Dear Sirs,
Yesterday my website was supposed to be under attack. It was flooded by following requests:
This caused a break down on the SQL-Server...
+-------+---------+-----------+------------+----------------+--------+---------------------------------+------------------------------------------------------------------------------------------------------+
| Id | User | Host | db | Command | Time | State | Info |
+-------+---------+-----------+------------+----------------+--------+---------------------------------+------------------------------------------------------------------------------------------------------+
| 23 | sql_46 | localhost | sql_46_db2 | Killed | 125208 | Creating delayed handler | INSERT DELAYED INTO evo_hitlog ( hit_datetime, hit_uri, hit_disp, hit_ctrl, hit_action, hit_type, hi |
This query was called more than a 100 times and never finished. I think that adscanner (85.25.185.103) is the origin of this attack...
Today I got the logs...
85.25.185.103 - - [03/Oct/2019:10:02:13 +0200] "GET /webblogs/index.php/2009/04/?blog=6 HTTP/1.1" 500 6244 "-" "Mozilla/5.0 (compatible; adscanner/)/1.0 (http:// seocompany. store; spider@ seocompany. store)"
This bot worked hard on the blog and caused the server to crash...
Let me please know, what I can do...
Thanks...
Best regards
Stephan
General Support
b2evolution CMS Support Forums
Here is a site that will answer you
The easiest way is to block it in .htaccess
https://httpd.apache.org/docs/current/en/howto/htaccess.html
Apache 2.2
deny from 85.25.185.103
deny from 85.25.185.104
Apache 2.4
<RequireAll>
Require all granted
Require not ip 85.25.185.103
Require not ip 85.25.185.104
</RequireAll>