IIS 7 and Above
Last post Feb 20, 2010 07:49 AM by Boerni
Feb 17, 2010 10:46 PM|Boerni|LINK
somebody attacks my server since a couple of weeks.
I tryed Dynamic IP Restrictions, but this didn't help, because the attack is from many ips at once.
The attacker uses the "fixed" bug in php ( http://www.php.net/archive/2009.php#id2009-12-17-1 : max_file_uploads).
The CPU has nothing to do but there are so mutch requests for the iis that it can't handle it and the site is very slow.
Is it possible to block an ip is there is an upload with a known content or something?
What can i do to prevent this attack?
Feb 18, 2010 02:22 AM|steve schofield|LINK
Have you 'contacted your hosting company for assistance and also fix the code (if I understand you correctly there is a bug).
Windows Server MVP - IIS
Log archival solution
Install, Configure, Forget
Feb 18, 2010 02:33 AM|lextm|LINK
I agree with Steve. And please understand that DDOS attacks and others cannot be prevented unless you have firewalls in front of the web server(s).
Feb 20, 2010 07:49 AM|Boerni|LINK
Thanks for reply,
the attacker uses a security gap in php.
Is it possible to configure the Dynamic IP Restriction only to count requests from none static files or with known extensions?