So, this morning I get in and our webserver is DOWN.
Seems its being targeted by a botnet ( or just one powerful machine spoofing and rotating IPs? )
Error logs show 25,000 entries a day, the last two days, just like this:
Code:
[Tue Apr 26 06:46:21 2016] [error] [client 95.188.249.64] PHP Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/www/html/joomla.[redacted].com/html/components/com_comprofiler/plugin/user/plug_cbsubsfolderaccess/cbsubs.folderaccess.php on line 102 referer: http://joomla.[redacted].com/en/some-forum/some-technical-questions/administrator/
[Tue Apr 26 06:46:33 2016] [error] [client 194.8.146.241] PHP Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /var/www/html/joomla.[redacted].com/html/components/com_comprofiler/plugin/user/plug_cbsubsfolderaccess/cbsubs.folderaccess.php on line 102 referer: http://joomla.[redacted].com/en/some-forum/some-technical-questions/administrator/
Seems the IP rotates down a huge list, each IP contributes three hits to the same URL.
I tested that URL, and it takes 0.2 seconds to generate the page:
Access Denied
You do not have permissions to access this page.
Time to create page: 0.201 seconds
Multiply that by 20 hits a SECOND ( maybe more even - I just looked at a small sample ) and its no wonder the database finally crashed after two days. Web logs showing 500 errors starting about 4AM this morning ( I had to reboot the server when I got in at 8AM, it wouldn't respond to ssh login anymore )
Seeking advice - what can I do to prevent this happening again?