Atozed Forums Atozed Software Products IntraWeb English IntraWeb General Discussion v
General question

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
General question
msgopala Offline
Junior Member
**
Posts: 47
Threads: 17
Joined: Jun 2018
Reputation: 0
Location: USA
#1
07-30-2019, 02:16 PM
Sorry to be posting this here but I am at a loss. How do I prevent brute force attack .

Problem:

After going live with my IW dll we have had insane amount of ping requests t non-existant folders and files. We are a very small shop and I have tried changing IP bindings, blocking IP and IP ranges on the server firewall and IIS. Pings have reduced but still there. The failed request trace logs show IPs from China, Brazil, Russia etc.

IIS goes down after repeated pings and our intraweb dlls stop working when users are logged in. 

I appreciate any advice I can get. 

Sorry about posting this here.
Find
Reply
kudzu Offline
Raccoon in Charge
*******
Posts: 1,136
Threads: 37
Joined: Mar 2018
Reputation: 30
Location: Limassol, Cyprus
#2
07-30-2019, 04:27 PM
DOS attacks are a persistent problem in any web framework. While there are some things you can do in IW, you will likely need to use external methods as well such as firewalls which help prevent DOS attacks.

The first step is to determine exactly what kind of resources they are trying to access and if possible why. For those prevent sessions from starting.

If your users log in, you can also use a static or non session log in page to filter access.
Find
Reply
Jose Nilton Pace Offline
Senior Member
****
Posts: 289
Threads: 0
Joined: Mar 2018
Reputation: 29
Location: Franca-São Paulo-Brasil
#3
07-31-2019, 11:32 AM
Hi. In new iw15.1 it has a new property ServerController.BlockedDocExtensions, he block a lot of things like *.php, no session is created. Try use this new version to block all income request.
Check it here.
Website Find
Reply
Alexandre Machado Offline
Administrator
*******
Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand
#4
08-01-2019, 09:10 AM
(07-30-2019, 02:16 PM)msgopala Wrote: Sorry to be posting this here but I am at a loss. How do I prevent brute force attack .

Problem:

After going live with my IW dll we have had insane amount of ping requests t non-existant folders and files. We are a very small shop and I have tried changing IP bindings, blocking IP and IP ranges on the server firewall and IIS. Pings have reduced but still there. The failed request trace logs show IPs from China, Brazil, Russia etc.

IIS goes down after repeated pings and our intraweb dlls stop working when users are logged in. 

I appreciate any advice I can get. 

Sorry about posting this here.

What's the version you are using?

IW 15.1 branch has some advanced features to block lots of "pre-fabricated" attacks, specially the ones that target PHP sites....
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)