Websites attacking my server

[luchtzakje]

Hi all,

since a few days the server is running hot red. I run (ran) an aviation top 100 website http://www.aardvarktopsitesphp.com/ but malicious websites also subscribed (which I never accepted to join my top 100) and they put the code on their website. Now those website are called millions of times.

I cancelled the subdomain, now when checking apache it displays this 150 times:

0-0 18146 1/5376/5376 K 312.92 11 0 0.4 92.08 92.08 85.104.57.235 server.luchtzak.be GET /button.php?u=trcafecom HTTP/1.1
1-0 18147 1/5515/5515 K 301.08 10 0 0.4 95.13 95.13 88.235.76.231 server.luchtzak.be GET /button.php?u=romeoxxx HTTP/1.1
2-0 18148 1/5417/5417 K 327.50 17 0 0.4 92.50 92.50 88.234.12.151 server.luchtzak.be GET /button.php?u=esseddd HTTP/1.1
3-0 18149 1/5301/5301 K 301.43 2 0 0.4 95.11 95.11 85.110.10.169 server.luchtzak.be GET /button.php?u=esseddd HTTP/1.1
4-0 18150 1/5502/5502 K 277.29 10 1 0.4 97.70 97.70 88.242.75.124 server.luchtzak.be GET /button.php?u=esseddd HTTP/1.1
5-0 18153 1/5551/5551 K 320.93 1 0 0.4 92.49 92.49 85.99.157.209 server.luchtzak.be GET /button.php?u=esseddd HTTP/1.1
6-0 18154 1/5480/5480 K 312.19 9 0 0.4 91.06 91.06 88.244.178.228 server.luchtzak.be GET /button.php?u=ceffres HTTP/1.1

How do I disable the call GET /button.php?u=XX with XX is variable ?

[the_ancient]

you don't you just Ban the Server. Since it all seems to be comming from the same Location, just ban them

[luchtzakje]

Where do I ban a server (or servers) via WHM ?

[Vin DSL]

Hi, Bart! Long time no see...

I'd just redirect them to a bogus site with something like this in my .htaccess file:

Code:

# Send 'em packing - VinDSL - Lenon.com
RewriteCond %{QUERY_STRING} (button\.php|\u=([^&]+))    [NC]
RewriteRule ^.*$ http://www.goawayanddontcomeback.com   [L]

[luchtzakje]

Tech contacted me a few minutes ago, they will redirect my concerned subdomain to somewhere else on the www.

I am done with these top 100 websites !