...
PDA

Web site attackers

vw98034
12-08-2007, 01:53 AM
Recently, I notice one of sites is under attack. The attackers try to post something on it. I collect some of IP addresses. They are rare repeat.

24.47.47.180
24.189.86.162
24.98.78.36
59.30.41.147
59.94.14.102
59.94.108.211
59.93.211.162
60.236.128.181
64.246.18.25
67.68.53.118
69.221.245.37
70.85.173.58
70.87.198.186
70.135.110.126
70.242.191.8
71.91.7.106
72.32.63.146
74.133.235.161
74.224.92.91
75.33.225.28
75.187.147.69
86.104.253.85
89.113.77.134
124.154.69.9
125.173.99.234
200.88.114.166
200.114.11.208
200.226.134.53
201.65.89.189
201.68.68.168
202.70.199.133
203.227.199.101
210.3.233.28
210.10.136.144
216.106.88.171
216.240.129.180
217.172.56.130
217.132.24.143
218.11.212.11
218.246.118.22
221.221.135.123

Any good way to prevent such attack?
GO ILLINI
12-08-2007, 03:05 AM
... what exactly is the website? What is the site driven by? PHP, CGI, ASP,...?
Where are they trying to post? upload with ftp? spamming a 'contact us' form?

your going to have to explain the situation a little...

-Adam
vw98034
12-08-2007, 03:43 AM
... what exactly is the website? What is the site driven by? PHP, CGI, ASP,...?
Where are they trying to post? upload with ftp? spamming a 'contact us' form?

your going to have to explain the situation a little...

-Adam

I don't know what they try to post. What I know is that one posting url is targeted by those IP addresses. They keep hitting the url and the url only. They are blocked by login requirement.

Another type of attack I notice is that the sign on form is a under attach too. The url is hit by a pair of user name and password many times a day.
vinyl-junkie
12-09-2007, 07:18 PM
If your server is properly secured, I wouldn't worry about unsuccessful attacks (which I assume these are). Only worry about the successful ones.
GO ILLINI
12-10-2007, 03:13 AM
I agree... Your doing all you can. You are stopping the attacks. There is nothing you can do to block incoming connections. You might try and add some sort of "you've used up your failed login attempts" feature or something...

if you really really hate the connections...:
The other thing you could do is block all IP's except for the IP's of known valid users... Of course this inst all that plausible with dynamic IP's, but you could create some sort of uploader that the clients could install and update your allowed users list...

-Adam

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum