Jump to content

Recommended Posts

Posted (edited)

many from Russia federation ISP has been blocking IP ranges and were hitting 90+ percent 

 

this page has thousands of hits

/index.php?app=core&module=system&controller=terms&do=dismiss&ref=aHR0cHM6Ly9mbWZvcnVtcy5jb20v&csrfKey=57b5fbe3994e7853b63828caa0779e88

what table could I see guest access and ip's sorted by time trying to go thru the who is online and clicking links is tedous

(on top of this I am going off the grid for the weekend camping ) 

 

 

Edited by Ocean West
Posted

Ok post mortem - I am finally back to civilization after going camping and my ISP told me my server was getting thousands of hits a second on that page - he didn't see any redirects but rather direct links to that url.

He thought it was some forum vulnerability - not entirely sure. He mitigated it while I was away blocking thousands of IP address both IPV4 and 6 in addition to entire countries, after awhile things returned to a normal level.

I was in the process of switching to Cloudflare but didn't have a chance to implement it before I was out of internet range. He told me today that another one of his clients had an attack on a server and they were using Cloudflare, the attackers were spoofing them or such. 

 

Posted
20 hours ago, Ocean West said:

He thought it was some forum vulnerability - not entirely sure.

There are no known vulnerabilities. Were these IPs (or variations) hitting other URLs too? If so, probably some rogue bot that has saved a bunch of URLs and going back. The specific URL you mentioned would create an error as the CSRF key had expired if they went back to it  

I saw this a lot on my personal community with Russia with text scraper bots and just blocked the whole country. 

  • 2 weeks later...
Posted

Ok its been back all night I moved dns records over to CloudFlare and setup a firewall and blocked Russia but hits spike the second I turn off under attack mode... 

Any advice?

 

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...