Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder vw98034's Avatar
    Join Date
    Feb 2004
    Posts
    196
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Web site attackers

    Recently, I notice one of sites is under attack. The attackers try to post something on it. I collect some of IP addresses. They are rare repeat.
    Code:
    			24.47.47.180			  
    			24.189.86.162
    			24.98.78.36
    			59.30.41.147
    			59.94.14.102  
    			59.94.108.211
    			59.93.211.162
    			60.236.128.181
    			64.246.18.25
    			67.68.53.118
    			69.221.245.37
    			70.85.173.58  
    			70.87.198.186
    			70.135.110.126
    			70.242.191.8
    			71.91.7.106
    			72.32.63.146
    			74.133.235.161
    			74.224.92.91  
    			75.33.225.28
    			75.187.147.69			  
    			86.104.253.85
    			89.113.77.134
    			124.154.69.9
    			125.173.99.234
    			200.88.114.166 
    			200.114.11.208 
    			200.226.134.53
    			201.65.89.189
    			201.68.68.168
    			202.70.199.133
    			203.227.199.101
    			210.3.233.28
    			210.10.136.144
    			216.106.88.171  
    			216.240.129.180
    			217.172.56.130
    			217.132.24.143
    			218.11.212.11  
    			218.246.118.22
    			221.221.135.123
    Any good way to prevent such attack?

  • #2
    Regular Coder GO ILLINI's Avatar
    Join Date
    Jun 2005
    Location
    USA
    Posts
    634
    Thanks
    0
    Thanked 7 Times in 7 Posts
    ... what exactly is the website? What is the site driven by? PHP, CGI, ASP,...?
    Where are they trying to post? upload with ftp? spamming a 'contact us' form?

    your going to have to explain the situation a little...

    -Adam
    Why not thank me?

    http://adamsworld.name

  • #3
    Regular Coder vw98034's Avatar
    Join Date
    Feb 2004
    Posts
    196
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by GO ILLINI View Post
    ... what exactly is the website? What is the site driven by? PHP, CGI, ASP,...?
    Where are they trying to post? upload with ftp? spamming a 'contact us' form?

    your going to have to explain the situation a little...

    -Adam
    I don't know what they try to post. What I know is that one posting url is targeted by those IP addresses. They keep hitting the url and the url only. They are blocked by login requirement.

    Another type of attack I notice is that the sign on form is a under attach too. The url is hit by a pair of user name and password many times a day.

  • #4
    $object->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Jun 2003
    Posts
    3,092
    Thanks
    2
    Thanked 23 Times in 23 Posts
    If your server is properly secured, I wouldn't worry about unsuccessful attacks (which I assume these are). Only worry about the successful ones.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    SNAP to it!

  • #5
    Regular Coder GO ILLINI's Avatar
    Join Date
    Jun 2005
    Location
    USA
    Posts
    634
    Thanks
    0
    Thanked 7 Times in 7 Posts
    I agree... Your doing all you can. You are stopping the attacks. There is nothing you can do to block incoming connections. You might try and add some sort of "you've used up your failed login attempts" feature or something...

    if you really really hate the connections...:
    The other thing you could do is block all IP's except for the IP's of known valid users... Of course this inst all that plausible with dynamic IP's, but you could create some sort of uploader that the clients could install and update your allowed users list...

    -Adam
    Why not thank me?

    http://adamsworld.name


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •