News:

LVCS.NET offers low cost domain registration services.

Main Menu

Suspected Attack

Started by Leirosa, August 17, 2015, 11:08:23 AM

Previous topic - Next topic

Leirosa

Tonight while checking statistics, I noticed that one user had an unusually high volume of bandwidth on one of my sites (on the East server). After looking into the logs, I found out that they were repeatedly loading the same page over and over again. After discovering this, I made attempts to ban their IP. However, I've never had this problem, and never had to do this before, and I suspect I may have edited the htaccess file for that directory incorrectly.

In any case, I'm not able to access the server to edit the file again, and it seems to be down or inaccessible, so I don't know what to do.

The IP of the suspected attacker is 36.74.182.195.

admin

Please send a message to plesk at lvcs dot net with your account username so we can check this out.

You should be able to modify the file via FTP, .htaccess only stops apache from displaying the page.

Please be sure you have changed your database, FTP, and control panel password.

Be sure ALL scripts are up to date.  This includes forum, CMS, etc.  If you are not using a script, please remove it.

Be sure all scripts are setup correctly with proper permissions, no 777 permissions, etc.

Be sure you are running the latest version of PHP that your script can support, i.e. 5.4 or 5.5

Leirosa

Quote from: admin on August 17, 2015, 03:43:10 PM
Please send a message to plesk at lvcs dot net with your account username so we can check this out.

You should be able to modify the file via FTP, .htaccess only stops apache from displaying the page.

Please be sure you have changed your database, FTP, and control panel password.

Be sure ALL scripts are up to date.  This includes forum, CMS, etc.  If you are not using a script, please remove it.

Be sure all scripts are setup correctly with proper permissions, no 777 permissions, etc.

Be sure you are running the latest version of PHP that your script can support, i.e. 5.4 or 5.5

I reverted the file back to the original version once I was able to connect again. I think I won't try editing it again unless I really know what I am doing. Whatever was going on seems to have stopped this morning, but in any case I will send my info in case there's anything that needs to be looked into.

I've been trying to keep up on all this so as not to cause problems on my end, so as far as I know all my scripts should already be up to date, using the latest version of php and such. I've changed all the relevant passwords again to be safe.