Some botnet is trying to POST a php file?

D

DJSnels

Verified User
Joined
Jun 17, 2011
Messages
21
Sinds a day or 2 one of my domains is using a loat of bandwidth.
The Apache access logs have thousends of these loggings from many different IP-adresses:

212.246.140.250 - - [26/Sep/2012:19:58:55 +0200] "POST /images/g.php HTTP/1.1" 404 595 "-" "-"
94.170.132.240 - - [26/Sep/2012:19:59:00 +0200] "POST /images/g.php HTTP/1.1" 404 595 "-" "-"
77.168.207.16 - - [26/Sep/2012:19:59:04 +0200] "POST /images/g.php HTTP/1.1" 404 595 "-" "-"

Is there anything that can be done to prevent this?
What are these requests trying to do?
 
Then you might want to look into blocking urls with .htaccess

There should be a ton of guides on google.
 
You might be able to try something like this in .htaccess:

Code: 
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} /images/g\.php [NC]
RewriteRule ^.*$ - [F]
</IfModule>

I still am not sure what its going to do for helping bandwidth though. You might need to look at fail2ban and a custom rule.
 
Last edited:
Here's what I advise my clients to do:

---------------------

To prevent execution of PHP code inside your image and cache directories, which is mostly where hackers will upload their phishing scripts, simply paste this code into a .htaccess file inside your image/cache directories:
Code: 
<Files .htaccess>
order allow,deny
deny from all
</Files>
php_flag engine off
Options -ExecCGI
<FilesMatch "\.(php|pl|sh|cgi)$">
<Limit GET PUT POST>
order deny,allow
deny from all
</Limit>
</FilesMatch>
or
Code: 
# stop scripts from running from the folder
IndexIgnore *
Options All -Indexes
# Secure directory by disabling script execution
AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .jsp .asp .htm .html .shtml .sh .cgi
Options -ExecCGI
# Don't show this file, that would be bad as well!
<Files .htaccess>
order allow,deny
deny from all
</Files>
 
As an admin.. is there a way to just push those filtering rules inside the main httpd.conf
so every user on a share host will inherit of it ?
 
You must log in or register to reply here.
Back
Top