I think I'm experiencing some type of alternative to a DDoS attack. My server is being killed by thousands of emails being sent to fake accounts on my server.
I'm not a server administrator, so please bear with me.
My load average is skyrocking to 800.xx at times. I look at "top" and see "exim" for one specific user on my server. I own all the websites on my server, by the way.
When I look at my email queue, I see thousands of emails coming in to accounts that don't exist for that specific user. Let's say the domain name is salcollaziano.com. Somebody is sending spam to various salcollaziano.com aliases that don't exist. Like webmaster -at- salcollaziano.com and suzy -at- salcollaziano.com.
How can I prevent these spam emails from having any interaction with my server? It's causing me a lot of downtime on all the sites I have running on that particular server.
When i try to install BotNET 1.0 on my dedicated, i got this error :
root@leet [~/botnet/BotNET-1.0]# . install.sh Compiling source code . . . In file included from src/main.c:9: src/../include/bot.h:43: error: array type has incomplete element type src/../include/bot.h:57: error: array type has incomplete element type src/../include/bot.h:89: error: array type has incomplete element type src/main.c: In function: src/main.c:146: error: type of formal parameter 1 is incomplete Here is my install.sh file: Code: #!/bin/bash # BotNET installation script. # If this script causes problems, try "make all" instead. # Usage: . install.sh
if [ "$bot" != "1" ]; then echo "Installation complete." echo "Executables will be found in bin/" else echo "Errors encountered during compilation!" fi
My OS is centOs 5.x Kernel : Linux 2.6.18-53.el5 #1 SMP Mon Nov 12 02:22:48 EST 2007 i686 i686 i386 GNU/Linux * I have tried all other way to install (make all) and other *
I have a client that asked me to educate myself about web hosting and make a recommendation to him about where he should be. He currently has a shared hosting server at Network Solutions and finds unexplained slow downs and disk corruption reports in his forums DB unacceptable.
I'm glad I found this site-lots of good info but nothing like throwing up some stats and seeing what people recommend. The client told me he wanted to move to a dedicated server but I'm thinking a VPS might do the trick. Especially if upgraded with dedicated Core as well as RAM such as wiredtree is offering.
Looking for a managed, Unix based server that in a typical month serves 100k unique visitors 230k page views 500Gb of downloads
But needs to be easily upgradeable to handle his expected traffic levels in the next year of monthly visits in the order of: 250k unique visitors 600k page views 1.1Tb of throughput As far as features:
*Currently they use about 15 gigs of disk space. Some of that is inefficient disk management but the bulk is them supporting previous software releases.
*needs to be fully managed
*US datacenter with all the features you guys would expect to have as far as backbone access, security, power backups, etc..
*Backups by provider. Let's say 5 gigs worth since the old software versions don't really need to be backed up.(I'll recommend his own backups as well)
*Either plesk or cpanel
*15 minute hardware SLA is what the client is asking for but i'd like to present some comparisons to 1 hour SLA companies to see how much he'd save.
And finally, i tried to search for the answer to this but the keywords kept bringing up lots of hits without good info. The client sells software so the bandwidth needed is pretty consistent until they release a new version. Then it skyrockets to the point they may have 1500 people trying to download a 50Meg file simultaneously. What is the right way to handle that? Use a CDN or negotiate with the hosting provider to provide burstable bandwidth as needed. As a side note while looking at many offerings I was most surprised that bandwidth seems to sold in large chunks with overage costs hidden.
I'm rather new to hosting so I still don't get everything, but maybe you can help me. I am hosting a web page on a computer that is hooked into the same network as my personal computer. They are both hooked into an openBSD router, which has the connection to the internet. My recently purchased domain name is set to forward all requests directly to the computer with the website on it (named 'b2.') When you visit the domain from an outside computer it does this just fine, but when you try to access it from one of the computers on my network it does not work. From my computer you can not access the website from the domain, but you can still access it just straight through the local network (i.e. typing 'b2' directly into the address bar ) From the computer which is actually the host to the website, it is accessible neither way, though the local network option was working before. Does anyone know what the problem is and how I can fix it? Keep in mind that I really only understand the basics of web hosting, and terminology and stuff.
What of servers are used by hosts offering packages with this type of support?
I've read that streaming can be made via web server and streaming media server. The first type has only one advantage and this is that it allows to utilize existing infrastructure, while the second type offers more effective network throughput and (what's more important for me as an end-user) allows for better video and audio quality and support of the advanced features.
Now looking at the hosting plans how do I tell which type of server is used by the host?
On the second server we have config my2.myaccount.com as account On the first server we have modify dns of domain myaccount.com with my2.myaccount.com 14400 IN A xx.xx.xxx.xx where xx is ip of second server
--
Seems work but there is any problem For example ping to www.my2.myaccount.com give error, ping to my2.myaccount.com is ok..
I have a website that just serves small files, under 10kb most of them. I just need a server that lets me ftp the file to it, set up subdomains and domains for one website. Don't need to manage mysql or anything. Not even php. Just serve files.
A good fast OS? Something like lighttpd? Ioono?
I'm currently doing 600gb of bandwidth per month. I'm expecting to do about 1000gb by the end of the year. Would a small server like a pentium 4 be able to handle just serving files?
Hey everyone, i want to make a torrent website, but i'm kind of lost. Does anyone know what type of server would i need for this server? And what components should be installed on the server in order for torrents to work?
Someone is trying to attack our server (I think so). When running apache status there are a LOT of connections from one network, all requesting the same page. But running: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n does show any of these IP's. So script blocking ddos attacks wont work. Anyone know what can I do about this?
I went today to my apache error log, and noticed that those scum lowlifes hackers trying to hack my server every day for at least 100 times!!!
What a disaster!
Examples of urls they trying to use: - http://usuarios.arnet.com.ar/larry123/safe.txt? - http://uploaded.justfree.com/id.txt? - http://nukedclx.info/php/base
Is there anything that can be done to prevent this mor*** from even trying to hack (except putting a bullet in his/their head)?
Not sure if it's a valid threat, but I would like to do the best I can to identify one as early as possible.
Can someone maybe give me an idea of what to look for? They were not specific on there type of attack, but I was hoping that there was maybe a log file I could tail and keep an eye out for irregularities.
my server got phisihing attack with bankamerica/paypal etc. i wounder because we have tight firewall/security etc. but any way this is teribel. i have found ip when look in to /var/log/messages -
its looks like (?@85.201.19.xxx). is it used anonymos ftp? i found same ip used to log in to another ftp host as well.
My server (Xeon 3.0Ghz) went down for no reason yesterday and ever since it was rebooted (and I've rebooted a couple of times since then), pages load extremely slowly or just timeout. Server load is constantly hovering around 1 and top stats indicate that the server's resources are not under heavy load, which is contrary to the usual pattern during peak times.
I've checked netstat and I notice a lot of SYN_RECV. Could this be a DoS attack? If so, what steps do I take to stop it?
My server was hit with flood recently, to the point where I was unable to log in via SSH. Running 'netstat' command showed I was getting flooded with thousands of http requests from China/Saudi Arabia/Korea. I installed APF firewall and added those countries to deny list.
Next day I was hit from Russia and Romania and some others. By reading some posts on this site, on top of APF, I have also installed Dos Deflate. It was working for couple of hours, but then it stopped working. I could not even log in via SSH. My provider told me that APF was using all of the "conntrack" connections. I have increased conntrack connections to 130,000 (I have 4 Gigs of RAM on my server). Is that possible? (I have about 300 IP ranges in my APF deny list).
Next day, I was got hit by different attack: there was 11 Mbps of malicious traffic on average sent to my server. My provider put me behind firewall to mitigate against that kind of attack.
Currently, I am both behind the hardware firewall and I have APF and Dos Deflate running. However my server is not accessible.
When I request, I can log in for couple of minutes, but then I get kicked out.
I have been getting ddossed for the last month, my host has tried many things on my server that are commonly suggested around here, however we have over 40 000 connections hitting the server from this attack and it keeps rising.
I am on LiteSpeed. I also have NetScreen 50 firewall which helped for a little while, however the server still keeps going down.
I am spending $420 a month on my hosting for my dedicated server Now it is costing me an extra $400 a month to have Netscreen firewall running which is a waste of money as it can not effectively keep the server running and i'm not sure if I can even effectively afford that much money a month, however I might need to spend a little more if need to just get the server running finally.
basically I need some options as to what I can do. I would like to stay with my host, they have been good to me, however if my options are better suited to changing then let me know. I just really need to get my server running great asap and to keep it running great when i'm away from the internet.
Today my system which is hosting the site bepenfriends got compramised(win 2k3) and now LT tech guys are working on it to reload the system with a data save. I was not having a hardware firewall which caused this problem. But i had windows firewall, windows malinious software removal tool (defender i haven't installed). I have updated all patches of win2k3 whch was released till today.
Now after restore it will be great work to bring my website back with all those rewritten urls and the softwares and its licenses.
Now please help me out in below stuff.
How to stop further attack and further compramisation of server.
My site is being attacked by what appears to be a dictionary attack on my mail account. They are sending e-mails to random accounts at my domain from random e-mail accounts from somewhere else. Each of their messages is coming from a unique e-mail address and a unique IP address.
Now, we have some dictionary ACL installed that basically blocks any IP address that is caught doing this. So we are blocking tons of IP addresses, but they keep coming at us with new ones. We also have it setup so that the mail is rejected right away for any accounts that aren’t actual e-mail accounts of yours. However, they are hitting the server so hard that it doesn’t seem to be making any difference.
I have a client who's server has got DDOS attack. It causes the network disruption and DC wants to turn off the server. My client feels it stupid to turn off the server just like that.
Ever since Monday morning, my site has had problems because the server at my host is under attack.
Most of Monday my site was down. Then Monday late afternoon, it came back...I thought. The forum is up and running, but the rest of the site, built on WordPress, is screwy.
Most of the plugins aren't working because of inability to connect with the database.
I can't log in to my cPanel at all and haven't been able to since Sunday.
This is the first time I've experienced anything like this, lasting this long.
It has me wondering if I should start considering a new host. I have loved their service, especially their speedy support (native English speaking to boot) so I hate to leave but I'm not sure if their service is going a little downhill or not.
