Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
How would I trace a malware file uploaded to a particular account? ....
View 2 Replies View Relatedin my server more than 5 sites got malware and gumblar.cn trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?
View 10 Replies View RelatedCan this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.
The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.
Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?
When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
Avast started giving out warnings when people viewed my site saying a trojan horse was detected called "JS:Bulered".
I looked through the page and noticed a chunk of code added at the end of the page:
[code ...]
I cleared it then noticed it was also added to random files on my Invision Power Board forum and Coppermine gallery so I cleared it from there as well (just replaced the files from a backup I had).
I'm currently on a dedicated server with SoftLayer and I have a few other sites and when checking them I noticed the code was added to pages on those sites as well!
Right now I'm just concentrating on my main site I've cleared all the code, changed the password, ftp password, root password for the server. But after several hours the code was added again..
I read somewhere that it could be an infection on my computer that is using the ftp connection I make to inject the code to my site so I've changed the ftp password again and I've stopped using ftp. It's been a couple of hours and the code hasn't been added back yet but there's a good chance it'll be back soon.
I'm getting DoS attacks on my new dedicated server and I've had about 600 emails from my server about IP bannings. I can't even access my server via WHM at all at the moment! The sites are still online and the server is up but I can't log into WHM. What can I do to remedy this?
Also I can't quite understand why anyone would conduct a DoS attack in the first place...
I have a VPS that's on the awknet network and I'm receiving DNS DDoS and I don't think they have anything to stop these attacks, how can I prevent these?
View 4 Replies View RelatedI seem to be getting a lot of mail attacks to accounts located on the server. However, most of the email addresses do not exist and therefore the emails are bouncing back and getting stuck in my mail queue manager. There are something like 20 emails per minute getting stacked up in there and it is causing a massive load on the server.
How can I stop these attacks?
my webserver defaced with this persons name all over my site.
I was reading and it said JaMaYcKa does this things through a cPanel bug.
Apparently our entire host has been hacked too. I'm very dissapointed as I was on the verge of starting one of my most biggest projects and now it's gone. :'(
one of my costumers server is getting ddos attacks. I solved syn and get attacks with litespeed web server but I have another problem. They started to do udp flood. I m losing connection to my server. I bought new server with 1 gbit port for solving it.
View 3 Replies View RelatedThis is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]"
Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level.
Now I have plenty of blocked IP ranges all over the world.
What would be the best way to avoid from those kind of attacks ?
I want to understand the mechanics of a DDOS attack. I have been doing a lot of reading about them this weekend.
The way I am understanding it, a DDOS attack is done at the network level. It may be requesting that pages from a given website, or websites, are served up, but it basically will effect the entire network. So if 'page display' requests are made to a website(s) that is hosted at ABC Hosting (example only), to the tune of 15GBs then I have to assume that the network will be terribly degraded. If that is so, wouldn't other servers also get taken out?
I believe the architecture of the internet is something like this (example only):
Gnax --> Planet, SoftLayer, RackSpace, etc.. --> Reseller --> Smaller Reseller --> Me
If that is true, is each level along that route using their own networking system or are they all dependent on ones that major Data Center uses?
My current site has been taken offline since it was being ddos attacked, been with my current hosters for 3years at least, but with recent events they gave me the option to shift my site to a dedicated server or me to move of bascially. (impression I get now, since they seem to be taking longer to reply to my messages) I was being ddos attacked since I refused to give a copy of me software to the visitor at my forums/site.
ive been looking round site after site and I cant make up my mind who to shift too, also if that same idiot who ddos attacked me does it again before I can take any action, I would be in the same situation again.
I have multiple domains and all my sites in total are about 5gig in size, cpu usage is avergae and queries roughly about 15/17 the most, I currently pay £130.00 a yr
I have had few bad experiences with hosting companies but learnt along the way, and assumed my current hosters would be a reliable place to stay at. My sites been offline since friday and I would like to get it back up again asap. Last thing I want to do is rush into a hosting package and be stuck in a dud situation.
I would also like to take action upon the person who has been ddos attacking me, I managed to get hold of his details and I also have confirmation that they are correct, what can be done legally?
My sites are getting heavy DDoS attacks.
What's the best firewall? I'm currently using ACH software firewall but the attacks are getting so bad my site's are going down (apache is shutting down/locking) and sometimes my server even crashes.
Anyone recommend a better software firewall or a really cheap but good hardware firewall?
Could my host just use a router or something as the firewall or would that not do? I'm looking for something really affordable as a solution.
Some of my websites have been under a DDOS attack for about a month now. Is there any way I can find who is behind this attack and what their motive is?
How much does it cost to launch a DDOS attack and how long do they usually last?
i have a shared host
my site under ddos attacks!
i want to upgrade to Dedicated Server
i needed to Dedicated Server contains DDOS protection!
btw: Site visitors 2500 in day!
how to prevent my web servers from DoS attacks?
View 12 Replies View Relatedmy VPS provider just rebuilt my VPS after many hack attacks.
From some days I am getting emails from firewall that someone login to my VPS/mySQL using SSH.
I don't know what they do, but they don't disturb any account. Only some downtime feel during this. But last night my VPS stop working so my provider rebuilt VPS.
how I can secure my VPS now. I have Cpanel installed.
there are some game types out there that are not protected from any type of udp flood attack. I have been doing a lot of work (my servers are linux) and blocked this by coding a bash script running every second checking tcpdump for the amount of current UDP connections and blocks the ip witch has more than a certain number of current UDP connections. This works perfeclty, but it firewalls the ip AFTER the attack started.
I am really interested into blocking this attack fully. Limiting the number of current connections (UDP) from an ip to a certain amount to block this attack totally. I have been looking around a lot and have had no luck. From what I have found, there is no way to do this with iptables or ipchains. It is possible for TCP though, but I could not find it for UDP. Could anyone help me out here.
Just to let you know, I do run a firewall, but it would never pick up this type of attack unless it was major. This is more like a game type bug (firewall thinks the packets are fine, player packets going to the game server).
i am seeing a lot of Local file inclusion (LFI) and mysql injection attacks quite often directed to php scripts.
what is the way to prevent them? would installing mod_security to apache work?
I have CSF on my server (configserver security and firewall) and it blocks the IP when my server gets attacked, but it always seems to be a little too late... Apache goes down, even though the IP is blocked. I end up running:
iptables -I INPUT -s xx.xx.xx.xx -j DROP
service httpd restart
And that tends to sort things out... but the thing is, sometimes they still manage to attack and even though csf sends me messages explaining how it is connecting, I can check the "deny IPs" and the ip shows as blocked...
What other software is there (eg. mod_evasive... but how can I install it...) that I can run without harming my server, causing problems with CSF or any problems for that matter and how can I install it?
Firewall settings are great for preventing Denial of Service (DoS) attacks, however it may not always be your only solution. The day has finally arrived when I found this excellent module called mod_dosevasive (DoS Evasive) which keeps track of how many requests each client makes to your server within intervals. If a client is being forceful with your server and making too many requests, then it is more than likely not just a web browser but some automated process unleashed on your site to try and take it down.
This handy Apache module we have found takes care of these issues. Let's get started by setting it up.
Im running a windows 2003 web edition server with apache 2.2.4 installed and a ported module; mod_dosEvasive, my server is vurnable for some sort of single machine dos attack. Not only my own server is vurnable but basically ANY apache 2.2.4 win32 server, even without additional modules (lik php) installed ( i checked by installing apache2 on 4 machines, all vurnable)
The tool used to attack apache is described here:
[url]
When attacked by the specific syn flood attack apache2 becomes useless and doesnt send any responses out anymore. When the attacker stops sending this flood Apache starts responding again.
how to secure a windows apache server against such an attack?
I know there is no device can protect you from ddos attacks, but I wonder which one is the best to help you reduce the attacks? It might be intelligent to "feel" the attacks? Brand names from Cisco, Foundry, Nokia...?
View 2 Replies View RelatedAs many of you already know, not everyone has the money to spend on physical firewalls, for example a cisco firewall. I would like if everyone could share little tips and tricks towards securing a server they learned over time. Nothing in big detail. I thought if we all share our ideas, it would help quite alot of other people. For example, here is a good layout I believe. Please note this is towards a game server setup.
Shorewall Firewall - Block Unneeded Ports + Block Ping
Apache Web server - Installed with "mod_security"
SSH-Faker - Stop thoes bots from trying to gain access to SSH (Guessing Passwords)
DDoS Deflate - For me, does not really work. (I know, mainly for port 80 so webhosting) But still have it installed.
Bash Scripts Monitoring # of connections per ip with Netstat.
PSad - Monitoring and Reporting Port Scans (Optional automatic timed block)
VNStat - Monitor Current/Monthly/Yearly Bandwidth (Does not hog resources)
I'm guarenteed to of left alot out than just the above. If some of you could also share some simple things you do for securing a server, would be great.
Hosting providers and DDoS attacks!
Hello guys! I am looking for a reliable hosting provider! I mean the most important thing for me know is to be sure that my future hosting company will manage to protect my websites against DDoS attacks fully! What hosting company according to your opinion can be considered as the most stable hosting solution against DDoS attacs?
