advice?


Comments

  • #2
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    could be problem with the CMS - maybe a bug, allowing someone to access more than they should, is that part of the site protected by password?

    could be alot of things really..unpatched software, unpublished vulnerability..etc
    or just random attack


  • #3
    Screaming Monkey
    Registered Users, Registered Users 2 Posts: 218 ✭✭Screaming Monkey


    its not the easiest thing in the world to setup but if you have full access to the server and because your running apache, you could install modsecurity it will give you a little bit more protection, its logging is first rate and you can setup protections for your custom CMS, http://www.modsecurity.org/

    ..after that as Average Joe said it could be any thing "unpatched software, unpublished vulnerability..etc or just random attack"

    Our company runs a lot of web 2.0 m*ck, we get all sorts of random loonies bashing away at the servers..


Advertisement