How Many Attack Attempts Do You Get To Your Server Per Day?
Aug 22, 2007
I went today to my apache error log, and noticed that those scum lowlifes hackers trying to hack my server every day for at least 100 times!!!
What a disaster!
Examples of urls they trying to use:
- http://usuarios.arnet.com.ar/larry123/safe.txt?
- http://uploaded.justfree.com/id.txt?
- http://nukedclx.info/php/base
Is there anything that can be done to prevent this mor*** from even trying to hack (except putting a bullet in his/their head)?
I have been getting a lot of hacking attempts from this server:
server.softjin.com
They have offices in the U.S. as well as India, Japan, Singapore. I have reported them to [url] and if you are in the U.S. and have proof of hacking attempts from this company, please post them here -
I am currently looking to compile a list of complaints so I can send another complaint report to ic3.gov
Our VPS is being hit several times a day with hacking attempts. We have been actively monitoring error logs and can see the failed attempts. I was just wondering if there is a better way to track such attempts or another system log that wold provide additional info on these attacks? or maybe some 3rd party logging scripts?
It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:
Options +FollowSymlinks RewriteEngine on RewriteBase / # Force www # Redirect google index dir's to new dir RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]
Every time I log on plesk 11.09 I get an email from admin saying that due to maximum number of failed login attempts for admin, the account was blocked for 30 minutes.
First, I do not get failed login attempts, I log in every time.
Two, the account is not blocked, I can log in, out and back in as many times as I want without problem except that I get this email everytime.
Someone is trying to attack our server (I think so). When running apache status there are a LOT of connections from one network, all requesting the same page. But running: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n does show any of these IP's. So script blocking ddos attacks wont work. Anyone know what can I do about this?
I think I'm experiencing some type of alternative to a DDoS attack. My server is being killed by thousands of emails being sent to fake accounts on my server.
I'm not a server administrator, so please bear with me.
My load average is skyrocking to 800.xx at times. I look at "top" and see "exim" for one specific user on my server. I own all the websites on my server, by the way.
When I look at my email queue, I see thousands of emails coming in to accounts that don't exist for that specific user. Let's say the domain name is salcollaziano.com. Somebody is sending spam to various salcollaziano.com aliases that don't exist. Like webmaster -at- salcollaziano.com and suzy -at- salcollaziano.com.
How can I prevent these spam emails from having any interaction with my server? It's causing me a lot of downtime on all the sites I have running on that particular server.
Not sure if it's a valid threat, but I would like to do the best I can to identify one as early as possible.
Can someone maybe give me an idea of what to look for? They were not specific on there type of attack, but I was hoping that there was maybe a log file I could tail and keep an eye out for irregularities.
my server got phisihing attack with bankamerica/paypal etc. i wounder because we have tight firewall/security etc. but any way this is teribel. i have found ip when look in to /var/log/messages -
its looks like (?@85.201.19.xxx). is it used anonymos ftp? i found same ip used to log in to another ftp host as well.
My server (Xeon 3.0Ghz) went down for no reason yesterday and ever since it was rebooted (and I've rebooted a couple of times since then), pages load extremely slowly or just timeout. Server load is constantly hovering around 1 and top stats indicate that the server's resources are not under heavy load, which is contrary to the usual pattern during peak times.
I've checked netstat and I notice a lot of SYN_RECV. Could this be a DoS attack? If so, what steps do I take to stop it?
My server was hit with flood recently, to the point where I was unable to log in via SSH. Running 'netstat' command showed I was getting flooded with thousands of http requests from China/Saudi Arabia/Korea. I installed APF firewall and added those countries to deny list.
Next day I was hit from Russia and Romania and some others. By reading some posts on this site, on top of APF, I have also installed Dos Deflate. It was working for couple of hours, but then it stopped working. I could not even log in via SSH. My provider told me that APF was using all of the "conntrack" connections. I have increased conntrack connections to 130,000 (I have 4 Gigs of RAM on my server). Is that possible? (I have about 300 IP ranges in my APF deny list).
Next day, I was got hit by different attack: there was 11 Mbps of malicious traffic on average sent to my server. My provider put me behind firewall to mitigate against that kind of attack.
Currently, I am both behind the hardware firewall and I have APF and Dos Deflate running. However my server is not accessible.
When I request, I can log in for couple of minutes, but then I get kicked out.
I have been getting ddossed for the last month, my host has tried many things on my server that are commonly suggested around here, however we have over 40 000 connections hitting the server from this attack and it keeps rising.
I am on LiteSpeed. I also have NetScreen 50 firewall which helped for a little while, however the server still keeps going down.
I am spending $420 a month on my hosting for my dedicated server Now it is costing me an extra $400 a month to have Netscreen firewall running which is a waste of money as it can not effectively keep the server running and i'm not sure if I can even effectively afford that much money a month, however I might need to spend a little more if need to just get the server running finally.
basically I need some options as to what I can do. I would like to stay with my host, they have been good to me, however if my options are better suited to changing then let me know. I just really need to get my server running great asap and to keep it running great when i'm away from the internet.
Today my system which is hosting the site bepenfriends got compramised(win 2k3) and now LT tech guys are working on it to reload the system with a data save. I was not having a hardware firewall which caused this problem. But i had windows firewall, windows malinious software removal tool (defender i haven't installed). I have updated all patches of win2k3 whch was released till today.
Now after restore it will be great work to bring my website back with all those rewritten urls and the softwares and its licenses.
Now please help me out in below stuff.
How to stop further attack and further compramisation of server.
My site is being attacked by what appears to be a dictionary attack on my mail account. They are sending e-mails to random accounts at my domain from random e-mail accounts from somewhere else. Each of their messages is coming from a unique e-mail address and a unique IP address.
Now, we have some dictionary ACL installed that basically blocks any IP address that is caught doing this. So we are blocking tons of IP addresses, but they keep coming at us with new ones. We also have it setup so that the mail is rejected right away for any accounts that aren’t actual e-mail accounts of yours. However, they are hitting the server so hard that it doesn’t seem to be making any difference.
I have a client who's server has got DDOS attack. It causes the network disruption and DC wants to turn off the server. My client feels it stupid to turn off the server just like that.
Ever since Monday morning, my site has had problems because the server at my host is under attack.
Most of Monday my site was down. Then Monday late afternoon, it came back...I thought. The forum is up and running, but the rest of the site, built on WordPress, is screwy.
Most of the plugins aren't working because of inability to connect with the database.
I can't log in to my cPanel at all and haven't been able to since Sunday.
This is the first time I've experienced anything like this, lasting this long.
It has me wondering if I should start considering a new host. I have loved their service, especially their speedy support (native English speaking to boot) so I hate to leave but I'm not sure if their service is going a little downhill or not.
