Is this a DDoS attack?

[CloudShadow]

This screenshot is from Cpanel's latest visitors section, and for the past 3 hours this ip has been accessing my index.php like that. If this IS a ddos attack, can someone tell me how can i block this guy?

 

[BlaZe]

It can be DoS as its only 1 single IP from Istanbul, Turkey.

http://www.utrace.de/whois/78.171.132.17

I guess your website has a hater.

Just restrict usage from his IP using .htaccess

EDIT:

Add these lines in your .htaccess file

order allow,deny
deny from 78.171.132.17
allow from all

 

[CloudShadow]

I've tried doing that actually, but it doesn't seem to work. What if i use the option in Cpanel, this one

[slide]http://imgcrave.com/u/ipdeny.jpg[/slide]

Will this stop him? I had to take my site down because of this guy, the CPU levels were soaring, :S

 

[Mareshal]

from cPanel is better

If you use htaccess, the request still comes to the web server, then it searches for htaccess and denies it, so the CPU is still used

 

[Dom]

Add him to your CSF / IPTABLES :

DROP  all opt -- in !lo out *  78.171.132.17  -> 0.0.0.0/0   DROP  all opt -- in * out !lo  0.0.0.0/0  -> 78.171.132.17

 

[CloudShadow]

@ Domenic

the problem is, i'm on a shared hosting, not a VPS. I've asked my hosting to block the IP, but they haven't replied yet. So i'm in quite a mess right now. :S :S

[slide]http://imgcrave.com/u/people.jpg[/slide]

I wasn't expecting so many people, lol

 

[Dom]

Thats why you need a VPS buddy :D

 

[Mareshal]

Did you try cPanel ?

 

[CloudShadow]

Yes, i have entered the ip in Cpanel. I'm restoring the home directory now, lets see what happens.

 

[Lifetalk]

Keep us updated. I may have an alternative solution.

 

[XForce!]

http://www.wjunction.com/showthread.php?t=82172
Try this tutorial made by eLight

 

[CloudShadow]

@life
I will

@Xforce

That was the first place i checked, but sadly it only works if you have SSH access to the server, which i dont.

 

[CloudShadow]

Guys it seems that a couple more IPs have started dosing my site now, i've blocked those as well. But i'm not sure how long will this continue. :S

IPs are:

95.208.234.17
46.47.71.66
63.98.12.158
78.171.132.179
95.179.53.156
94.64.77.8

 

[CloudShadow]

New list, damn.....

[slide]http://imgcrave.com/u/capturoso.jpg[/slide]


EDit:

What if i use SplitIce's reverse proxy service? Will that help in reducing the attack?

 

[feronso]

Block the whole of IPs network which are from same network.

example:

111.111.111.111
111.111.111.
111.111.

in .htaccess or through cPanel.

 

[CloudShadow]

A new Ip is popping up every few mintues and its hammering the server, :S

I have no idea what i should do now, i've added around 30 IPs in Cpanel.

EDIT:

I'm going to take my site offline again, :S :S

 

[phpcat]

Hm..maybe it's a botnet :S

Pretty hard to stop those..

 

[CloudShadow]

I have searched around for some DDoS protection sites and the cheapest available package costs 100$, :S :S

 

[feronso]

Point nameservers to cloudflare.com .. free and safe. just for few days

 

[Gigatunnel]

i use http://danginx.com/ Direct admin nginx
which i can protect my server from ddos