Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Today suddenly one of my servers started to alarm from nothing, database went down and apache started to fork like crazy. All was chaos in minutes! After looking at what was happening I found that there was a DDoS against one of my websites hosted on that server.

Problem was that the Joomla is configured to show default web page if a 404 answer is sent. This is a good technique if you are looking forward to enhancing the user experience, but in this case, it fired back. Each time the default page was shown, Joomla generates the subsequent SQL queries. And in a massive load, this drives to run out of memory.

In this case, this DDoS was trying to look for the administrator logging in a blindly way. It was adding /administrator/ to all URL's. I figure out a solution by editing my .htaccess file. Here it is how I did it.

Edit your .htaccess file and add the following lines:

RewriteCond %{REQUEST_URI} .+/administrator/
RewriteCond %{REQUEST_URI} !^/administrator/
RewriteRule .* index.php [F]

This will tell apache to send a 403 (forbidden) answer to all URLs that end with /administrator/ but the correct one. You can modify these lines to fit other needs.


blog comments powered by Disqus