My server run a small nonprofit website. Has been good for years but now is getting overwhelemed by a denial of service attack going on for the last week and ramping up quickly - it was freezing a few times a day at first but now has been freezing a few times an hour. more than 99.9% of all of my traffic now has this user agent:
Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.15 but it comes from many different IP addresses and only goes to 1 page on my website. The ips are from all around the world. Mostly outside the usa but a lot inside as well. This page allows a few url variables and they are changing the url variables trying to do sql injection. The page doesn't insert anything into a database but does read a database. It is protected with cfqueryparam and luckily I had no database corruption.. I found a way to keep the server up - it worked for an hour straight now:) I moved the page (which has a few big querries) to a new address and changed the links in my menu system so people and google can find it.. and replaced the old page with a 404 error page that says the page was moved. (in case a real person tried it..they can see it. but hopefully this botnet will see 404 and think it is not there any more). If they move to another page I will have to just sacrifice anyone else using that browser and block it on the entire server. They are also trying to log in with remote desktop to the administrator account (which I always disable and has a lockout policy for 3 wrong passwords). Anyone else have this problem or a better way to fix it? They are hit that 404 page about 10,000 times in the last few minutes but that 404 page takes up .0004 seconds compared to .01 sec for the real page so the server seems ok with the load. BTW: I have been using Power Admin server monitor - which restarts the cold fusion service when it freezes... <http://www.poweradmin.com/servermonitor/>http://www.poweradmin.com/servermonitor/ cool tool - this is how I found out about the remote desktop attack - it monitors the event log as well as disk space and web! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355727 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
