DDos attacks on zen-cart

apps

#1

Hi, i’ve an ecommerce site with zen-cart that is oftent under Dos attacks from random Ips estabilishing a lot of connections to the server.

Here is an example from “whois online”:

00:07:29 0 ¥Guest 203.152.199.89 00:51:35 00:51:35
Tempo dall’ultimo Click:
00:07:29 ago ID Sessione: tsdm93nl6bsc2mevehs3buh2b5
Host: OFFICE_IP_TO_HOST_ADDRESS
User Agent: Mozilla/5.0
/index.php?main_page=product_info&cPath=7615&products_id=5020++%2Findex.php
00:07:29 0 ¥Guest 203.152.199.89 00:51:35 00:51:35
Tempo dall’ultimo Click:
00:07:29 ago ID Sessione: u6pg7ci634079vf2bnif7e1cm0
Host: OFFICE_IP_TO_HOST_ADDRESS
User Agent: Mozilla/5.0
/index.php?main_page=product_info…616_8036&products_id=6389++%2Findex.php
00:07:28 0 ¥Guest 203.152.199.89 00:51:36 00:51:36
Tempo dall’ultimo Click:
00:07:28 ago ID Sessione: u6nrbvqbkf9l5gobdc9urlq454
Host: OFFICE_IP_TO_HOST_ADDRESS
User Agent: Mozilla/5.0
/index.php?main_page=product_info&cPath=7615&products_id=3460++%2Findex.php

and many others…

As you can see, that urls does not exist on the website as there is not any url the ends with index.php!

I block them through htaccess and to limit the problem i’ve installed the apache2 mod_cband to limit concurrent requests and concurrent ips.

However, it is not sufficient to block every attacks especially when there are a lot of random ips so the webserver goes down…

Someone can help me please?

thanks


#2

We’re just customers here. If it’s a DDoS, contact Support and have them help you fight this off. A DDoS needs to be stopped at the router, not the server.


#3

i’ve already contacted the support some times, but they said that they cannot do anything because the ips are random. They only suggest me to manually add them to .htaccess with the rules “deny from”.


#4

Well you are also seeing a pattern in the query string, so you can use mod_rewrite to send an error page. Off the top of my head (ie not tested), something like:

# match query strings ending in <whitespace>\index.php
RewriteCond %{QUERY_STRING} (\s|\+)+\x2findex\.php$
# return forbidden error 
RewriteRule .* - [F]

#5

ok thanks very much I will try and then I will post the results.