Hello,
One of my website is constently being attacked by 20 to 30 different Ip at the same second.
They all target my forum which was placed on /forum/.
I have now moved the forum in some other directory by I still get IPs (open proxies) sending POST message to my server. See exemple here :
[login to view URL] - - [27/Dec/2006:21:23:33 +0100] "POST /forum/[login to view URL] HTTP/1.1" 200 17 "-" "Mozilla/4.0 (compatible- MSIE 6.0- Windows NT 5.1- SV1- Maxthon)"
[login to view URL] - - [27/Dec/2006:21:23:33 +0100] "POST /forum/[login to view URL] HTTP/1.1" 200 17 "-" "Mozilla/4.0 (compatible- MSIE 6.0- Windows NT 5.1- SV1- Maxthon)"
Even though there is northing anymore on /forum/[login to view URL], it still takes a Apache process and RAM on my server. The apache process last about 5 minutes during which my whole server does not reply for APache.
I'd like to either :
1. Find a way so that when those Ips attack my server, the apache process does not last more than a few seconds.
or
2. Close this specific diectort /forum/ to all open proxy IPs.
or
3. Detect the IPs that taget /forum/ directory and ban them foreever.
I do not have SSH access of my linux server, so don't plan anything that would require it.
Thx
G.