Support ⇒ Security ⇒ Site under attack..what to do? ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexSecurity

Site under attack..what to do? Reply to topic


My site suddenly got alot of visitors.No idea what I did to these kids but it was over 380 at one point.It didn't really slow the site at all but it still concerns me.Is there a way I can get the ip of anyone on the site?I tried the raw logs but hard to tell who is legit from there.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache1.3.33/MySQL Version 5.0.81-community-log (client: 5.0.81)/PHP Version 5.2.9/DF9.2.1


Maybe not kids, unless those hits are all sorts of pathetic exploit attempts. Most likely some genuine or wannabe search engine bot - you'll need to lookup the IP(s) and trace it(them) on the net.

If they are hitting too fast, and you have flooding turned on, that system will eventually deal with them.

Since your website is such a secret, maybe they won't find you again 😉

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


I didn't have flooding on at the begining because it tends to ban legit members..I turned it on when I was told of the problem.The visitors were at 100 then.

I turned the forums to registered only(normaly visitors can view) but forgot I had a "last forum posts" center block.That's when it went to 380.I set the center forum block to members only and that seemed to help the most.

I contacted my host to see if they could help but didn't get any info that I couldn't do myself.

The website is a clan website and we have our fist clan match tomorrow.We only have 80 or so members so it was a bit of a surprise.

Not sure what you mean about secret unless it's cause I didn't say.. knightsgaming.com

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache1.3.33/MySQL Version 5.0.81-community-log (client: 5.0.81)/PHP Version 5.2.9/DF9.2.1


Nano added your old www - it was blank when I made my comment.

Well, if the flood system is not an option, and I can understand why, you'll have to resort to IP bans through your htaccess file, or upgrade to 9.2.1 and ban them through the admin security panel.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


EDIT:the flood was turned on for the major part of the attack but didn't catch anyone.

I can ban their ip on my current version but how do I find the ip if they don't login?

I thought I saw an ip log thing before but don't see it now.

Like I said..the host didn't even want to dig through the raw access logs for me.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache1.3.33/MySQL Version 5.0.81-community-log (client: 5.0.81)/PHP Version 5.2.9/DF9.2.1


Well, hosts are like that - impossible for them to deal with such issues.

Install IP Tracker - makes it easy to track mongrels like that.

In any event, their IP should be visible or clickable in the Who Where block.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Phoenix wrote
Install IP Tracker - makes it easy to track mongrels like that.

I agree. IP Tracker is one of the best tools in my arsenal for cases like this. Once I kill their session in PHPMyadmin and use IP Tracker to get IP and then block the IP via CPG Admin area (after the fact) or htaccess file (During event) as I get to it faster from PHPMyadmin in my situation.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
[CentOS release 4.6 (Final)] | [Apache 1.3.37] | [MySQL 4.1.21-standard-log (client: 4.1.21) | [PHP 4.4.7] | [DF 9.2.1] | [FPro 2.0.2]


thanks for the help guys..I will get ip tracker.They seemed to get bored when they couldn't effect the site but nice to know what to do in the future.

Thx again

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache1.3.33/MySQL Version 5.0.81-community-log (client: 5.0.81)/PHP Version 5.2.9/DF9.2.1


That's DDos, nothing you can do accept ban that IP.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache 2.2.6 /MySQL/PHP5.2.5/DragonflyCMS 9.21


leductho wrote
That's DDos, nothing you can do accept ban that IP.


Not really a DDoS. You know how a DDoS works and how a searchbot or harvester works?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


DJ Maze wrote
leductho wrote
That's DDos, nothing you can do accept ban that IP.


Not really a DDoS. You know how a DDoS works and how a searchbot or harvester works?


I don't know much about DDos but I can make your website like that. There many kinds of DDos now. Do you have any way to avoid that?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache 2.2.6 /MySQL/PHP5.2.5/DragonflyCMS 9.21


leductho wrote
That's DDos, nothing you can do accept ban that IP.

leductho wrote
I don't know much about DDos


Anyways thats a BOT requesting 1 page every 2 seconds. No flooding, no DDoS, no worries.

To avoid this, grab the UA and related IPs (IP range if possible) then we will update the BOT list.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


I'm using your DF 9.21. I really love it. And here is the same thing I've tested in my site with security on.
Sorry for keep posting things but I think this is a good topic for DF user.
Attachment: df921-flooding.jpg
Description flooding
Filesize 147.34 KiB
Viewed 91 Time(s)
You are not allowed to view/download this attachment

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache 2.2.6 /MySQL/PHP5.2.5/DragonflyCMS 9.21


NanoCaiordo wrote
No flooding, no DDoS, no worries.

To avoid this, grab the UA and related IPs (IP range if possible) then we will update the BOT list.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS

All times are UTC


Jump to: