Flooding website.
- Thread starter tired
- Start date
Morohara
Member
- May 18, 2020
- 92
- 55
Deny the request. Check your apache log files the ip(s) should be in there.
The attacks should look like GET requests inside of the file all the requests should be asking for the same file do not block ones that are requesting SWFS which you can read by reading the full line. Normally they'll be GET then some numbers like this.
186.54.141.146 - - [20/Jan/2014:19:32:06 -0500] "GET /?458741274224646000 HTTP/1.1" 200 440 "Website" ""
This is for a layer 7 ddos attack. Which are incredibly easy to stop by just adding some rules to your iis to block a connection after x amount of attempts at the same request.
The attacks should look like GET requests inside of the file all the requests should be asking for the same file do not block ones that are requesting SWFS which you can read by reading the full line. Normally they'll be GET then some numbers like this.
186.54.141.146 - - [20/Jan/2014:19:32:06 -0500] "GET /?458741274224646000 HTTP/1.1" 200 440 "Website" ""
This is for a layer 7 ddos attack. Which are incredibly easy to stop by just adding some rules to your iis to block a connection after x amount of attempts at the same request.
Last edited by a moderator:
airilxx
Member
- Jan 1, 2012
- 51
- 12
Do you use CloudFlare? If yes, you can easily block those incoming attacks by filtering their ASN/Country. However you'll need to capture their details first by enabling Under Attack Mode. Then you can proceed blocking them out.
Or you can request logs from CloudFlare Support, just let them know the the date and time of incidents and they'll provide attack logs for you.
I've used these methods previously as I've been a victim of some high-scale botnet attack several months ago.
Or you can request logs from CloudFlare Support, just let them know the the date and time of incidents and they'll provide attack logs for you.
I've used these methods previously as I've been a victim of some high-scale botnet attack several months ago.
