HELLO WORLD,

 

If you’re reading this, chances are you heard about Pushdo already. For the (lucky) rest of you, If your site starts using incredible many CPU resources and bandwidth, possible resulting in your hosting suspending your website or your web server becoming unusable, chances as you’re victim of a Pushdo attack (which of course is what is happening to this website as we speak). Without getting too technical, your site gets a DDOS attack, the Apache log files will look like this:

 

113.169.147.58 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
187.194.130.108 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
223.207.169.183 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
212.156.210.13 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
188.114.99.252 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
91.238.202.254 – – [11/Nov/2014:07:00:00 -0800] “POST /tabbles.net/ HTTP/1.1″ 403 223 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

 

Basically a flood of POST requests, all coming from agents “MSIE 6.0” and from thousands (or hundreds of thousands) of different IP addresses. What do you? IP filtering? not a chance. Caching/enhancing/making your site faster? Well, if you’re running your website on a dedicate Watson supercomputer, you may give it a try – else, not a chance. What did we do to help the situation and mitigate the attack?

 

1) A 403 redirect in the .htaccess for users on the MSIE 6.0 Agent: I created a file called pushdo.html in the root and added these lines in the .htaccess

# BEGIN antipushdo
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} “compatible ; MSIE 6.0” [OR]
RewriteRule .* – [F,L]
# END antipushdo

The drawback is that people using Internet Explorer 6.0, won’t be able to see your website – which shouldn’t be cause of much concern to most of you out there.

 

2) Use Cloudflare: this service looked  to me as some kind of alchemy as I still can’t really figure out how it works… but I don’t really care as it works just fine 🙂 In order to set up yout site for it, you’ll need to have your DNS records to point at Cloudflare (instead at your hosting provider). Basically what Cloudflare does (as far I understand!) is creating cached mirrors on your website on several server, geographically far away from each other. Then it will redirect the traffic coming to your website, onto its different servers, effectively splitting the traffic and Apache workload… just like magic 🙂

 

So far, it seems the issue has been minizimed… but I still keep say an extra prayer about it every night.

 

By |2017-11-17T20:35:10+00:00November 11th, 2014|Uncategorized|0 Comments

About the Author:

Leave A Comment

We use technology (including cookies) to collect, use and transfer information to support this Site, including for data analytics purposes, as described in this Site's updated Privacy Policy. Your continued use of the Site signifies your acceptance of such cookies. To learn more about how to manage your cookie settings and how to exercise your rights under GDPR please see our Privacy Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close