Website Attack - Help

K

kelvinm

New member
Aug 3, 2009
12
0
0
Hello,

I have a friend whose major competitor is attacking his server. He's hitting the guys site about a million times a day and bringing the server down preventing the guy from doing business.

Currently I have the guy collecting log files and evidence that this block of IP's are hitting the server.

I tried to find the identity of the person whose got the website, but its protected on who.is.

I was hoping to get an idea of what steps I can take to basically make the situation go away.

Obviously, just blocking the IP's probably wont help if he just rotates the IP's or gets a new server.


Thanks a ton,
Kelvin
 


kelvinm said:
Obviously, just blocking the IP's probably wont help if he just rotates the IP's or gets a new server.


Thanks a ton,
Kelvin
Click to expand...

You tried geo-locating the IPs to see if its coming from a single country or region, and if so , maybe block that in iptables if you don't care about that region (ie: china/korea... your competitor's lawyer's office city).

PS: have you tried a reverse DNS lookup, and then contacting the ISP responsible for those blocks?
 
mmmm...my knowledge is not that good for now to give some advice, but I'm sure it's not only happen to your friend, so maybe you can search another person who was solve that kind of hack/attack problem ,, I'm sure they hate the attacker....so they would give an help...
 
kelvinm said:
Hello,

I have a friend whose major competitor is attacking his server. He's hitting the guys site about a million times a day and bringing the server down preventing the guy from doing business.

Currently I have the guy collecting log files and evidence that this block of IP's are hitting the server.

I tried to find the identity of the person whose got the website, but its protected on who.is.

I was hoping to get an idea of what steps I can take to basically make the situation go away.

Obviously, just blocking the IP's probably wont help if he just rotates the IP's or gets a new server.


Thanks a ton,
Kelvin
Click to expand...

Start by filtering the IP's, if some one is using their server to attack you he only has a few IP's and probably lacks anything remotely resembling intelligence. If it's just a block of IP's block them, do a reverse DNS and contact his hosting company and their upstream providers abuse department. Unless the server is hosted in Russia the IP's will be null routed in a matter of hours.

Did the sites owner steal a landing page from you and forgot to change links to a video/audio file?
 
You must log in or register to reply here.
Top Bottom
Back