As I read more and more posts and discussions I'm coming to these two conclusions related to server attacks:If attack is relatively small you can fight it with iptables/csf/apf.
If attack is big nor software nor hardware firewalls can really help.
I purchased one of ConnectSwitch's New Year plans two weeks ago. All was great to start of with. My VPS was set up within an hour of signing up and I paid my first months bill.
I sent a support ticket to them on the 5th of January asking them to enable iptables modules so that I can set up the firewall. I was told that this would be looked into as the Kernel was compiled without iptables, and Sam Smith, CEO would look into it. I had to keep sending more support ticket updates asking them for a status, didn't get much back from them though! Two weeks later, still nothing!
Absolutely terrible technical support, and I will even upload a screenshot of the ticket dialogue if anyone is interested.
I've always used this forum when looking for web hosts and the need recently arose to find two new VPS's and a dedicated server.
So, found a couple of good looking ones, signed up straight away with servInt ( and very happy! ) and also signed up at iWeb.
I only got a shared package to see how their service was - and I've been appalled.
I've REALLY wanted to like them, but they keep letting themselves down.
I was drawn in by the 100% uptime claim, which of course turned out to be untrue.
Several of the website monitoring clients I had running shows the site as down on 2 occasions - but I can live with that. Everybody has downtime.
The other thing was a simple question regarding the shared plan I had signed up for. I asked: "Can I have multiple dedicated SSL certificates per shared account, eg a certificate per domain".
I was told by live support, Yes. I was surprised and so signed up!
Surprise surprise, I can't do that on an addon domain. So I open a ticket at 2008-11-13 22:26:11 asking if it's something I've done that is making it screw up. I get a response at 2008-11-14 17:27:39 saying they will add an IP to the account for it to work.
On the 2008-11-15 15:55:47 they reply again, saying I can only install a certificate on my root domain...oh, so not what Live support said when I signed up! They also say I will still be able to access [url]- but as we all know, a certificate for [url]will show as untrusted for [url]. And I was told in the first place that I could have more than 1 certificate per account.
I reply 2 days later when I am able to, asking whether it would appear as trusted, and recieve a prompt reply at 2008-11-17 18:10:54 from support saying they will switch my domains round to allow me to install 1 certificate on [url]straight away.
I say go for it at 2008-11-17 18:17:34, and recieve a reply at 2008-11-17 19:23:21 saying it has been transferred to the advanced level of support.
THEN, 2 days later at 2008-11-19 20:55:02 I recieve the following reply:
You should now be able to go in the security -> SSL section of your Panelbox account and input the certificates for your domain. We did not have to switch your primary / addon domains after all.
It took 2 days for that?! I had by this point decided that the lack of ssl certs on the test sites were hurting sales so moved them to the servint server.
I asked about the SSL certs later, the first reply kinda indicated that I could have lots of SSL certs, and the second said something completely different.
Me: So are you saying that any domain can have its OWN SSL certificate?
iWeb: Yes, as long as you have purchased one for each domain at your SSL provider.
Me: Are there any additional charges? Last time I tried this (I added a SSL certificate to an addon domain), it
didn't work? Why do you think that was?
iWeb: Unfortunataly, you cannot have any more SSL certificate on your Hosting currently.
As i have already said, you will need to merge to a Reseller account. If you want to do this, please login to your customer hub available on [url]and then click on your account. After that, you will need to click on the "Upgrade or downgrade" button and then choose the "Reseller Mega Site".
I may just be making a fuss here, but while there is 1 staff member who knew what he was saying (Kevin Archambault), the others did seem to confuse me by telling me over live chat at various points that I could add more, or that I'd need to change my primary domain, or that I wouldn't, or anything.
I asked for a refund and account cancellation on live chat and they told me to go Finances>Renewable Products> Refund to both cancel the account AND get a refund.
This was on 2008-12-06 15:14:10, haven't heard anything yet except another invoice reminder on the Sun, Dec 7, 2008 at 12:05 PM, and a staff member telling me my account has not been cancelled. I did leave it late to cancel but followed web-chat's advice, clicked what they told me to click and have now been invoiced for another month (my package renews on the 9th). Surely 3 days was enough?
Anyone from iWeb here want to help me out?
I do WANT to like your services as you've got some great deals but your support has not inspired confidence.
Extremely non-professional service. Took them 48 hours to setup my VPS. Also had to create a support ticket. And when it was finally delivered, there was no DirectAdmin on it. Specially disturbing, since I actually paid for a monthly license.
Not to mention that their responses are very vague. They claim to apply the promotions (triple disk space, double bandwidth) 24 hours after they setup the VPS. I have no idea why they do that.
Moreover, they have false advertising on their VPS page (Instant Activation..where it should read 'We don't activate your VPS unless you create a support ticket).
A speedtest from the VPS showed that the VPS is capable of bursting to a maximum of 10mbps, while average speed is barely 2mbps.
Stay away from these guys. They're potential scammers. They WILL scam.. sooner or later.
I was about to recommend Dream Host to someone. Normaly I just say goto DreamHost.com and enter this promo code ...
Well when I went to the site to see what the package was, a "Sales Robot" came up with a $50 off link. It filled in the promo code spot. Not with my code, but with theirs.
I'm not sure how everyone else feels about this, but I consider it stealing commissions. It's one thing if the link didn't affect my being able to be the referer, but it's a whole nother game when promo codes override the referral credit. Since they use promo codes to track the referral, this really is switching the referral.
Now their website says you can use the promo codes OR a link, it doesn't say anywhere you have to use both. So even if this bot doesn't come up when there is a referral link, it's *still* stealing.
So - what are your thoughts, and has this been happening all along? Does this explain why I've only received 2 referrals when I mention it all the time to my readers?
This has been happening for about 6 months, someone has been exploiting my windows server and causing 300 php.exe processes to run, therefore making the CPU usage go to 100% and cause all php sites to not function. It is a perl script, and I had gotten ahold of the explot, but am unsure how to block it,
what the following is doing, and how to block it.. once I find the script again I will add it to the post..
If I go into the Backup Manager, then click the "Personal FTP Repository", then click "Personal FTP Repository Settings", at the bottom it asks for a password and says how important it is to use a password.
So, I specify a password, then successfully do a backup to a remote FTP site.
But when I examine the backup.zip file at the remote FTP site, it a plain ZIP file that you can open without any password!!!
How is this secure, what's the point of asking us to specify a password when it's not used to password lock the backed up ZIP file?
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
Im using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.
But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.
Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.
secure a LAN network with 200 computers, a specific hardware solution (like CISCO PIX or so) might not be available.
Though, I'm considering a Firewall OS based Solution like pfSense, m0n0wall, eBox, Endian Firewall, SmoothWall, etc.
There are so many options and I have no experience with none of this. My Requirements are:
Web based configuration Clean Interface with graphic statistics Pretty Secure Good hardware support Free usage Simple configuration Support for high bandwidth usage
I think OpenBSD is pretty secure, is there any OpenBSD Firewall OS solution with this requirements?
know of any hardware firewall (or suggest) which is under 300 USD and can protect around 5 servers with a total bandwidth capacity of 100 (+/-) Mbps. I am really no security expert
Of course, it should have web based management, online documentation (not really needed) and something special for prevent DoS attacks automatically (really fed up of them).
If possible if you can link me directly to an online store that can ship it Internationally / Europe?
I was having attacks so I installed CSF firewall which did a great job. However on a few of my sites, specifically proxy ones, every second or third page you visit will be a 403 Forbidden error. After about 20-30 seconds, you can refresh and it goes away. I suspect CSF is causing this, because it just started to happen after I installed it. Is it thinking there are too many connections or too much bandwidth and its blocking me or other users just using the proxy? Is there a way to make it slightly more tolerant?
I am a non technical type that is trying to start a web based business. I am thnking a dedicated server will be the best option for me but as I looked at the quotes from several different web hosts I noticed that the firewall services that they provide are very expensive. 100$ a month - 150$ a month.
Are there other firewall options that can be installed on the server that we as administrators can install and use?
I have had a fair few hack attempts from ip numbers that are on the same provider ;telewest' that i am on - is there anyway of getting this takne further other than contacting isp?
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0 Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0 Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0 Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0 Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0 Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0 Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0 Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0 Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0 Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0 Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0 Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0 Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0 Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0 Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0 Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628
Lately one of my servers have been getting syn floods and ddos attacks (repeatedly for the last 2 weeks). The attacks are not as bad as they were the last 2 weeks, but my software firewall (iptables and csf) is not doing the job anymore. It can't handle such large attacks.
I picked up a netgear firewall, but it has dhcp and lan, which made it have no use to me. All my servers are on static ips, so I would be unable to use a lan.
Is there a firewall available which would allow me to setup something like this (Server 1 is the one getting attacked):
Internet ---> Firewall ---> 48 Port Switch ---> Server 1, Server 2, and so on
or
Internet ---> 48 Port Switch ---> Firewall ---> Server 1 Other servers come off the Switch
I saw the Cisco Pix on ebay, but am not sure of all the features it holds. I basically need a firewall without any lan capaibilites, no routing, just a plain firewall that will protect from DDoS and Syn Floods (if possible, also email me the logs). Also needs to push up to 20Mbps (100Mbps would be best though).
I looked into m0n0wall and pfsense, but their software didn't make any sense to me. I tried setting it up on a PIII 700Mhz with 768MB Ram but never got the webConfig to work.
Price is not a huge issue, I just need these attacks to end. any suggestions on software firewalls let me know.
I have a client who requires a firewall with VPN support. He will be utilizing around 10mbit of traffic at most. What would be a suggested firewall to go with that would properly handle vpn?
We are looking to replace our existing WatchGuard Firebox's with a hopefully more reliable firewall from Cisco's range although I'm a bit lost when it comes to the different ranges.
Could somebody suggest a firewall that is capable of:
1: Both NAT & Drop-in (bridge) mode 2: Pretty low bandwidth requirements, no more than 10mbit/s traffic 3: SNMP Monitoring 4: High availability pairing
How do you modify a server's firewall? We have a dedicated server with WHM installed and it appears we can't get into mail.domain.com because of a firewall setting (our host disabled the firewall and it worked fine, then of course put it back up).