PDA

View Full Version : php website under attack by some idiot



stranger12
02-19-2008, 03:54 PM
Hello,
i have a website , which is php intensive (all we do is pull data out of mysql and process it via php)

some idiot claims that he is bring the site down(and hence my webhosting provider) has shut down my website, saying his server is at risk.

Is it really possible that someone is attacking my website(the website got really slow to load)

is it possible, if and if yes, is there anyway to prevent that asshole from doing it.

thanks

ReliableServers
03-04-2008, 06:16 PM
Try installing mod_security.

~ServerPoint~
03-13-2008, 06:01 AM
That might be not due to the server or web hosting provider. That might be due to the script with holes.

cliffdodger
02-20-2009, 01:45 PM
It's absolutely possible that someone could abuse your site and possibly hack into your hosts web server through your script.

A hacker can launch requests from a network of hacked computers to visit your web page thereby flooding the web server with more requests than it can handle. It will bog down the web server and could result in the web server crashing. If this is on a shared web server it would affect the speed of other customers websites.

At this point in time you should absolutely be running php with register globals OFF. If you still have scripts that require register globals to run - have them updated to run without them.

Even so - you still must filter all input before passing it to a mysql query or an attacker could in theory inject code into your program through clever means. By doing so he may be able to manipulate the queries to show himself sensitive data in your database (credit card numbers) or he may be able to implant data in your database for a blended threat - a first step to hacking into your system. They also may not even hack you - but inject information in your database that will get used when your customers visit your site. It may not be 'visible' on the webpage, only in the page source. Then the hacker can set up your website to hack your clients as they innocently visit your web page. A hacker may want to take control of the clients computers that visit your site, or may just listen in for sensitive information being passed around like cc#'s and the like so they can make some fraudulent money.

Don't be one of those businesses that sits by and says "well why would anyone hack my site, we're just a little guy"... there are plenty of reasons for any hacker to hack any site if he so chooses... they may not be directly related to you.

Keep your code secure and make sure you update your web software regularly.

Cheers

bright123
04-26-2009, 12:27 PM
try to block some bots,coz they make multiple connection & this way server load increases.check out your server log, block some unnecessary bots this will definately help you.

BitCore Hosting
04-26-2009, 04:19 PM
tell you host to reassign your ip, that should help

RH1
04-26-2009, 05:20 PM
A host ownt likely do that unless they have an abundent of IP's to give out. If the host just started out, or only has one server or just a few thats not going to be asy for them to do.

One thing as mentioned before is the mod_security
but also get the persons IP and block that from the server.
If your server is running csf should be easy to track and kill pretty quickly