Our server has been under repeated 'attacks' from overwhelming port flooding and syn flooding and http requests. Installed CSF last week and successfully blocked the syn attacks and was able to deny certain httpd IP addresses that caused most of the issues. All good.
This week - the attack resumed. This time it was more or less focused on httpd. And too many different IPs to effectively block. (Most from China - but blocking China didnt really help).
The most common http request was one of these:
GET /announce?info_hash=%A8rJW%5B9X%1F%D0%BD%BC%2F%D4%E8R%E5%C6
GET /announce.php?info_hash=lh%7F%0Ex%9A%08a%AAb%40S%AEi%E87%3D
I take it that these are bit torrent requests and that somehow the attacker has gotten client BT requests redirected to targets like ours. I can block these in mod_security2 I think - but can i also block them upstream (in CSF)? If so, I couldn't figure that out. (but very much a csf novice).
Any advice welcomed.
Cheers,
Bill
Resisting ddos attack from redirected Bittorrent hits
-
billmccollam
- Junior Member
- Posts: 1
- Joined: 24 Jan 2015, 19:09
- Location: Canada
Re: Resisting ddos attack from redirected Bittorrent hits
Bill,
No replies from the original posting, I was wondering if you are still using csf on your tracker if so did you get it working well with your setup?
No replies from the original posting, I was wondering if you are still using csf on your tracker if so did you get it working well with your setup?