CSF Too Late Stopping DOS Attacks
Nov 7, 2008
I have CSF on my server (configserver security and firewall) and it blocks the IP when my server gets attacked, but it always seems to be a little too late... Apache goes down, even though the IP is blocked. I end up running:
iptables -I INPUT -s xx.xx.xx.xx -j DROP
service httpd restart
And that tends to sort things out... but the thing is, sometimes they still manage to attack and even though csf sends me messages explaining how it is connecting, I can check the "deny IPs" and the ip shows as blocked...
What other software is there (eg. mod_evasive... but how can I install it...) that I can run without harming my server, causing problems with CSF or any problems for that matter and how can I install it?
View 11 Replies
ADVERTISEMENT
Nov 25, 2008
i and some other people were scammed under Hetzner servers. Please avoid hetzner. I found out its not the first time they were used by Scammers, and im sure it wont be the last.
Maybe you have some nice memories with hetzner, well i cant deny that, but wait until you get into a messy situation, you will see the true color of this company.
When I smell something not right about Hannes, I immediately seeked their assistance to move in my data to their server. But Hetzner, didnt care.
Someone told me, in a similar incident few months ago, they were scammed by some guys selling Hetnser colo. This person contacted Hetzner and Hetzner didnt care.
Its true. Hetzner didnt care. I contacted them so to get assistant to move my data into their servers. I told them I want to be their customer, but they simply told me to rent a server and move the data myself.
This is the true Hetzner!! It has been home of few or maybe dozens of Scammers. And time has proven itself, be careful of hetzner.
Some people will say, its not Hetzner's fault, but remember this its not the first time, hetzner's used by Scammers. In reality, if you keep a Scammer in your home and he scammed the society using ur name, in some countries, you can be liable too.
What Im saying is, avoid hetzner before you ended up in trouble, because then only you will see their true color. By then its too late.
Theres nothing much I can do now.. But you can... Avoid Hetzner.. But the choice is yours.
View 10 Replies
View Related
May 13, 2007
I tried to upgrade to fedora 5 and then to whatever is next, but I am having problems. After running yum -y update I get this:
Error: hwdata conflicts with pcmcia-cs
Error: Missing Dependency: hotplug >= 2001_04_24-9 is needed by package pcmcia-cs
Error: Missing Dependency: howl = 0.9.8 is needed by package howl-libs
Error: Unable to satisfy dependencies
Error: Package hal needs kernel < 2.6.15, this is not available.
Error: Package hwdata needs pcmcia-cs, this is not available.
Error: Package howl-libs needs howl = 0.9.8, this is not available.
Error: Package pcmcia-cs needs hotplug >= 2001_04_24-9, this is not available.
Error: Package kudzu needs kernel < 2.6.13, this is not available.
Error: Package glibc needs kernel < 2.6.9, this is not available.
Error: Package initscripts needs kernel < 2.6.12, this is not available.
View 13 Replies
View Related
May 1, 2009
When I tried and failed to get any any repsonse out of them for 2 months at the end of last year, I mailed all the addresses I could find asking for my account to be closed and changed my DNS records to reflect a change in hosts. There were a few threads on this site that said the company had folded.
My renewal was due in January and when no invoice appear I assumed that everything was cancelled.
Till yesterday that is, when I recieved an invoice for renewal from gnax.net that is due today! The Burton Hosting billing site is also back up again.
I have just been on the Burton Hosting website and see there is a placeholder saying that my account is now owned by gnax.net. Surely they should have informed me of this change?
At the moment I am refusing to pay this money (Although mailing support@gnax.net does not work, despite it being the contact address in the invoice mail).
Have any other old Burton Hosting clients just been invoiced and given 1 day to pay?
View 2 Replies
View Related
May 13, 2007
I have WHM 11.1.0 cPanel 11.2.1-C11635
FEDORA 4 i686 - WHM X v3.1.0
PHP Version 4.4.4
I'm not sure what my apache version is.
I want to try this:
http://www.webhostgear.com/232_print.html
It says it's for Apache 1.3x, PHP 4.3x
Will that work on my server? Will it be safe to try?
View 8 Replies
View Related
Jul 6, 2007
Currently my site is having a extreme surge in traffic (in and out). My webhost just sent me a warning, saying that my site is generating abusive traffic to the host's network.
Code:
Please be aware that abusive traffic is being generated from your IP, xx.xxx.xx.xxx, directed to our network as seen in the logs below. We have added a Nullroute for this IP on our network for a period up to 24-hours. Please take action to remove and prevent this abusive traffic from being generated. Repeated offenses will result in a permanent Nullroute of your entire network block.
2007-07-05 09:59:51 - sensor-ds04.tpa.sagonet.net - sshd[13496]: Did not receive identification string from ::ffff:xx.xxx.xx.xxx
2007-07-05 09:59:51 - unknown.sagonet.net - sshd: refused connect from ::ffff:xx.xxx.xx.xxx (::ffff:xx.xxx.xx.xxx)
2007-07-05 09:59:51 - spamassassin-lbb.tpa.sagonet.net - sshd[24910]: Did not receive identification string from xx.xxx.xx.xxx
2007-07-05 09:59:51 - spamassassin-lba.tpa.sagonet.net - sshd[32041]: Did not receive identification string from xx.xxx.xx.xxx
2007-07-05 09:59:51 - spamassassin-lbb.tpa.sagonet.net - sshd[24911]: Did not receive identification string from xx.xxx.xx.xxx
2007-07-05 09:59:51 - spamassassin06.cust.sagonet.com - sshd[12792]: refused connect from ::ffff:xx.xxx.xx.xxx (::ffff:xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:52 - sensor-ar01.tpa.sagonet.net - sshd[12730]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
My VPS is using Plesk v8.01 as the control panel. I have purchased my own 3 IPs so I'm sure this is not the case of sharing the same IP with another account.
I've checked the cgi-bin directory but there is nothing there except the usual default file (test.cgi). And I never have the right to alter the cgi-bin directory (can't remove, can't add files).
The traffic surge costs me 10 GB (in) and 5 GB (out) bandwidth a day as opposed to the normal 100~200 MB a day. I haven't ask them the exact form of the abuse. So far, I think my IP has becoming the source of abusive traffic that burdens THEIR server.
I've checked the latest access.log and everything looks normal.
But when I checked using menu Virtuozzo/Traffic Statistics, I can see that the incoming and outgoing traffic are surging up unnaturally (this is the third day).
Hour/Incoming/Outgoing (in MB):
Code:
01 5.61 26.31
02 4.94 25.11
03 6.77 33.48
04 10.42 47.17
05 91.43 94.06
06 289.51 196.99
07 309.13 200.02
08 51.78 33.33
View 2 Replies
View Related
Jan 15, 2008
Has anyone had any good results using spamassasin? If so, how did you go about setting it up? I was hoping someone would share some real world settings that work.
View 10 Replies
View Related
Nov 5, 2009
Can you control SPAM on a server ? I've got this email account that all receives is SPAM, nothing else. I'd like to eliminate this so it doesn't get any more SPAM.
View 13 Replies
View Related
Sep 4, 2008
I have ffmpeg installed on a webserver. If I enter the command to begin a conversion process, or the command is sent through PHP via exec(), it keeps going until it finishes or runs into an error.
Is there a way to cancel a conversion process after it's been started either through the command line or via PHP exec()?
View 4 Replies
View Related
Jun 12, 2007
I designed one of my web services so that 'nobody' has to put commands to cron. Unfortunately this thing stops to work from time to time because "someone" is putting 'nobody' back to cron.deny file.
How to stop that?
View 9 Replies
View Related
Jul 1, 2009
Apache keeps stopping. MULTIPLE times per day! There is no logic to when it dies. But about every 2 hours.
Load stays below .30 and there is free memory available.
This is on a VPS machine. None of the other VPS's are having an issue. Just this one.
Centos release 5.3 (Final)
Apache/2.2.3
Here is what is in the httpd.conf file. I realize the numbers are way too high, but just trying to get this issue to go away.
Code:
<IfModule prefork.c>
StartServers 100
MinSpareServers 100
MaxSpareServers 100
ServerLimit 512
MaxClients 512
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 100
MaxClients 500
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 100
</IfModule>
Here is what is in the /var/log/httpd/error_log file before it dies:
Code:
[Wed Jul 01 18:06:32 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 98 idle, and 108 total children
[Wed Jul 01 18:08:17 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 74 idle, and 76 total children
[Wed Jul 01 18:08:18 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 16 children, there are 63 idle, and 63 total children
[Wed Jul 01 18:08:19 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 32 children, there are 79 idle, and 79 total children
[Wed Jul 01 18:11:36 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 93 idle, and 108 total children
View 5 Replies
View Related
Nov 7, 2008
Is there a script or program which I can use to start my game servers remotely? I am giving my friend a free game server, but the problem is that he wants the power to start/stop the server because he wants to update the binaries. I am not looking for a game server control panel, but more like a small script or program that has the power to start/stop the server. The game server I am hosting for him is Team Fortress 2. Also, it has to be free since I am not going to make any profit of this.
Game - Team Fortress 2
OS - Windows 2003 Server
Web hosting - WAMP
View 2 Replies
View Related
Jul 9, 2007
I will move my vbulletin site from one server to another server.
my web data is more than 10G including mysql data, I know I may stop the vbulletin at first and move data. but I am expecting a minimal forum-stop time or no forum-stop time.
My concern is, if I don't stop the vbulletin at first, after I dump sql data out and retore them to the new server, it would be more than 3-4 hours, there must be some new data come in during that period. how may I keep the vbulletin running and move all data to new server?
View 0 Replies
View Related
May 27, 2007
We're currently testing Postini after checking with Message Labs, etc and it seemed that Postini was the most highly recommended out of all of them. We shall see, as there does seem to be ALOT that get past their filters with spam level filtering set at their most sensative level.
However, what could I do for accounts with Hosting Firms. We have a couple on Pair, and while they use SA, their filters doesn't seem to be really effective at all. Users can come in over the weekend, and have 5 valid emails out of 200 junk......
BTW, has anyone used any of the spam appliances out there lately.
We tested them about 1.5 years back and none were really effective
View 14 Replies
View Related
Jul 15, 2015
I am trying to run backups to an off site location, however, I have noticed that even if I try on the server side, it will only backup 2gb, which when I check the backup, the file structure is there, but there arent any files in the backups.
View 8 Replies
View Related
Jun 16, 2009
I saw some spams and I try to remove them on my cPanel server from WHM > Mail Queue
Message 1MFr0q-0001cK-TV is locked
Message 1MGJLb-0001UL-4y is locked
Message 1MGIqC-00036q-7v is locked
Message 1MGIvk-00044Q-5r is locked
Message 1MGJpk-0003fU-5K is locked
Message 1MGJK9-00015D-US is locked
Message 1MGJhL-00006a-Mh is locked
Message 1MGHK4-0004e6-60 is locked
Message 1MFrD4-0002Up-OX is locked
I can't seem to remove them. What's the way to kill them at once?
View 3 Replies
View Related
Nov 7, 2007
We have a VPS Server from one of the most reputable VPS Provider. We have 384 Guaranteed RAM and 1GB Burst. We have Dual Core AMD Opteron(tm) Processor 265 - 1795.503 MHz with 1024 KB cached allocated to our VPS.
It is only hosting 2 average forums (10-15 concurrent users in total) and 30 small websites, low traffic websites.
The problem we are having is, almost 3 times a week, the cPanel, named and apache services keeps stopping. I am monitoring our server when this is happen and prior to the event its only using about 300MB RAM and low CPU..
What could be causing this problem? Do I need to upgrade our RAM?
View 2 Replies
View Related
Apr 2, 2014
PRODUCT, Plesk for Windows VERSION 11.5 latest update VERSION OF MICROUPDATE 11.5.30 Actualizar #39, OPERATING SYSTEM Windows 2008 Server Suddently with no apparent reason, MYSQL stops and Ihave to go to the panel and restart it.
Every Morning I have to restart MySQL thru the control panel in remote console of windows..Works all day long, and then stops at night..Should work as always did, for several months I did not even reboot the server, no I have to reboot the server to see if that fixes the problem. Latest windows update, latest Plesk for windows update, but I have the feeling that with the latest microupdate something has broken,
View 3 Replies
View Related
Nov 27, 2014
Plesk 11.5 Lunix
Centos 5.6
I am having problem sending email. Email from others came in but when sent from the server it does not arrived.
SMTP Server (Postfix) keep stopping...
View 11 Replies
View Related
Oct 26, 2007
I'm getting DoS attacks on my new dedicated server and I've had about 600 emails from my server about IP bannings. I can't even access my server via WHM at all at the moment! The sites are still online and the server is up but I can't log into WHM. What can I do to remedy this?
Also I can't quite understand why anyone would conduct a DoS attack in the first place...
View 7 Replies
View Related
Mar 9, 2008
I have a VPS that's on the awknet network and I'm receiving DNS DDoS and I don't think they have anything to stop these attacks, how can I prevent these?
View 4 Replies
View Related
May 9, 2007
I seem to be getting a lot of mail attacks to accounts located on the server. However, most of the email addresses do not exist and therefore the emails are bouncing back and getting stuck in my mail queue manager. There are something like 20 emails per minute getting stacked up in there and it is causing a massive load on the server.
How can I stop these attacks?
View 5 Replies
View Related
May 22, 2007
my webserver defaced with this persons name all over my site.
I was reading and it said JaMaYcKa does this things through a cPanel bug.
Apparently our entire host has been hacked too. I'm very dissapointed as I was on the verge of starting one of my most biggest projects and now it's gone. :'(
View 14 Replies
View Related
Jun 25, 2008
one of my costumers server is getting ddos attacks. I solved syn and get attacks with litespeed web server but I have another problem. They started to do udp flood. I m losing connection to my server. I bought new server with 1 gbit port for solving it.
View 3 Replies
View Related
Mar 31, 2009
This is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
View 5 Replies
View Related
Oct 31, 2009
Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
View 7 Replies
View Related
Oct 11, 2009
I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]"
Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level.
Now I have plenty of blocked IP ranges all over the world.
What would be the best way to avoid from those kind of attacks ?
View 6 Replies
View Related
Aug 3, 2009
I want to understand the mechanics of a DDOS attack. I have been doing a lot of reading about them this weekend.
The way I am understanding it, a DDOS attack is done at the network level. It may be requesting that pages from a given website, or websites, are served up, but it basically will effect the entire network. So if 'page display' requests are made to a website(s) that is hosted at ABC Hosting (example only), to the tune of 15GBs then I have to assume that the network will be terribly degraded. If that is so, wouldn't other servers also get taken out?
I believe the architecture of the internet is something like this (example only):
Gnax --> Planet, SoftLayer, RackSpace, etc.. --> Reseller --> Smaller Reseller --> Me
If that is true, is each level along that route using their own networking system or are they all dependent on ones that major Data Center uses?
View 14 Replies
View Related
Jan 12, 2009
My current site has been taken offline since it was being ddos attacked, been with my current hosters for 3years at least, but with recent events they gave me the option to shift my site to a dedicated server or me to move of bascially. (impression I get now, since they seem to be taking longer to reply to my messages) I was being ddos attacked since I refused to give a copy of me software to the visitor at my forums/site.
ive been looking round site after site and I cant make up my mind who to shift too, also if that same idiot who ddos attacked me does it again before I can take any action, I would be in the same situation again.
I have multiple domains and all my sites in total are about 5gig in size, cpu usage is avergae and queries roughly about 15/17 the most, I currently pay £130.00 a yr
I have had few bad experiences with hosting companies but learnt along the way, and assumed my current hosters would be a reliable place to stay at. My sites been offline since friday and I would like to get it back up again asap. Last thing I want to do is rush into a hosting package and be stuck in a dud situation.
I would also like to take action upon the person who has been ddos attacking me, I managed to get hold of his details and I also have confirmation that they are correct, what can be done legally?
View 14 Replies
View Related