DDOS Exploit???? Please have a look at this

I have found this apprent exploit, i don't much much about this code or how it works but im pretty damn sure that i'mm being attacked with it right now, it may be what is being used to cripple my server for the past two weeks.

http://www.exploit-id.com/dospoc/openca ... os-exploit

Please can someone with a bit of knowledge on this take a look.

when i look in the process manager in whm on my server the process /usr/local/apache/bin/httpd some of the code from the exploit keeps appearing in the process...all connections are attacking the index.php file causing a lot of cpu usage.

I don't get it. first off ddos stands for distributed denial of service, and if it's a script that runs on one computer it's obviously not distributed. Secondly there's really not much any program can do about ddos attacks since it's just a brute force use all your bandwidth or cpu type attack they could just as well be calling a standard html page over and over again.

Like i said, i'm under attack so have been reading a fair bit about DDOS and opencart and found it, don't know if or how this file would be attacking me but i thought it needed to be seen by developers of opencart to be sure.

Perhaps this file could be hosted somewhere, then when people visit the url it instructs their computer to start the attack from there connection... i don't know if thats possible.

or it could be distrubuted onto peoples computers through some other methods, like mass email lists, torrent files, or any peer to peer file share etc... but if the file was on peoples computers could it run, as its perl script, it would need to be on linux server??? again.. i dont know.

I am currently being hit with an attack of about 2000 connections per second on my main index.php file from serveral hundred ip addessses, i have a dedicated server server which should withstand some attacks but even when my firewall blocks the connections down to only 30/requests per second the index.php file puts far to much strain on the servers CPU, thats why i think these requests have been modified to cause extra load, perhaps with the above code, but as i don't understand the code i wouldn't know.

What i have done to reduce the load of the attack is add password protection to opencart root using the htaccess file. Now all the attacking ip addresses instead of loading the index.php upon each request, only get as far as a popup password request, although 2000x4kbps just to download the .htaccess file is still drinking the bandwidth but now it doesn't affect the server cpu and memory.

Anyone else have any experience with a ddos attack like mine? Any advise would be appricated.

My understanding is you host your own server right?

i dont know how you manage your dns or anything, but would it not be possible to change your i.p address?

If its static, perhaps you could contact your provider and ask them to give you a new one.

Its unlikey they are attacking you via your url, i would imagine is i.p based attacks.

No, they are actually attacking the domain directly.

I have changed ip since the attack started by upgrading my server, thats how i have ended up on a dedicated sever costing £105/month.

I could modify my dns records and point the domain away from the server, but then the site is completely offline. I have already moved this shop away from my original server so i can continue to run my other shops without this attack effecting them.

I actually think i know who has launched this attack... one of my suppliers that i had a bit of a disagreement with a few weeks previous to it starting. Then i checked out his server and he seems to be paying for professional ddos protection, since not many people are on decicated ddos protected servers i thought that was even a bit more of a coincidence and has sort of confirmed to me he is lauching this attack.

oh dear, bit of a tricky one! never been in this situation before.

Maybe your provider can track the attack down and take action i dont know. It must be very frustrating for you though im sure.

I just visited opencart.com and I recive the DDOS expoit warning ......

winquest wrote:I just visited opencart.com and I recive the DDOS expoit warning ......

There's a step for protection there but it goes away in a few seconds. It's there on purpose to prevent DDOS attacks.

Get Cloudflare and use the "I am under attack!" setting. If you use the paid packages they work awesome but the free one works as well