New Type Of Server Attack
Jan 31, 2008
I think I'm experiencing some type of alternative to a DDoS attack. My server is being killed by thousands of emails being sent to fake accounts on my server.
I'm not a server administrator, so please bear with me.
My load average is skyrocking to 800.xx at times. I look at "top" and see "exim" for one specific user on my server. I own all the websites on my server, by the way.
When I look at my email queue, I see thousands of emails coming in to accounts that don't exist for that specific user. Let's say the domain name is salcollaziano.com. Somebody is sending spam to various salcollaziano.com aliases that don't exist. Like webmaster -at- salcollaziano.com and suzy -at- salcollaziano.com.
How can I prevent these spam emails from having any interaction with my server? It's causing me a lot of downtime on all the sites I have running on that particular server.
View 14 Replies
ADVERTISEMENT
Jun 23, 2008
Anyone can tell us (from experience) a good hosting company for dedicated servers?
The most important thing for us right now is to stop a DDoS application type attack which seems to be taking place from DC++ peer to peer clients.
View 8 Replies
View Related
Dec 15, 2008
When i try to install BotNET 1.0 on my dedicated, i got this error :
root@leet [~/botnet/BotNET-1.0]# . install.sh
Compiling source code . . .
In file included from src/main.c:9:
src/../include/bot.h:43: error: array type has incomplete element type
src/../include/bot.h:57: error: array type has incomplete element type
src/../include/bot.h:89: error: array type has incomplete element type
src/main.c: In function:
src/main.c:146: error: type of formal parameter 1 is incomplete
Here is my install.sh file:
Code:
#!/bin/bash
# BotNET installation script.
# If this script causes problems, try "make all" instead.
# Usage: . install.sh
cc="/usr/bin/gcc"
echo "Compiling source code . . ."
bot=`$cc src/main.c src/launch.c src/memo.c src/seen.c src/parse.c src/help.c src/log.c src/info.c -o bin/bot -pthread || (echo 1)`
botnet=`$cc src/botserv.c -o bin/botserv || (echo 1)`
if [ "$bot" != "1" ]; then
echo "Installation complete."
echo "Executables will be found in bin/"
else
echo "Errors encountered during compilation!"
fi
My OS is centOs 5.x
Kernel : Linux 2.6.18-53.el5 #1 SMP Mon Nov 12 02:22:48 EST 2007 i686 i686 i386 GNU/Linux
* I have tried all other way to install (make all) and other *
View 1 Replies
View Related
Mar 13, 2009
I have a client that asked me to educate myself about web hosting and make a recommendation to him about where he should be. He currently has a shared hosting server at Network Solutions and finds unexplained slow downs and disk corruption reports in his forums DB unacceptable.
I'm glad I found this site-lots of good info but nothing like throwing up some stats and seeing what people recommend. The client told me he wanted to move to a dedicated server but I'm thinking a VPS might do the trick. Especially if upgraded with dedicated Core as well as RAM such as wiredtree is offering.
Looking for a managed, Unix based server that in a typical month serves
100k unique visitors
230k page views
500Gb of downloads
But needs to be easily upgradeable to handle his expected traffic levels in the next year of monthly visits in the order of:
250k unique visitors
600k page views
1.1Tb of throughput
As far as features:
*Currently they use about 15 gigs of disk space. Some of that is inefficient disk management but the bulk is them supporting previous software releases.
*needs to be fully managed
*US datacenter with all the features you guys would expect to have as far as backbone access, security, power backups, etc..
*Backups by provider. Let's say 5 gigs worth since the old software versions don't really need to be backed up.(I'll recommend his own backups as well)
*Either plesk or cpanel
*15 minute hardware SLA is what the client is asking for but i'd like to present some comparisons to 1 hour SLA companies to see how much he'd save.
And finally, i tried to search for the answer to this but the keywords kept bringing up lots of hits without good info. The client sells software so the bandwidth needed is pretty consistent until they release a new version. Then it skyrockets to the point they may have 1500 people trying to download a 50Meg file simultaneously. What is the right way to handle that? Use a CDN or negotiate with the hosting provider to provide burstable bandwidth as needed. As a side note while looking at many offerings I was most surprised that bandwidth seems to sold in large chunks with overage costs hidden.
View 8 Replies
View Related
Jun 16, 2008
How Can i Hide My Server Type
And writing Secureb By ....
And how Can i Hide uname -a: Linux server.xxxx.net 2.6.18-ovz028stab053.14-enterprise #1 SMP Mon Jun 2 18:25:30 MSD
2008 i686
From Php Shell Like c99
i do some way to hide it But I cant hide it from php shell
View 9 Replies
View Related
Mar 13, 2007
I recently purchased a new server. It is supposed to have a 250G SATA II HD.
However, I have my suspicion that it could be a SCSI HD (not that it's bad, but I just want to check).
Is there a SSH command that tells you the type of HD on your server?
I tried fdisk -| , but it doesn't really say whether it's a SATA2 or SCSI
View 6 Replies
View Related
Oct 8, 2007
I'm rather new to hosting so I still don't get everything, but maybe you can help me. I am hosting a web page on a computer that is hooked into the same network as my personal computer. They are both hooked into an openBSD router, which has the connection to the internet. My recently purchased domain name is set to forward all requests directly to the computer with the website on it (named 'b2.') When you visit the domain from an outside computer it does this just fine, but when you try to access it from one of the computers on my network it does not work. From my computer you can not access the website from the domain, but you can still access it just straight through the local network (i.e. typing 'b2' directly into the address bar ) From the computer which is actually the host to the website, it is accessible neither way, though the local network option was working before. Does anyone know what the problem is and how I can fix it? Keep in mind that I really only understand the basics of web hosting, and terminology and stuff.
View 3 Replies
View Related
May 29, 2008
What of servers are used by hosts offering packages with this type of support?
I've read that streaming can be made via web server and streaming media server. The first type has only one advantage and this is that it allows to utilize existing infrastructure, while the second type offers more effective network throughput and (what's more important for me as an end-user) allows for better video and audio quality and support of the advanced features.
Now looking at the hosting plans how do I tell which type of server is used by the host?
I'm interested in this particular plan
[url]
View 4 Replies
View Related
Nov 29, 2007
we have 2 server
on the first server we have setting 2 account
myaccont.com
and
my1.myaccount.com
are 2 difference account
Now, on the second server, we must config account
my2.myaccount.com
--
On the second server we have config my2.myaccount.com as account On the first server we have modify dns of domain myaccount.com with
my2.myaccount.com 14400 IN A xx.xx.xxx.xx
where xx is ip of second server
--
Seems work but there is any problem
For example ping to www.my2.myaccount.com give error, ping to my2.myaccount.com is ok..
Why?
View 5 Replies
View Related
Sep 26, 2008
I have a website that just serves small files, under 10kb most of them. I just need a server that lets me ftp the file to it, set up subdomains and domains for one website. Don't need to manage mysql or anything. Not even php. Just serve files.
A good fast OS? Something like lighttpd? Ioono?
I'm currently doing 600gb of bandwidth per month. I'm expecting to do about 1000gb by the end of the year. Would a small server like a pentium 4 be able to handle just serving files?
View 14 Replies
View Related
Oct 30, 2007
Hey everyone, i want to make a torrent website, but i'm kind of lost. Does anyone know what type of server would i need for this server? And what components should be installed on the server in order for torrents to work?
View 5 Replies
View Related
Jul 2, 2009
My server is currently underattack, I have been able to keep it up but after I ban 500 IPs, I get a lot of different IPs again.
Any idea or suggestion to do mass-ban to those attacking IPs?
tcp 0 0 xxx.xx.xxx.xxx:80 190.87.128.59:3965 SYN_RECV
tcp 0 0 xxx.xx.xxx.xxx:80 82.115.52.10:2323 SYN_RECV
tcp 0 0 xxx.xx.xxx.xxx:80 90.148.137.56:21094 SYN_RECV
tcp 0 0 xxx.xx.xxx.xxx:80 189.237.35.155:57605 ...
View 14 Replies
View Related
Jul 4, 2006
Someone is trying to attack our server (I think so). When running apache status there are a LOT of connections from one network, all requesting the same page. But running: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n does show any of these IP's. So script blocking ddos attacks wont work. Anyone know what can I do about this?
View 14 Replies
View Related
Aug 22, 2007
I went today to my apache error log, and noticed that those scum lowlifes hackers trying to hack my server every day for at least 100 times!!!
What a disaster!
Examples of urls they trying to use:
- http://usuarios.arnet.com.ar/larry123/safe.txt?
- http://uploaded.justfree.com/id.txt?
- http://nukedclx.info/php/base
Is there anything that can be done to prevent this mor*** from even trying to hack (except putting a bullet in his/their head)?
View 14 Replies
View Related
Nov 7, 2009
two of my website on the server was changed by the hackers.How did they do it?
View 7 Replies
View Related
Nov 3, 2009
i got botnet attack my web server...is there anything i can do to block thse attack? my host isnt help much?
View 4 Replies
View Related
Oct 22, 2009
how to protect an linux dedicated server from bot attack. Im using linux server with cPanel, using CSF firewall + DOS Deflate.
View 5 Replies
View Related
May 17, 2009
How can check server for dos/ddos/syn attack?
Because my server load is high, perfromance is low, but i dont have any high process.
View 5 Replies
View Related
Feb 2, 2008
is this DDOs attack : .....
View 5 Replies
View Related
Nov 27, 2008
Not sure if it's a valid threat, but I would like to do the best I can to identify one as early as possible.
Can someone maybe give me an idea of what to look for? They were not specific on there type of attack, but I was hoping that there was maybe a log file I could tail and keep an eye out for irregularities.
View 10 Replies
View Related
Aug 8, 2007
my server got phisihing attack with bankamerica/paypal etc. i wounder because we have tight firewall/security etc. but any way this is teribel. i have found ip when look in to /var/log/messages -
its looks like (?@85.201.19.xxx). is it used anonymos ftp? i found same ip used to log in to another ftp host as well.
View 5 Replies
View Related
Nov 17, 2007
My server (Xeon 3.0Ghz) went down for no reason yesterday and ever since it was rebooted (and I've rebooted a couple of times since then), pages load extremely slowly or just timeout. Server load is constantly hovering around 1 and top stats indicate that the server's resources are not under heavy load, which is contrary to the usual pattern during peak times.
I've checked netstat and I notice a lot of SYN_RECV. Could this be a DoS attack? If so, what steps do I take to stop it?
View 1 Replies
View Related
Jun 18, 2008
my server is being ddosed and the network utilisation is at 40% of 1gpbs
i asked to softlayer to check and they said my programs/services is taking that much bandwidth
any1 can help me?
if my server is under dos attack wat can i do?
because the bandwidth used is about 50gb/hr
View 10 Replies
View Related
Jul 7, 2009
My server was hit with flood recently, to the point where I was unable to log in via SSH. Running 'netstat' command showed I was getting flooded with thousands of http requests from China/Saudi Arabia/Korea. I installed APF firewall and added those countries to deny list.
Next day I was hit from Russia and Romania and some others. By reading some posts on this site, on top of APF, I have also installed Dos Deflate. It was working for couple of hours, but then it stopped working. I could not even log in via SSH. My provider told me that APF was using all of the "conntrack" connections. I have increased conntrack connections to 130,000 (I have 4 Gigs of RAM on my server). Is that possible? (I have about 300 IP ranges in my APF deny list).
Next day, I was got hit by different attack: there was 11 Mbps of malicious traffic on average sent to my server. My provider put me behind firewall to mitigate against that kind of attack.
Currently, I am both behind the hardware firewall and I have APF and Dos Deflate running. However my server is not accessible.
When I request, I can log in for couple of minutes, but then I get kicked out.
View 9 Replies
View Related
Feb 16, 2008
I have been getting ddossed for the last month, my host has tried many things on my server that are commonly suggested around here, however we have over 40 000 connections hitting the server from this attack and it keeps rising.
I am on LiteSpeed.
I also have NetScreen 50 firewall which helped for a little while, however the server still keeps going down.
I am spending $420 a month on my hosting for my dedicated server
Now it is costing me an extra $400 a month to have Netscreen firewall running which is a waste of money as it can not effectively keep the server running and i'm not sure if I can even effectively afford that much money a month, however I might need to spend a little more if need to just get the server running finally.
basically I need some options as to what I can do. I would like to stay with my host, they have been good to me, however if my options are better suited to changing then let me know. I just really need to get my server running great asap and to keep it running great when i'm away from the internet.
View 7 Replies
View Related
Jun 25, 2008
today i have DDos Attack in my server in port :80
what is the better way to secure my server from DDos Attack
View 14 Replies
View Related
Feb 23, 2007
OS: Centos 4
Someone managed to get into my server and launched a DoS attack on someone else machine.
How do I find out the person who did this?
How do I find out how the person got in in the first place?
How do I make sure that it cannot happen again using the same method?
View 1 Replies
View Related
Jan 10, 2007
Today my system which is hosting the site bepenfriends got compramised(win 2k3) and now LT tech guys are working on it to reload the system with a data save. I was not having a hardware firewall which caused this problem. But i had windows firewall, windows malinious software removal tool (defender i haven't installed). I have updated all patches of win2k3 whch was released till today.
Now after restore it will be great work to bring my website back with all those rewritten urls and the softwares and its licenses.
Now please help me out in below stuff.
How to stop further attack and further compramisation of server.
View 9 Replies
View Related
Feb 19, 2007
My site is being attacked by what appears to be a dictionary attack on my mail account. They are sending e-mails to random accounts at my domain from random e-mail accounts from somewhere else. Each of their messages is coming from a unique e-mail address and a unique IP address.
Now, we have some dictionary ACL installed that basically blocks any IP address that is caught doing this. So we are blocking tons of IP addresses, but they keep coming at us with new ones. We also have it setup so that the mail is rejected right away for any accounts that aren’t actual e-mail accounts of yours. However, they are hitting the server so hard that it doesn’t seem to be making any difference.
View 17 Replies
View Related
Jan 6, 2009
I have a client who's server has got DDOS attack. It causes the network disruption and DC wants to turn off the server. My client feels it stupid to turn off the server just like that.
can large attacks prevented server side?
View 11 Replies
View Related
Jun 18, 2008
Ever since Monday morning, my site has had problems because the server at my host is under attack.
Most of Monday my site was down. Then Monday late afternoon, it came back...I thought. The forum is up and running, but the rest of the site, built on WordPress, is screwy.
Most of the plugins aren't working because of inability to connect with the database.
I can't log in to my cPanel at all and haven't been able to since Sunday.
This is the first time I've experienced anything like this, lasting this long.
It has me wondering if I should start considering a new host. I have loved their service, especially their speedy support (native English speaking to boot) so I hate to leave but I'm not sure if their service is going a little downhill or not.
View 8 Replies
View Related