Post by ifyouseek » Thu Jun 02, 2011 9:49 am

I have found this apprent exploit, i don't much much about this code or how it works but im pretty damn sure that i'mm being attacked with it right now, it may be what is being used to cripple my server for the past two weeks.

http://www.exploit-id.com/dospoc/openca ... os-exploit

Please can someone with a bit of knowledge on this take a look. ::)

when i look in the process manager in whm on my server the process /usr/local/apache/bin/httpd some of the code from the exploit keeps appearing in the process...all connections are attacking the index.php file causing a lot of cpu usage.

Active Member

Posts

Joined
Thu May 06, 2010 4:40 pm

Post by Xsecrets » Thu Jun 02, 2011 1:27 pm

I don't get it. first off ddos stands for distributed denial of service, and if it's a script that runs on one computer it's obviously not distributed. Secondly there's really not much any program can do about ddos attacks since it's just a brute force use all your bandwidth or cpu type attack they could just as well be calling a standard html page over and over again.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter


Guru Member

Posts

Joined
Sun Oct 25, 2009 3:51 am
Location - FL US

Post by ifyouseek » Mon Jun 06, 2011 3:48 am

Like i said, i'm under attack so have been reading a fair bit about DDOS and opencart and found it, don't know if or how this file would be attacking me but i thought it needed to be seen by developers of opencart to be sure.

Perhaps this file could be hosted somewhere, then when people visit the url it instructs their computer to start the attack from there connection... i don't know if thats possible.

or it could be distrubuted onto peoples computers through some other methods, like mass email lists, torrent files, or any peer to peer file share etc... but if the file was on peoples computers could it run, as its perl script, it would need to be on linux server??? again.. i dont know.

I am currently being hit with an attack of about 2000 connections per second on my main index.php file from serveral hundred ip addessses, i have a dedicated server server which should withstand some attacks but even when my firewall blocks the connections down to only 30/requests per second the index.php file puts far to much strain on the servers CPU, thats why i think these requests have been modified to cause extra load, perhaps with the above code, but as i don't understand the code i wouldn't know.

What i have done to reduce the load of the attack is add password protection to opencart root using the htaccess file. Now all the attacking ip addresses instead of loading the index.php upon each request, only get as far as a popup password request, although 2000x4kbps just to download the .htaccess file is still drinking the bandwidth but now it doesn't affect the server cpu and memory.

Anyone else have any experience with a ddos attack like mine? Any advise would be appricated.

Active Member

Posts

Joined
Thu May 06, 2010 4:40 pm

Post by SXGuy » Mon Jun 06, 2011 4:06 am

My understanding is you host your own server right?

i dont know how you manage your dns or anything, but would it not be possible to change your i.p address?

If its static, perhaps you could contact your provider and ask them to give you a new one.

Its unlikey they are attacking you via your url, i would imagine is i.p based attacks.

Active Member

Posts

Joined
Sun Nov 08, 2009 2:07 am

Post by ifyouseek » Mon Jun 06, 2011 8:16 am

No, they are actually attacking the domain directly.

I have changed ip since the attack started by upgrading my server, thats how i have ended up on a dedicated sever costing £105/month.

I could modify my dns records and point the domain away from the server, but then the site is completely offline. I have already moved this shop away from my original server so i can continue to run my other shops without this attack effecting them.

I actually think i know who has launched this attack... one of my suppliers that i had a bit of a disagreement with a few weeks previous to it starting. Then i checked out his server and he seems to be paying for professional ddos protection, since not many people are on decicated ddos protected servers i thought that was even a bit more of a coincidence and has sort of confirmed to me he is lauching this attack.

Active Member

Posts

Joined
Thu May 06, 2010 4:40 pm

Post by SXGuy » Mon Jun 06, 2011 4:50 pm

oh dear, bit of a tricky one! never been in this situation before.

Maybe your provider can track the attack down and take action i dont know. It must be very frustrating for you though im sure.

Active Member

Posts

Joined
Sun Nov 08, 2009 2:07 am

Post by winquest » Sat May 30, 2015 3:38 pm

I just visited opencart.com and I recive the DDOS expoit warning ......

Newbie

Posts

Joined
Sat May 30, 2015 3:36 pm

Post by EvolveWebHosting » Tue Jun 02, 2015 1:42 am

winquest wrote:I just visited opencart.com and I recive the DDOS expoit warning ......
There's a step for protection there but it goes away in a few seconds. It's there on purpose to prevent DDOS attacks.

Image
https://www.evolvewebhost.com
Risk free 30 day money back guarantee & free transfers. Opencart hosting done right.


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by STN » Mon Sep 07, 2015 3:59 pm

Get Cloudflare and use the "I am under attack!" setting. If you use the paid packages they work awesome but the free one works as well

Game Trainers


STN
New member

Posts

Joined
Fri Jul 01, 2011 6:45 am

Who is online

Users browsing this forum: No registered users and 4 guests