WEB Site getting hit hard by a bunch of IPs

Discussion in 'OT Technology' started by autox, Aug 28, 2007.

  1. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    My site has a bunch of IPs making "excessive" connections being made by these IPs. Is there anyway to find out if any of these are important? I googled them, but didnt find out any solid info :wtc:
    The IPs were (# on the left is the connections being made)


    908 65.25.108.185

    933 207.156.58.13

    1006 72.37.171.20

    1110 68.115.106.72

    1176 208.27.111.132

    1471 216.136.59.2

    1498 72.236.192.234

    1858 216.204.207.2

    2104 144.71.77.200
     
  2. drumbandit

    drumbandit New Member

    Joined:
    Aug 14, 2003
    Messages:
    25,811
    Likes Received:
    0
    Location:
    South Point Poker Room - Table 11
  3. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    a few of them were government IPs :noes:
    its really odd
     
  4. wtf those are some crazy IPs.

    try banning them, but not those specific IPs. for example, if the IP 1111 100.1.1.1 is hitting you, ban 1111 101.*.*.* so that it will ban anything from that prefix.
     
  5. Nakon

    Nakon Guest

    ban 16 million+ addresses :hsugh:
     
  6. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    :werd: :rofl:
     
  7. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    33,001
    Likes Received:
    101
    Location:
    St. Louis
    Might be getting DOSed :noes:
     
  8. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,575
    Likes Received:
    2
    ban all ipv4 addresses.
     
  9. BStark

    BStark Well looky here. OT Supporter

    Joined:
    Apr 28, 2007
    Messages:
    3,298
    Likes Received:
    117
    What kind of site do you run? Do you have a reason to suspect this is DoS?
     
  10. drpepper

    drpepper Active Member

    Joined:
    Nov 13, 2006
    Messages:
    38,076
    Likes Received:
    2
    Location:
    San Antonio
    .
    and only host it on the intranet.
     
  11. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    :squint:
     
  12. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    Its a free stuff site. I must be getting hacked by slickdeals :rofl:
     
  13. if you ban the first number of the IP followed by the 3 *'s, it will ban every IP from that prefix :hsugh:

    instead of banning IP 309.12.9.507, ban the IP 309.*.*.* and it will ban every IP from that prefix and all of the connections with the same prefix trying to hammer your server
     
  14. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    33,001
    Likes Received:
    101
    Location:
    St. Louis
    If you were being dos'd for real banning IPs wont simply help much you still get the traffic at the router so unless its causing bandwidth issues or site slowing wouldnt worry about it. You can ban IPs by a pattern but you ban legit traffic as well not a very good idea.

    On a side note seems your site loads fine to me
     
  15. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    Yea, my host said it crashed my server and slowed my site down so they banned them. I can have them unbanned if its something that I need.
     
  16. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,575
    Likes Received:
    2


    a) 309 doesn't exist.


    If you were to ban an entire subnet that way, you would be banning 16777214 hosts.


    209.0.0.0.1 -> 209.255.255.254


    GTFO noob.
     
  17. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    :rofl::rofl::rofl::rofl::rofl: nice example
     
  18. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    What kind of requests are they trying to make? Are they port scanning or trying to SSH or RDP into your box?
     
  19. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    I have no fucking clue :hs:
     
  20. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    How do you know they are hitting you then?
     
  21. autox

    autox OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    98,761
    Likes Received:
    443
    my host told me
     
  22. Nakon

    Nakon Guest

    please just stop talking :rofl:
     
  23. Nakon

    Nakon Guest

    redirect them to livejournal. worked for blue security
     
  24. says the 06 :hsugh:
     
  25. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    33,001
    Likes Received:
    101
    Location:
    St. Louis
    06 or 03 doesnt matter your opinion on banning IPs is incorrect.
     

Share This Page