Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Possible Attack on our site...

Possible Attack on our site... 9 years 6 months ago #21695

  • toddwoo
  • toddwoo's Avatar
  • Offline
  • Distinguished Member
  • Posts: 173
  • Karma: 0
Once a week our website is getting what looks like an attack from the outside. The access logs show 15+ hits a second for over an hour from 66.237.62.116 (XO Communications owned address.) I have emailed This email address is being protected from spambots. You need JavaScript enabled to view it. (the listed abuse email) but have not recieved a responce. Anyone have any ideas what this is? An attack? Some sort of spider? Really Really REALLY Intrested user?

It an attack, why only once a week? Any why only for about an hour? If a spider why soo much soo fast? We can't be the only ones who would feel the "pain".

Any ideas what to do? Sr Admin dosn't want to filter out the range...Any suggestions to limit hit velocity? Other solutions? Any help would be great.!


access.log snipit
66.237.62.116 -- [26/Apr/2007:02:40:26 -0500] "GET /control/contactus HTTP/1.0" 200 25298 "-" "Mozilla/5.0/Gecko/20060808 Fedora/1.5
.0.6-2.fc5 Firefox/1.5.0.6 (X11; U; Linux i686; en-US; rv:1.8.0.6)"
66.237.62.116 -- [26/Apr/2007:02:40:26 -0500] "GET /control/contactus HTTP/1.0" 200 25298 "-" "Mozilla/5.0/Gecko/20060808 Fedora/1.5
.0.6-2.fc5 Firefox/1.5.0.6 (X11; U; Linux i686; en-US; rv:1.8.0.6)"
The administrator has disabled public write access.

Re: Possible Attack on our site... 9 years 6 months ago #21696

  • toddwoo
  • toddwoo's Avatar
  • Offline
  • Distinguished Member
  • Posts: 173
  • Karma: 0
Found some info on this.. Looks like anyone at 66.237.62.0 is a "bad man" or working for "bad men" But I want more to go on than a few posts in a forum i'm not farmilar with, and an the odd reference from a google search.

Anyone with any info please let me know... Aside from wanting to get this straightened out I need the knowledge going forward.. So any good sites to look at.. good news groups to read.. anything would be appreciated.

thanks.!

Todd
The administrator has disabled public write access.

Re: Possible Attack on our site... 9 years 6 months ago #21708

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Don't have any further details on your mystery visitor, but anyone who batters my network gets filtered out pronto. After all, there's nothing I'd ever want to receive from such a person so where's my loss? However if your boss doesn't want to filter the range you could always add a static route on your router redirecting traffic from that range to null or to a dead interface. You could stick this on and remove it as required. It won't keep it off your internet pipe but they might take the hint after a while. Alternatively you could get your ISP to drop the traffic at their end of the link
The administrator has disabled public write access.

Re: Possible Attack on our site... 9 years 6 months ago #21722

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
They are probably looking to see if you are running any webserver with security holes.
Once a week our website is getting what looks like an attack from the outside. The access logs show 15+ hits a second for over an hour from 66.237.62.116 (XO Communications owned address.) I have emailed This email address is being protected from spambots. You need JavaScript enabled to view it. (the listed abuse email) but have not recieved a responce. Anyone have any ideas what this is? An attack? Some sort of spider? Really Really REALLY Intrested user?

It an attack, why only once a week? Any why only for about an hour? If a spider why soo much soo fast? We can't be the only ones who would feel the "pain".

Any ideas what to do? Sr Admin dosn't want to filter out the range...Any suggestions to limit hit velocity? Other solutions? Any help would be great.!


access.log snipit
66.237.62.116 -- [26/Apr/2007:02:40:26 -0500] "GET /control/contactus HTTP/1.0" 200 25298 "-" "Mozilla/5.0/Gecko/20060808 Fedora/1.5
.0.6-2.fc5 Firefox/1.5.0.6 (X11; U; Linux i686; en-US; rv:1.8.0.6)"
66.237.62.116 -- [26/Apr/2007:02:40:26 -0500] "GET /control/contactus HTTP/1.0" 200 25298 "-" "Mozilla/5.0/Gecko/20060808 Fedora/1.5
.0.6-2.fc5 Firefox/1.5.0.6 (X11; U; Linux i686; en-US; rv:1.8.0.6)"
The administrator has disabled public write access.

Re: Possible Attack on our site... 9 years 6 months ago #21723

  • toddwoo
  • toddwoo's Avatar
  • Offline
  • Distinguished Member
  • Posts: 173
  • Karma: 0
Thanks for the info...!!!

I think i'm going to convince the Sr. Admin to filter the whole shebang out.

Todd
The administrator has disabled public write access.
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup