My website has been under a constant Syn Flood DoS attack for the past few days. However, the attack originates from a single IP address that changes every few hours (Possibly a syn flood script with IP spoofing capabilities).
The Syn Flood attack isn't creating any spike whatsoever in my usage graphs, however, its still rather annoying. What firewall should I use to combat the DoS attack?
Well I've tried Staminus and Awknet and they both just seem to rate-limit if I get like 300MBIT SYN, is there any provider that won't just rate-limit but will actually filter the attack for around $200/mo?
View 7 Replies View RelatedI have been faced with a packet flooding issue.
Quick scenario, I run a few public game servers, and we have had a member go insane.
This member has been using a piece of software, to do a simple DDoS attack, and when they perform this attack, it laggs everybody out, and takes down the individual game server.
While this is occurring, I have been watching with a network analyzer program, and noticed the packets go sky high (from 4.4k to 150k+).
So, I am in need of a quick, piece of software that can block flood attacks, or whatever is going on.
my new server performs strange
I checked /var/log/messages
there are full of these messages
possible SYN flooding on port 80. Sending cookies.
kernel: printk: 84 messages suppressed.
kernel: nf_conntrack: table full, dropping packet.
my site is a huge site, thousands of ppl online
I think i am not been attacked, but kernel think so.
How to resovle this problem.
How can I stop netfilter from kernel
kernel:@2.6.22.1-32.fc6
2 xoen 2.8g, 2gb ram, 73gb scsi hd
Someone seems to be flooding our HTTP server somehow. We use the latest version of Apache on Windows.
Is there any Windows modules that can filter the total amount of IP connections, or something built into Windows that could filter this?
I made a thread about this in programming as I was trying to figure it out but I ended up tweaking dos deflate a lil and got it working. Tried and tested as well during low bandwidth syn flood. Keep in mind if you are having massive syn attacks then most of it will have to be filtered on the network level. I have filtering from staminus on my server, this is just for the low bandwidth stuff that gets through.
Syn-deflate is just a name I came up with as it is based on dos-deflate, only a few changed features. I dont know how medialayer would feel about me modifying their script this way I know they got lisence and copywrite on it. Guess I will talk to them about that before any official release.
especially about the csf version.
So I always have used some dos deflate features to monitor dos in my servers, just the netstat command. This one:
Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Today, got a syn flood coming through, low bandwidth, etc. Each ip connecting under the tracking limit for csf. So I tweaked the netstat command a lil bit and I was able to see what ips were sending syn and how many times.
Like this:
Code:
netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
So I figured it would be very handy to ban ips sending over so many SYN_RECV connections at once. So I took dos deflate and tweaked it a lil. Made this to work with csf. Only problem on csf is there is no unban command, only whitelist so I just had it do csf -d again on the unban command, This would give an error and would not unban the ip but you really dont need to unban it so soon.
With apf it works perfectly on unbanning. Works just like dos deflate but bans syn flooders not connection flooders. You could even use this along with dos deflate. I am using it along side of csf and the connection tracking feature no problem.
I plan on releasing some what of an official version too along with some other tools to monitor and stop dos. So whoever is interested or can offer some advice let me know.
For those who wanna give it a try:
For the CSF version:
To install:
Code:
wget[url]
To uninstall
Code:
wget [url]
For the Apf and Generic Iptables version:
To install
Code:
wget [url]
To uninstall
Code:
wget [url]
uninstall.synd ; ./uninstall.synd
I didnt get to try the apf version out much but have used the csf version all day with no issues
Note to makers of dos-deflate: Im not too keen on all this licensing stuff or what I am supposed to do when I modify someone else script so let me know what I need to do to keep from making anyone mad.
server notice : kernel: possible SYN flooding on port 110. Sending cookies. and down.
how to disable flood on port 110, flood port 443!
EX : disable telnet on port : 21,445,110,53
how to disable telnet on port 21,445,110, with cmd (telnet ip(host) port)
I cant decide between
Dual Processor Single Core
Dual Processor Single Core Xeon - 3.00GHz (Irwindale)
Or
Single Processor - Quad Core?
Single Processor Quad Core Xeon 3220 - 2.40GHz (Kentsfield)
My site needs "raw" processing power due to the applications it runs. ram (over 2 gb) and hdd are not that important to me.
could someone point me in the right direction.
An old friend of mine wanted to get a vps so I made one from a dedicated and gave it to him. The only thing he has done is made it so the only ip allowed to connect to ssh is his. what are the pros and cons of hacking.exploiting with this.
View 2 Replies View Relateddoes anybody know a company for a cheaper ded. server (unmanaged) who will accept also a IP net (min. /24) within a BGP4 connection instead of single expensive IPs ? I know some in Europe who will do it for additional costs but often the server are too expensive.
View 12 Replies View Relatedhow to set 2 name servers with a single IP address via cPanel?
View 10 Replies View RelatedI have purchased a VPS and setup all my apache, php and mysql successfully.
However I am unable to understand over how can I point [url] (bought at Godaddy) to my VPS host.
I only have a single dedicated IP address for me. So it makes more challenging on how can I host DNS on my VPS only.
I have the impression that I am being affected from a kind of DDOS or email worm attack. Is there a way I can track the sources of the connections?
The control panel I am using is Plesk 8.2 on Linux CentOS 4.2
I have three sites running on three separate servers behind a single router with DDWRT. One of the servers is a Windows 2003 server that I have DNS running on.
Each domain name points to my public static IP address.
My router is set to use the windows 2003 server as the DNS server.
I have port 80 forwarding to the windows 2003 server.
I can access the sharepoint site that is on the 2003 server from outside my network and within it without any problems.
When I try to access one of the other two sites from outside the network, i get a 400 error. When I try to access the same sites from within the network, they work fine.
how to reset a password via a single line command? Or script? To make it automated?
View 14 Replies View RelatedI have a Linux(RHEL5) dedicated server.Tomcat version 5.x is running integrated with Apache and now i want to install tomcat 6.x integrate with apache without effecting older tomcat version. it will run as it is.
How can i do this and if yes then how can i set tomcat home path for both versions.
CATALINA_HOME=<Which path for both> and how to install it.
if it is better to host two related websites on single host or on separate servers?
currently we are hosting three related websites on 3 separate webhosts. one in US, another in UK & another in Nepal. can anyone please explain if is it better to use single webhost?
Our web server encounter a problem lately, that an IP address in India repetitively sent requests that uses up all connections available in Apache. All connections appear to be in W state. The connections are not terminated by Apache even though timeout has been set to lower 30 seconds. Similarly, MySQL connections also are not dropped until Apache is restarted.
View 7 Replies View Relatedis there any sort of ssl certificate that will 'secure' any domain, hosted on a single server?
For example, I have the following domains and subdomains:
google.com
test.google.com
mywebsite.com
hello.example.com
All will be hosted on the same server (same IP) and I want all to be secured, through a SIGNED certificate, not a self signed. I assumed that wildcard ssl would be fine for this, but I just took a look and it's only for subdomains: example.example.com hello.example.com.
Is there any way of having every subdomain and domain secured, using ssl, through one certificate? I don't want to have to buy individual certificates for every domain, that'd be... expensive.
We have a few single CPU (54xx quad core)systems running Hyper-V and looking at the Hyper-V Logical Processer Total value in Perfmon its staying pretty much from 85% to 100% all day long. Perfomance is mostly ok with an occasional hesitation, but the biggest reason is we are trying to avoid doubling the cost of SPLA license by not adding the second CPU. Most motherboards we have only hold 16 gig to 24 gig memory and by adding a second CPU both will probably be less then 40% or 50%
Any problems keeping a 54xx or any CPU for that matter running flat out as long as its cooled OK?
how to set the restrictions of maximum recipients a singe email can be sent to. I found one customer sending an email to 1233 recipients at a time which is a large number enough to increase the queue on the server. I am running Cpanel/WHM. Is there some tweak to be done in Exim?
View 6 Replies View RelatedWhat is the best configuration for a dedicated server? Trying to get my head round all the terminology as fast as I can.
Multi Processor Single Core
or
Single Processor Multi Core
Based on todays equipement I know a person can spend Thousands on a good server, I'm looking to build my own and just want some advice on which way to go.
I'm thinking of just building the server pc in one case and the hard drive setup will be in a seperate case with the following:
3ware 9690SA-8E controller
Mass-Storage 8x by A-Tech Fabrication for a case
8 - SATA2 SEAGATE 1TB (7200rpm) 32MB on the controller as RAID
Can anyone give advice on what would be a good setup if you were running 1 single server for local businesses. I don't want to hear just pay for a provider as I've heard that one before now I'm looking to know what hardware setup you would run I like to play and learn. Even though sometimes the headache playing isn't as much fun as we sometimes may have hoped.
What are m/b and processor options for running a server?
What is min. amount of ram a person should run using linux and cpanel?
Should linux be on a max. amount of space for root and server files on a seperate mnt?
What connection up/down would be min. for usage of about 5gig/month?
This is kind of a followup of our thread
"More RAM or better CPU?" [url].
Sorry if we were supposed to post in that thread in stead, but this is a different question that in that post.
Our server is still crashing a lot and unfortunately we can't afford a multi processor with multi cores.
So the question is as follows:
For a site with a lot of database activity, what would be the best thing to go for:
a) Single processor with multiple cores, or
b) Multiple processors with a single core.
a = Intel Xeon 3060 Dual Core Conroe Processor (2.4GHz)
b = 2x Intel Dual Xeon 2.8GHz Processors
i got my server. I'm still shopping for hard disks but the server is pretty much there.
i'm in Houston, Texas. i'll like to know if anyone can give me tips on what to look for in colo. what question should i ask or be aware of.
my budget is $100 per month. i don't use much bandwidth and it doesn't have to be premium bandwidth with basic service.
I'm a web developer for an educational institution. We have a site that over 300 students must access each semester. Our site is hosted by a popular shared hosting provider. Our site is accessible to everyone BUT several students living in a particular dorm on our campus. The dorm has a different internet service provider than the rest of the school, so the site IS accessible on the rest of campus.
The dorm ISP insists they have no firewalls blocking any sites including ours. Indeed, the students confirm they have never had a problem accessing any other sites. Our webhost ran some tests and said they do not have a firewall up against the dorm's IP address therefore the problem must be on the dorm's end. Indeed, no one else has problem accessing the site except for these dorm students. Both companies are claiming it must be on the other's end and neither are willing to look into it further.
Some additional tidbits. The site was hosted on a Mac G5 dedicated server in our department in the past and students never complained about access issues. However, that was in our beta phase and less students were accessing the site.
We had one of the students in the building run some ping commands and a tracert. The general ping and tracert commands appeared to indicate the site was working. However, when the student tried various specific ports, the command got stuck on: "connecting to ..." where the dots were our website.
This test seemed to affirm to the server company that the problem was at the ISP level. Again, the ISP insists the problem is not theirs.
My main question is, does anyone know what on earth could be happening and on what end this problem may be on?
I would like to run fsck in boot up. How can I run it? Please let me know.
It is centos and I clicked E and it came up to edit grub file, I am not sure how it needs to look.
From reading these boards for a couple years now, I always had the impression that colo was cheapest in Texas or thereabouts, and was priciest in places like NYC. (Of course, I'm referring to relatively comparable service.)
Now I finally have a need for a single server colo (1U). The most-mentioned places in Texas on these boards are cologuys, colo4dallas, etc. Most of them have reasonable rates listed right on their website, around $100-170 for the bandwidth that I need, about 1.5Mbps.
But I've also been requesting quotes from various providers in NYC, who are also popular on these boards. And while there are some in the $200-250 range, which is what I was expecting, there are some that are mentioned highly on these boards (toqen, thenynoc, razorblue, etc.) that are quoting $60-100/month for the same amount of bandwidth.
I.e., not only comparable but in fact *lower* than the Texas colos.
What am I missing here? It's very possible that I'm comparing apples to oranges, cuz I really don't know any of these businesses. Just forming an opinion based on what gets recommended here on a consistent basis.
Does anyone know if there are providers left in Dallas that provide single server colocation solutions? If so, who are they and what can I expect in terms of pricing?
I am used to reselling shared and dedicated servers, but I've leased them for long, I could have paid for them by now. Some of my clients have their own systems too. They tend to request Dallas.
I am starting a small template based company. How many unique websites in their own unique folder can I host on a single server?
These websites would not get many hits, maybe a few hundread to a few thousand a month per site. My goal is to minimize the number of accounts I will have to open up with a web service provider.
Should I purchase 1 package per site or is there a way to get around this. Each unique site would have its own unique domain.
Have a domain, and I want to make a single Contact Us/Order page SSL. Have purchased the SSL certificate, put the domain on its own IP and it's ready to go. Now, how do I go about altering the page to be an SSL page. Do I simply call it as [url]? It makes some calls and loads a little SWF contact page from within it's own directory, and then shoots an email out to the contact email.
This will be the only page that ever needs an SSL on the whole site, so no worries in expanding it later.