The Planet Forums > Hacker problem

Full Version: Hacker problem - any suggestions?

The Planet Forums > Control Panels > cPanel/WHM

Extremist

Aug 19 2003, 10:39 AM

I was reviewing our logs last night, and on one of our web sites I found 200+ entries where some one accessed the site but their request stopped before any data was exchanged. I believe that this is called a "SYN Attack"?

The logs show 30-40 entries in a row, each from a different IP, where this occurs. Here is an example from our logs:

66.196.239.194 - - [18/Aug/2003:18:37:39 -0700] "GET / HTTP/1.1" 200 2259 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
63.239.10.7 - - [18/Aug/2003:18:45:43 -0700] "GET / HTTP/1.1" 200 2259 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
67.94.13.114 - - [18/Aug/2003:18:55:18 -0700] "GET / HTTP/1.1" 200 2259 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
198.111.39.10 - - [18/Aug/2003:18:56:39 -0700] "GET / HTTP/1.1" 200 2259 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

Does anyone have any suggestions on how to block this? Since the IP address is spoofed, I can't simply block an IP address. Any help would be much appreciated (I am running APF).

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.