Security Issue
Has anybody out there run into an automated attack on their site where whatever the bot is sends URLs that look like:
http://www.mydomain.com/sites/default/files/js/1r/2K
http://www.mydomain.com/sites/default/files/js/1r/as
http://www.mydomain.com/sites/default/files/js/1r/4t
http://www.mydomain.com/sites/default/files/js/4R/x-ax-3V-aw
or like
http://www.mydomain.com/content/user/user/user/user/user/user/user/user/...
http://www.mydomain.com/user/user/user/user/user/user/user/user/user/use...
http://www.mydomain.com/content/user/user/user/user/user/user/user/user/...
http://www.mydomain.com/user/user/user/user/user/user/user/user/user/use...
http://www.mydomain.com/content/user/user/user/user/user/user/user/user/...
http://www.mydomain.com/user/user/user/user/user/user/user/user/user/use...
http://www.mydomain.com/content/user/user/user/user/user/user/user/user/...
http://www.mydomain.com/user/user/user/user/user/user/user/user/user/use...
http://www.mydomain.com/content/user/user/user/user/user/user/user/user/...
http://www.mydomain.com/user/user/user/user/user/user/user/user/user/reg...
etc...
Has anybody developed a module to deny/lockout these attacks so they don't get the chance to keep hammering?
=-=
investigate the badbehavior.module
check your logs and see if its a static IP and block it using access rules
Thanks for the reply
Thanks for the hint.
Badbehavior initially looked very good, but unfortunately it appears that the module has been abandoned and has several serious bugs. I'll check back in a few weeks and see if anyone has taken up the call to take it over. Unfortunately I don't have the skills at this point.
I have been putting a lot of blocks in .htaccess, infact so far I've locked out most of the world on that site except for North America since the site is only targeted to a very small local area anyway. I get almost no attacks from North America based services, although there are some VPS hosting sites starting - I suspect that the spammers are either renting a host, or hijacking one.
=-=
you can use administer -> access rules as well, I believe.
Attack bot
Just wondering if I'm the only one that is having trouble with this type of attack? I've blocked a ton a of Non-North American IP addresses using .htaccess because the site is for local people only, but there have been attacks from:
42.b1.85ae.static.theplanet.com (174.133.177.66)
fa.2d.344a.static.theplanet.com (74.52.45.250)
96-9-135-85.iscsd.com (96.9.135.85)
that have gotten through. I noticed that some work has been done on badbehavior, so I'm going to give it a try.