Denial of Service attack from an url post

  • Resolved jpill

    (@jpill)


    9 years, 11 months ago

    Hi.

    I have a web site in a shared hosting service, everything was OK, but in the last days, i am suffering a DOS attack to the site.

    I’m watching logs and notice that from several ips, are GET petitions to an URL (a post) plus access to a folder of a plugin i haven’t installed:

    182.50.130.47 - - [01/Apr/2015:23:23:28 -0400] "GET /wordpress/the-post-write-by-a-user/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6"

    So, i looked for the plugin, but that is not installed, so, googling, that plugin (reflex-gallery) had some vulnerabilities in windows, but my site is in a Linux Server.

    I tried to deny the access to the ips via .htaccess, but it doesn’t work..
    What can i do?

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)

  • It’s a common occurrence. Automated bots try to upload a vulnerable script and access it, or to directly access a plugin with a known vulnerability.

    What rules are you using to deny the IPs in your .htaccess file? This should work:

    #BLOCK IP FROM ACCESSING SUSPICIOUS SCRIPTS#
order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

    Also, you could consider installing the Wordfence security plugin, which allows you in Options >> Other Options >> to “Immediately block IPs that access these URLs:”

    Thread Starter jpill

    (@jpill)

    Thanks Barnez for that.

    I also blocked the ips in Cpanel, it seems works.

    Thanks, again

    No problem. Glad to hear you have these IPs now blocked ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Denial of Service attack from an url post’ is closed to new replies.