Hello,

Thought I'd run this by you guys and see what you think a good solution is. My companies site has been getting DDOS'd on and off for the past few months. We are running a Wordpress site at MediaTemple on a DV4.0 server.

One thing I've noticed is that there are attempts to attach a query to certain .png files. I run this command when in ssh:

grep png access_log | tail


An example from the log would be:

/img/icons/twitter.png?v82=77&tq=gJ4WK%2FSUh5TBhRMw9YLJmMSTUivqg4aUzJJEfqHXarVJ%2BQhhYGg%3D HTTP/1.0" 403 1200 "-" "mozilla/2.0"


I then go to the Firewall on MT and add the IP or IP range (86.80.0.0/16).

The top of my .htaccess file looks like this:

#MT-DDOS-MITIGATION
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/img/icons/(facebook|twitter) [NC]
RewriteRule ^(.*)$ http://psfk.com/img/icons/blank.txt [L,R=301]
#END-MT-DDOS-MITIGATION

#HTTP/1.0 DDoS prevention
RewriteEngine on
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule .* - [F,NC,L]


I prefer to block the IP's from the firewall so the server doesn't even process the block.

It's seems like such a dumb approach...
1) wait for the problem
2) Look at logs all day and block IP by IP.

Is there anything else I can do to help prevent this from happening? Thanks in advance.