getting attacked, what can I do

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
frankoamiricano
Registered User
Posts: 73
Joined: Thu Apr 11, 2002 3:24 am

getting attacked, what can I do

Post by frankoamiricano »

Some of my forums are really slow, I see so much traffic in the logs like this:

Code: Select all

forums.osxfaq.com 66.163.253.201 - - [24/Jan/2005:14:55:59 -0800] "GET /viewtopic.php?t=9121&highlight=%2527%252Esystem(chr(112)%252Echr(101)%252Echr(114)%252Echr(108)%252Echr(32)%252Echr(45)%252Echr(101)%252Echr(32)%252Echr(34)%252Echr(112)%252Echr(114)%252Echr(105)%252Echr(110)%252Echr(116)%252Echr(32)%252Echr(113)%252Echr(40)%252Echr(106)%252Echr(83)%252Echr(86)%252Echr(111)%252Echr(119)%252Echr(77)%252Echr(115)%252Echr(100)%252Echr(41)%252Echr(34))%252E%2527 HTTP/1.0" 200 23889 "-" "Mozilla/4.0"
What is this, and what can I do to block these and restore my server to normal. I am running the updated phpBB as well, so I dont think they are causing any hard other than stealing connections.
User avatar
Dzien Dobry
Registered User
Posts: 614
Joined: Thu Nov 08, 2001 3:55 pm

Post by Dzien Dobry »

You should read the thread: Users Online Count High and amend your common.php file as advised there.
xsupzx
Registered User
Posts: 1
Joined: Tue Jan 25, 2005 2:42 am
Location: NJ
Contact:

Post by xsupzx »

Hey... I'm getting hammered by the same attack. The easy .htaccess fix I found is to do the following (granted you can modify your .htaccess and you can use mod rewrite)

Code: Select all

RewriteEngine on

RewriteCond %{THE_REQUEST} .*/phpBB2/viewtopic.php.*highlight.*system.*
RewriteRule .* - [F]
That will give all requests to viewtopic.php with highlighting of the term system a 403 forbidden error.

Good luck!
Locked

Return to “2.0.x Support Forum”