Daily Attack From The Same Network

Apr 8, 2009

Our website is receiving a daily attack from a french network called Neuf Cegetel. The IP is different each day but the network is always the same. The attack is daily and during several hours.

The website does not use ajax (the request is an ajax request) and there is no URL /0_0?_=... But the attacker use a random URL similar to this /0_0?_=1238873869634. Since the URL is always different the page is not cached so it is compressed by mod_deflate and therefore the attack is more harmful. The User-Agent and the cookies changes quite a lot but it is always an ajax request. Taking in account that it is the only ajax request in the server that would be the easily way to stop it. But it seems that when we try to stop the attack, the attacker try another way, what makes me think that the attack is voluntary (not a virus nor something like that).

Since it seems that the attacker can be easily found it (we are a Spanish website and the attacker comes always from the same French network), should we report this? If it were a virus in a remote server, the solution maybe is just to contact the abuse department of the network but if it is voluntary I think that we should discover who is behind the attack since it might be a company that want to bother us, a competitor or something like that. What do you think?

This is a very small copy of the logs containing a few examples:

Code:
4087 ReqStart c XX.XXX.42.189 52592 517548693
4087 RxRequest c GET
4087 RxURL c /0_0?_=1238873869634
4087 RxProtocol c HTTP/1.1
4087 RxHeader c x-requested-with: XMLHttpRequest
4087 RxHeader c Accept-Language: fr
4087 RxHeader c Referer: http://thewebsite.com/
4087 RxHeader c Accept: application/xml, text/xml, */*
4087 RxHeader c x-requested-handler: ajax
4087 RxHeader c UA-CPU: x86
4087 RxHeader c Accept-Encoding: gzip, deflate
4087 RxHeader c User-Agent: Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET
CLR 3.5.30729; .NET CLR 3.0.30618; FDM; OfficeLiveConnector.1.3;
OfficeLivePatch.0.0)
4087 RxHeader c Host: thewebsite.com
4087 RxHeader c Connection: Keep-Alive
4087 RxHeader c Cookie:
__utma=9819446.1354119376.1238785835.1238785835.1238865537.2;
__utmz=9819446.1238865537.2.2.utmccn=(organic)|utmcsr=msn|utmctr=thewebsite|utmcmd=organic;
__utmc=9819446; /=
4087 VCL_call c recv lookup
4087 VCL_call c hash hash
4087 VCL_call c miss fetch
4087 Backend c 3052 default default
4087 ObjProtocol c HTTP/1.1
4087 ObjStatus c 404
4087 ObjResponse c Not Found
4087 ObjHeader c Date: Sat, 04 Apr 2009 19:37:47 GMT
4087 ObjHeader c Server: Apache/2.2.3 (CentOS)
4087 ObjHeader c Vary: Accept-Encoding
4087 ObjHeader c Content-Encoding: gzip
4087 ObjHeader c Content-Type: text/html; charset=iso-8859-1
4087 TTL c 517548693 RFC 120 1238873867 0 0 0 0
4087 VCL_call c fetch
4087 TTL c 517548693 VCL 3600 1238873868
4087 VCL_return c deliver
4087 Length c 235
4087 VCL_call c deliver deliver
4087 TxProtocol c HTTP/1.1
4087 TxStatus c 404
4087 TxResponse c Not Found
4087 TxHeader c Server: Apache/2.2.3 (CentOS)
4087 TxHeader c Vary: Accept-Encoding
4087 TxHeader c Content-Encoding: gzip
4087 TxHeader c Content-Type: text/html; charset=iso-8859-1
4087 TxHeader c Content-Length: 235
4087 TxHeader c cache-control: max-age = 300
4087 TxHeader c Date: Sat, 04 Apr 2009 19:37:47 GMT
4087 TxHeader c X-Varnish: 517548693
4087 TxHeader c Via: 1.1 varnish
4087 TxHeader c Connection: keep-alive
4087 TxHeader c age: 0
4087 ReqEnd c 517548693 1238873867.757586718
1238873867.758437872 0.936849117 0.000804424 0.000046730

View 6 Replies


ADVERTISEMENT

IIS FTP Brute Force Attack How To Prevent At Network Level

Jan 21, 2008

I am getting a few hundred IIS 6.0 FTP login attempts a second on my windows 2003 x64 server.

We have a Sonicwall TZ180, a full IPS and Firewall in front of the server but I cannot determine a way to block these attacks. I simply have port 25 open to all ip addresses, as I do not know a range of valid ips.

Is there any way to prevent these attacks at the firewall/hardware level? I suspect not, because the firewall doesn’t know if a login attempt is valid or not.

I have enabled IPS on the firewall but doesn’t appear to be stopping these attacks. Is there any way to automatically ban ips that hit port 25 X number of times in a second?

View 6 Replies View Related

Network Liquidators / Network Hardware

Oct 14, 2009

any experiences to report about purchasing used / refurb gear from either Network Liquidators (nweq.com) or Network Hardware (networkhardware.com)?

View 12 Replies View Related

Creating Daily Backups

Mar 30, 2009

I want to set up my server (a linux dedicated server) to automatically create daily backups of the pop3, mysql, & webfiles. I want it to go to a server which i have purchased with the exact same specifications.

I am not very good at unix command line/scripting. So what I need is for someone to help me define the backup strategy, select the scripts, and tell me of how to make sure backup server is secure.

View 7 Replies View Related

Apache Crashes Daily

Apr 21, 2009

I am running a dedicated server.

My apache crashes daily and I am investigating the cause of it.

I have found this strange message in my apache error_log....

View 12 Replies View Related

HostV Daily Load

Aug 27, 2008

customer of HostV's VPS hosting, and for the past 3 days, at almost exactly 01:20 GMT, CPU load jumps from an average of about 0.10 to 2.5+, stays there for over an hour, then drops back down.

During this time, there are NO processes on my virtual server using any significant amount of CPU time, memory, or IO. No cron jobs are running on my server, etc.

Note the output from 'uptime' below (I was monitoring it waiting for the problem to occur, which it did at exactly the time I expected):

00:32:05 up 22:01, 2 users, load average: 0.09, 0.11, 0.08
00:32:07 up 22:01, 2 users, load average: 0.08, 0.11, 0.08
01:09:49 up 22:39, 2 users, load average: 0.06, 0.03, 0.00
01:10:03 up 22:39, 2 users, load average: 0.05, 0.03, 0.00
01:19:26 up 22:48, 2 users, load average: 0.46, 0.16, 0.04
01:20:42 up 22:50, 2 users, load average: 1.53, 0.55, 0.18
01:21:39 up 22:51, 2 users, load average: 1.40, 0.67, 0.24
01:46:04 up 23:15, 2 users, load average: 3.06, 2.02, 1.52

Also note output from 'top', taken when load average was at 3.06 shown on the last line above:

Cpu(s): 0.1% us, 0.0% sy, 0.0% ni, 91.0% id, 9.0% wa, 0.0% hi, 0.0% si

My cpu usage is very low (0.1%) but wait time is at 9.0%, and I've seen this go as high as 70% during these times.

So, basically, there is a problem that exists on the host node somewhere that is causing my site to become effectively unresponsive (page load 20 seconds+ - measured), and it happens every single day at the same time.

So, why am I posting it here instead of logging a trouble ticket? I have logged a trouble ticket, but when I encountered the problem yesterday, despite logging it as "CRITICAL", I had to wait nearly 5 hours for a response, which effectively said not much beyond "we noticed the problem and fixed it and we're monitoring it". So I don't have a lot of faith that today's response will be any better.

I moved to HostV because of similar problems I was encountering with shared hosting, and was assured before signing up that the kind of problem I'm seeing doesn't happen. So now I'm outlaying more than 10 times the cost for almost exactly the same problems and a similarly unhelpful response to it.

By publicly posting the problem, I would hope that someone at HostV will ensure the problem is addressed PROPERLY, rather than bandaided again, and that hopefully we will all be able to see just how good HostV's support CAN be (as evidenced in another similar post).

I await HostV/Cirtex's response.

As shown in the uptime information about, server uptime is 23:15, because I rebooted the virtual server yesterday to see if that helped. It didn't. In fact, it took over 20 minutes for the server to come back up, which is why I'm not going to do it again.

View 14 Replies View Related

Daily Hacking Attempts

Oct 13, 2007

Our VPS is being hit several times a day with hacking attempts. We have been actively monitoring error logs and can see the failed attempts. I was just wondering if there is a better way to track such attempts or another system log that wold provide additional info on these attacks? or maybe some 3rd party logging scripts?

View 13 Replies View Related

RAID-1 Vs. Daily Backups

Mar 7, 2007

I just had a quick question about backup solutions. What advantage would I have by setting up 2 HD's in a RAID-1 array as opposed to just doing daily automated backups on one of the drives.

The way I see it, if I have automated backups, HD use for that backup drive is limited to say 20 minutes a day. In a RAID-1 array however, both drives are used at the same rate. Wouldn't this provide better life expectancy for the backup drive, granted it is at the expense of having a guaranteed instant replacement for that original drive?

Reason I'm asking is because I'm setting up a Mac Mini for a friend as a web server and he would like to have data backups. The only way to add space is to intall an external hard drive so my options are a bit limited.

View 7 Replies View Related

Backup Daily Contrab

Jun 2, 2007

i want to run /scripts/cpbackup every day begain with 12:00 AM and i put this line in /tmp/crontab.XXXXwuxGUI File

0 0 * * * /scripts/cpbackup

but the backup didn't work and do the job

View 8 Replies View Related

Mirroring Live Drive Daily?

Mar 22, 2008

I would like to create an exact copy of my live drive on a daily basis via cron. Is there a good mechanism for doing this *without* taking the main drive offline? It seems like the two common backup solutions: dd and rsync both have issues in this area. I don’t think Rsync can create an exact mirror (including partitions) and dd looks like you need to unmount the drive(s) first.

Both drives are of identical size and installed via the ide controller.

View 7 Replies View Related

Daily Dozen LFD Blocks Normal

May 5, 2009

I recently got a dedi from Hivelocity, and they installed CSF/LFD. On my previous hosts, I didn't have this, just cPHulk. With this dedi, I'm receiving nearly a dozen daily emails from LFD with IPs that have been blocked for multiple failed logins, mostly with username root, but also sales, staff, admin, system, etc., and a few for port scanning.

Is this normal? I've already disabled direct root login via SSH, and I'm not really worried about anyone actually managing to gain access, I'm just curious about the high number of attempts. On previous hosts, where I actually had active sites and forums, with links posted on other forums that are indexed and nicely ranked by Google, I rarely received any emails from cPBrute at all.

View 1 Replies View Related

Limit User Download Daily

Jun 22, 2008

Is there any apache module which can limit user download daily. e.g. userA can download XX GB per day.

I am using mod_cband but it seems it can't do something like that.

View 2 Replies View Related

CPanel Daily Backup: Load

May 5, 2008

I have my WHM/cPanel installation configured with daily and weekly backups. I checked at what time of the day the server load was at the minimum and configured the cPanel backup cron to run then.

The problem now is: Backing up a few hundred accounts results in a high server load. My server configuration:

Dual Processor Quad Core Xeon 5335 2.0GHz with 4GB RAM and 2 x 250GB SATA HDD hosted at SoftLayer.

The accounts are located on the first HDD and the backup archives are placed on the second HDD.

What can I do about this? I'd like to take daily backups of all accounts but not if my server load increases up to 10... That kind of renders the cPanel backup feature useless if it doesn't even work on a powerful server like this one...

Would it help if I use an application such as Auto Nice Daemon to give the backup process a lower priority? But then again that won't work on the MySQL dumps? And I think it's not a CPU problem but an I/O wait problem? Other processes have to wait for disk access because the disk-intensive backup process is running?

View 9 Replies View Related

How Can I Setup Daily Exim Statistics?

Feb 27, 2008

How can I setup daily exim statistics?

From WHM, it shows for about one month exim statistics.

Is there any way to have daily exim statistics?

View 2 Replies View Related

How Do I Create A Daily Copy Of Just One File

Jul 3, 2008

I seem to be having a problem where periodically the data in one file is getting corrupted. I haven't been able to figure out a pattern to it, so I wanted to run command by crontab that would create a copy of the file each day. To avoid overwriting previous backups the filename of each day's copy would have to be unique like...

cp filename filename-2008-07-03

Is there a way to include this year, this month, and this day variables in a linux command?

View 6 Replies View Related

Daily Full Backup On Cpanel

Apr 6, 2007

I have seen resellerzoom provides daily full backup to their customer. How should i configure my WHM so that it create daily backup and delete old backup.

View 4 Replies View Related

Daily Backup From Linux To Windows

Apr 5, 2007

I want to know how can backup my linux server data's to windows server? due high number of files and daily updates i cant use FTP

View 3 Replies View Related

Doubt About Csf :: Check /etc/cron.daily/logrotate

Nov 1, 2009

i need information about this option 'Check /etc/cron.daily/logrotate for /tmp noexec workaround', there are in the server check, of the csf test, someone can explain to me about this function? should do it?

the actually state is 'warning'.

View 12 Replies View Related

Very High Load When Daily Backup Started

Jul 9, 2008

to decrease the load in server when daily backup start ,, the load in server before backup start from 0.80 to 1.20 after daily backup started i see very high load from 16.00 to 32 and 40

any solve for decrease load when backup start from 3 to 7 alot

View 7 Replies View Related

Any Daily Moving Files Soloution (Rsync)

Mar 5, 2008

I have move all my vBulletin images to a separate server .. to decrease the load in the main server.. but i am still having a problem .. I have a 3 directors updated daily with new images they are

/home/mark/public_html/vb/customavatars
/home/mark/public_html/vb/customprofilepics
/home/mark/public_html/vb/signaturepics/

I am searching for a way to move only the new files uploaded to this there directory's to the other server in this way
/home/mark/public_html/vb/customavatars (new files) ===> /home/mark/public_html/images/customavatars

/home/mark/public_html/vb/customprofilepics (new files) ===> /home/mark/public_html/images/customprofilepics

/home/mark/public_html/vb/signaturepics/(new files) ===> /home/mark/public_html/images/signaturepics

I have tried to use Rsync in this way as i have a internal connection between my server but it's not work
rsync -a rsync://192.168.0.2/vb/customprofilepics/ /home/mark/public_html/images/customprofilepics
rsync -a rsync://192.168.0.2/vb/customavatars/ /home/mark/public_html/images/customavatars
rsync -a rsync://192.168.0.2/vb/signaturepics/ /home/mark/public_html/images/signaturepics

with daily corn ..

View 4 Replies View Related

Using CRON To Restore CPanel Backups Daily

Nov 21, 2008

A couple weeks ago, I encountered a big server crash on my VPS that caused me a lot of downtime. I'm currently trying to figure out a solution to keep a current "clone" of all of my server accounts on a second server. That way, if I ever encounter another crash, I'll be able to simply change DNS information to have all accounts "live" using the backup server.

I appreciate any input, advice, suggestions, criticism, etc. Here's what I have in mind...

1. I currently have all of my websites hosted on Server #1. (We'll call it that for the sake of avoiding confusion.)

2. I have an automatic nightly backup setup via cPanel / WHM that backs up all accounts from Server #1 to Server #2 via FTP. (Server #2 is in a totally different data center, with a different provider.)

3. The nightly backup packages all of the accounts as "cPanel Full Backups." So, they're compressed, and as such, they don't work as "live, functioning websites" on Server #2.

The only way to make them "live and functional" on Server #2 would be to use cPanel to "restore" the backups.

4. So, what I'd like to do is setup a CRON job that would automatically "Restore" the backups each morning on Server #2. That way, Server #2 would always have a functional version of all my accounts, that is less than a day old. Then, if Server #1 ever crashed, I'd just have to change DNS information to point to Server #2, and all of the websites would be live again, without having to physically restore all of the backups using cPanel.

I don't know a ton about CRON. However, as I understand it, CRON couldn't actually make cPanel restore the backups. However, I'm assuming that when you use cPanel's "Restore" function, it just goes through a series of processes. So, it seems logical to me that, if you knew what those processes were, you could write a CRON job to automate the process every morning.

Did that make sense?

If so, is it possible?

Do you guys have any input, criticism, etc?

If it's doable, can you make any suggestions that would help me make this happen?

Finally, if you think you have the expertise to make this happen, I'd be interested in chatting with you via Private Message. I'd be willing to pay to have this done.(Note to Moderators: I'm not sure if my last comment is allowed or not ... if not, please feel free to remove it. I'm far more interested in the discussion of this process than trying to solicit help in making it happen.)

View 5 Replies View Related

Using CRON To Restore CPanel Backups Daily

Nov 21, 2008

I encountered a big server crash on my VPS that caused me a lot of downtime. I'm currently trying to figure out a solution to keep a current "clone" of all of my server accounts on a second server. That way, if I ever encounter another crash, I'll be able to simply change DNS information to have all accounts "live" using the backup server.

I appreciate any input, advice, suggestions, criticism, etc. Here's what I have in mind...

1. I currently have all of my websites hosted on Server #1. (We'll call it that for the sake of avoiding confusion.)

2. I have an automatic nightly backup setup via cPanel / WHM that backs up all accounts from Server #1 to Server #2 via FTP. (Server #2 is in a totally different data center, with a different provider.)

3. The nightly backup packages all of the accounts as "cPanel Full Backups." So, they're compressed, and as such, they don't work as "live, functioning websites" on Server #2. The only way to make them "live and functional" on Server #2 would be to use cPanel to "restore" the backups.

4. So, what I'd like to do is setup a CRON job that would automatically "Restore" the backups each morning on Server #2. That way, Server #2 would always have a functional version of all my accounts, that is less than a day old. Then, if Server #1 ever crashed, I'd just have to change DNS information to point to Server #2, and all of the websites would be live again, without having to physically restore all of the backups using cPanel.

I don't know a ton about CRON. However, as I understand it, CRON couldn't actually make cPanel restore the backups. However, I'm assuming that when you use cPanel's "Restore" function, it just goes through a series of processes. So, it seems logical to me that, if you knew what those processes were, you could write a CRON job to automate the process every morning.

Did that make sense?

If so, is it possible?

Do you guys have any input, criticism, etc?

If it's doable, can you make any suggestions that would help me make this happen?

Finally, if you think you have the expertise to make this happen, I'd be interested in chatting with you via Private Message. I'd be willing to pay a reasonable sum for some help with this.

View 5 Replies View Related

Backup Type :: Daily, Nightly, Incremental?

May 13, 2008

What type of backup do you use with your host? (daily, nightly, incremental, etc)

View 10 Replies View Related

Pop Services Fail During Specific Hours Daily

Oct 19, 2007

My POP services keep failed daily between 10am-4pm central time. Rather strange.

However, sometimes some people can't access pop services, while others still can.

I thought it was a SpamAssassin issue as it was overloading a little bit due to corrupt files. Fixed that, and problem persists.

CentOS 4.x
cPanel 11.x
SpamAssassin 3.2.x

View 7 Replies View Related

Daily Backup + Rsync Ssh + Large Number Of Files

Oct 29, 2006

i just wana know is it safe to do remote daily backup for about 70,000 files?

file sizes is about 200kb and every day i have about 1000 new file, so rsync first should check old files becouse i am deleting about 30-50 of them daily and them backup new 1000 files ,
so how much it will take every time to compare that 70,000 files?

i have 2 option now:

1-using second hdd and raid 1
2-using rsync and backuping to my second server , so i can save about $70 each month.

View 9 Replies View Related

Is It Possible To Create A Cron To Backup Mysql Data Daily

May 15, 2009

Is there any way to create a cron to backup mysql data daily ( or weekly )? I mean an "auto script" to run this command daily

mysqldump -u usernam -p password dataname > file.sql

View 11 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved