[support] China attacking our web site.
Roger
arelem at bigpond.com
Mon Jul 1 00:13:31 UTC 2013
Last night we had about a thousand attempts on our site.
All are from Chinese addresses blocked by Drupal and a Rule redirects
off site and sends me an advisory email.
With out the email I would have no idea how many attempts.
Drupal recognises the blocked ip addresses and I have a Rule that reacts
to those blocked IPs but I do not understand what happens from there.
- How does Rules react to blocked IPs if they don't get into the Drupal
system?
- I'm supposing that the blocked IPs do get into the system but cannot
view pages, but in the instant they try the Rules Redirect takes place
and the email sent.
Can a hacker/cracker use code that detects a redirect which in turn
redirects straight back to the site under attack?
It seems that we get 5 attempts at the same time then a break of 60
seconds then it starts again.
Unfortunately Rules does not have facility to include the ip of each
attempt and I don't particularly want yet another module to handle this.
One of our admins installed the Unlock module, without my knowledge. It
this dangerous in the above case, can it override the Drupal block or Rules?
Help in understanding is greatly appreciated
thank you
roger
More information about the support
mailing list