Site Being Attacked Hard
Jul 27, 2008
I'm Tech admin at Fagex.net
This site has always been prone for attacks on it's servers. At the moment theres been a new owner and so things are not settled back down yet, How ever people are still atacking the site.
The hosting as far as i am aware has no software/hardware firewall i have tould the onwer but has not taken my advice.
This morning i woke up to find it was being attacked, so i went stright to SSH and started blocking them etc.
I was looking around for free Anti DOs tools and came across,
[url]
Seems good, I've only just installed so still need to see the effects.
I also added a block in to htacess which has
Quote:
<ifmodule mod_limitipconn.c>
<cocation />
Maxconnperip 3
NoIPlimit image/*
</location>
</ifmodule>
The server is a dedicated VPS, and the owner has two sites on which both are forums.
What can i do to protect the sites? What can i do to prevent them? What can i do to stop them.
View 12 Replies
ADVERTISEMENT
Oct 11, 2007
My site is getting attacked since last couple of days and the attacker brings it down in 5-10 minutes.I have to restart the apache webserver to bring it back again until he strike again.
I am trying to secure it as much as possible using .htaccess,i am able to stop almost all the perl/php scripts etc but the last time the hacker attacked the site today,i see 100s of these entries in my logs:
Code:
71.181.220.147 - - [10/Oct/2007:21:44:44 -0700] "GET /templates/template/images/content.png HTTP/1.1" 200 510 [url] "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Embedded Web Browser from: [url] .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; IEMB3; .NET CLR 2.0.50727; IEMB3)"
I would like to know what is this "Embedded Web Browser from: [url] and how can i block the hacker from running this using .htaccess?
View 10 Replies
View Related
May 28, 2008
From running smoothly to suddenly going to 900 write requests, my web server crashes.
I don't want to be asking the DC to restart my machine every minute.
They installed Squid which solved the load and seems to run smooth. But my script doesn't function properly as everything is cached.
I then put all my images/css etc on a lighttpd server which can handle all the requests without problems.
So now apache is only handling around 30 php requests per second. But will magically jump up to 600+.
The DC says I'm being syn flooded.
I have APF, deflate DDoS, etc. installed.
Anything else I can do?
View 6 Replies
View Related
Nov 6, 2007
OK well today I found out my server was being DDOS'ed
And I know which domain is being attacked with hundreds of IP's. I am running Cpanel / WHM but I have no idea how I can stop this?
Any ideas or suggestions? Maybe redirect the DNS? to a invalid ip? But I'm not sure how i can go about doing that?
View 9 Replies
View Related
Jul 1, 2009
Server info:
Windows 2003 box
Dedicated server currently hosted at the planet.
Problem:
It would appear there has been a security breach into the server recently. This morning we cleared off a Trojan, and also a new user that had been created on the server.
All of our websites we host (around 200) had been affected. Almost every file had new javascript or links to an .swf, they load in iframes and are very malicious, actually giving any vistor to the site a virus.
I tracked down the embed code that I found in most files appended to the end of each file.
Below shows up in most .asp, .cfm, .html files (no spaces, just can't paste a url in here yet)...
<scRipT s rc=[url]
<scRipT sr c=[url]
Below shows up any any .js file (no spaces, just can't paste a url in here yet)...
document.writeln ("<script sr c="[url]
document.writeln ("<script sr c="[url]
So I got a script that opens up every file looking for this code and stripping it out. Seemed to work at first, but now all the sites have been rewritten again..... and again. So obviously something is overwriting this.
View 9 Replies
View Related
Jul 1, 2009
Server info:
Windows 2003 box
Dedicated server currently hosted at the planet.
Problem:
It would appear there has been a security breach into the server recently. This morning we cleared off a Trojan, and also a new user that had been created on the server.
All of our websites we host (around 200) had been affected. Almost every file had new javascript or links to an .swf, they load in iframes and are very malicious, actually giving any vistor to the site a virus.
I tracked down the embed code that I found in most files appended to the end of each file.
Below shows up in most .asp, .cfm, .html files (no spaces, just can't paste a url in here yet)...
<scRipT s rc=[url]
<scRipT sr c=[url]
Below shows up any any .js file (no spaces, just can't paste a url in here yet)...
document.writeln ("<script sr c=[url]
document.writeln ("<script sr c=[url]
So I got a script that opens up every file looking for this code and stripping it out.
Seemed to work at first, but now all the sites have been rewritten again..... and again.
So obviously something is overwriting this.
View 7 Replies
View Related
Jun 29, 2009
if i were to have 1 website get have a DDoS attack to it, would it knock out my server for a while, and can i recover the server by restarting it?
View 14 Replies
View Related
May 28, 2008
All my websites are down because a Dos attack on port 80. Rackspace basically said they can't do anything to help me unless I want them to install a $1500 a month hardware add on. They tried banning a couple ip addresses and that did not work. They recommended prolexic.com but does anyone have any other advice?
View 14 Replies
View Related
Jun 11, 2008
I have been consistently attacked by Russia.
When I had apache my server would die and you couldn't even SSH. Now I have Litespeed my site loads but SUPER SUPER slow.
Last night I was SYN Flooded with 125mbps. Though they consumed nearly all my bandwidth and I owe the DC tons of cash in bandwidth now. I managed to block Russia and the load halved to about 50 and the site was still functional but intermittent.
I have been running Deflate DDoS etc to block IPs.
I'm wondering if I get a load balancer with another box, would this fix my problems?
I heard you can modify the settings somewhere to identify syn attacks and auto block them.
View 3 Replies
View Related
Jun 20, 2007
222.216.28.147 - - [20/Jun/2007:06:05:04 -0500] "GET [url]
(compatible; MSIE 6.0; Windows NT 5.0)"
172.131.255.237 - - [20/Jun/2007:04:41:06 -0500] "POST [url]
172.131.255.237 - - [20/Jun/2007:04:41:07 -0500] "CONNECT mx1.mail.yahoo.com:25 HTTP/1.0" 405 303 "-" "-"
View 1 Replies
View Related
Dec 25, 2008
Is my server being attacked? Please help.
Is my server being attacked? Please help.
I'm using Linux RedHat el5. Recently, my server down almost at the same time everyday.
I try looking in /var/log/messages, it is flooded by this kind of message:
Dec 25 22:41:16 ls1 xinetd[3958]: START: smtp pid=430 from=173.66.124.249
Dec 25 22:41:16 ls1 xinetd[3958]: START: smtp pid=437 from=92.84.45.130
Dec 25 22:41:16 ls1 xinetd[3958]: START: smtp pid=439 from=173.66.124.249
Dec 25 22:41:16 ls1 xinetd[3958]: START: smtp pid=440 from=173.66.124.249
Dec 25 22:41:24 ls1 kernel: ip_conntrack: table full, dropping packet.
From the log, at "from=xx.xx.xxx.xxx" are not all the same, but the same ip appeared for a while, then change to another.
I'm newbie to Linux, and donot quite understand what the this message is mean. Is this can be a cause that make my server down? Please suggest.
View 7 Replies
View Related
Dec 20, 2008
My internet connection started cutting out and I found it strange, I presumed it was with my ISP and so I ignored it as they're pretty crap, then it carried on today so I did some investigation (Turned on error logging for my router) so I go ahead and wait, an hour later my internet connection cuts out, to the logs!
Sat, 2008-12-20 22:01:38 - UDP Packet - Source:89.238.152.200,28960 Destination:192.168.1.103,28960 - [Firewall Log-DOS] ....
Am I correct in thinking there are multiple IP addresses "Attacking" my home network? If so, that's mighty strange and should I be worried?
I checked some of the IPs, most go to dedicateds around the world. One is a gameserver admin panel. Have these been hijacked and being used to "Attack" me?
I have a theory, be it probably wrong; The port number 28960 is used by Call of Duty 1 as the "default" port for a gameserver, and I play a lot of CoD1. Therefore, presumably, that port is open by our router, 28960, so somehow they've found this to be open and are "attacking" it. I'm not sure, but it seems possible, not sure why though.
192.168.1.103 is presumably ME on our subnet? Router is linksys
View 10 Replies
View Related
Mar 20, 2008
Is there a way to determine from monitoring the packets coming in to my IP address what domain on my server is being attacked? Something like Tcpdump maybe can tell me? Having DDoS trouble and I'm trying to identify the domain being hit.
View 2 Replies
View Related
Jun 1, 2007
my friend's server is being attacked, the http processes shoots up causing the server load to go above 200 in minutes of starting httpd which causes server to die.
this is how the apache web server's access_log would log a normal http request;
------------------------------------------------------
"xx.xxx.xx.xx - - [01/Jun/2007:22:13:21] "GET /folder/name.gif HTTP/1.1" 200 877 [url]"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
------------------------------------------------------
Today when the http load increased we saw hundreds of following requests;
------------------------------------------------------
"xx.xxx.xx.xx - - [01/Jun/2007:22:13:21] "GET /? HTTP/1.1" 200 16305 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
------------------------------------------------------
You see the difference between a legitimate http access log entry and the above one is that the legitimate one shows the filename(GET /folder/name.gif) and domain name being requested whereas the second one shows ("GET /?")
Above requests continously originate from 30 to 40 different ip addresses. Most of them russian ips, and many form US and canada to.
When i do a grep "GET /?" in access log there are thousands of these which started just today.
I cannot block each ips because i feel they have hundreds of IPs to initiate these requests from.
View 14 Replies
View Related
Oct 22, 2007
I see what IPs are attacking them? OS: CentOS
View 9 Replies
View Related
Jul 23, 2009
Alright guys - my server the past two weeks is just freaking ridiculous. It's a Core2Quad Q9300 2.5ghz server with 8gb of ram. It should be fast as hell. I can't move 20 e-mails in my mail client without the server grinding to a complete halt and httpd and mysql going unresponsive. Right now I'm just trying to copy a damned screen shot of the task manager performance tab and it's taking about 3 minutes to paste it - even though the CPU utilization is averaging only 20% at the moment and memory is only 2.5gb.
I restarted WAMP and now it seems to be running smoother. My Outpost firewall, though, didn't show too many connections to the server that it was maxing out.
Here's my ping responses just now while I was typing this - I was watching the firewall connections and I was only having like 60 connections to httpd, 20 connections to mysql, 5-10 to my SmarterTools mail server, and then my remote desktop connection. My network utilization got up to a whole 5% - so it's not that I have too many connections or something. Here's the ping responses:
C:Documents and SettingsBrian>ping mifbody.com -n 99
Pinging mifbody.com [216.245.195.146] with 32 bytes of data:
Reply from 216.245.195.146: bytes=32 time=70ms TTL=115
Reply from 216.245.195.146: bytes=32 time=73ms TTL=115
Reply from 216.245.195.146: bytes=32 time=81ms TTL=115
Reply from 216.245.195.146: bytes=32 time=78ms TTL=115
Reply from 216.245.195.146: bytes=32 time=71ms TTL=115 ....
View 7 Replies
View Related
Apr 14, 2007
[url]
[url]
One of my users posted this in the forum saying my server is scanning his computer. His this serious? Do I have virus? Should i be worried? Well i am kinda worried. I tried googling it, but i can't seem to figure the right keywords for a good result.
View 4 Replies
View Related
Aug 23, 2008
The attack is large enough now that the rules I've put in place aren't really helping much. Mod_evasive and mod_security are also installed, however this doesn't appear to be helping much either. The invalid user-agents hitting the site are filling up the max connections and then apache stops responding. I also tried raising the MaxClients in httpd.conf, however the vps then started hitting its memory limit.
I was on a shared plan and they moved me to a VPS same problem
Host: urljet.com
I have had one host representative thats said "I think we could take care of you but you would have to use this plan with the firewalls"
www . liquidweb.com/cart/content/dedicated/Webmaster/Plan1
View 14 Replies
View Related
Mar 29, 2009
Attached is a (badly) drawn diagram of two sites, connected by a vpn.
The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.
The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.
Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.
now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.
I have the following route on the linux server: .....
View 0 Replies
View Related
Apr 14, 2015
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
View 6 Replies
View Related
May 21, 2008
is there anyone knows for a good hosting located in uk,which is allowed : adult site and casino betting online site ?
im looking for vps and dedicated server.
please help me i really need as soon as possible.thx
View 2 Replies
View Related
Jun 16, 2008
I run basicly run two main site.
1.Forum big one .
2.File and image sharing site.
(image sharing site generates thumbnails which produces lots of hits)
In these conditions how much difference can lighttpd can do as compared to apache for keeping my 600 MB Ram VPS host constant.
View 5 Replies
View Related
Jan 25, 2009
i find some post say xen need some time to learn, and it will be a learn curve here,
is it really xen hard to learn and use?
View 1 Replies
View Related
Apr 23, 2009
I'm building a couple of VPS host servers for a client.
Each server have to host 20 VPS and each server will be 4 cores with 32GB of ram. So CPU and ram should be just fine, my interrogatioon now is hard drives. The company owns the machines, but not the drives yet.
I searched a lot on your forums but found nothing relating on VPS. I'm basicly a DBA IRL, so I have experience in hardrives when it comes to databases, but it's completely different for VPS.
According to my boss, each VPS will run a LAMP solution (having a separeted DB cluster is out of question for some reason).
First, raid1 is indeed a must. There is room for 2x 3.5 drives. I might be able to change the backplane for 4x2.5, but i'm not sure...
I've came to several solutions:
2x SATA 7.2k => comes to about 140$
2x SATA 10k (velociraptor) => comes to about 500$
2x SAS 10k with PCIe controller => comes to about 850$
2x SAS 15k with PCIe controller=> comes to about 1000$
They need at least 300GB storage.
But my problem is that the servers do not have SAS onboard so I need a controller and in my case the cheapest solution is best.
But I'm not sure that SATA 7.2k will hold the charge of 20 complete VPS.
Does it worth it to go with SAS anyway or SATA should be just fine? With SATA better use plain old sata 7.2k or 10k drives?
That's a lot of text for not much: What is best for VPS: SATA 7.2k, SATA 10k or SAS 10k?
View 14 Replies
View Related
Oct 3, 2008
how they sell those usb hard drives that connect to the computer that can hold like 100 gb's.....
well if i hook up one of those external hard drives to my server can i use it as webspace for users?
View 14 Replies
View Related
Apr 18, 2008
I have read about all of the things you have to do with an unmanaged server, and how beginners shouldn't even try. I am pretty smart though I have a lot of experience with cpanel, and I am not worried about getting my feet wet.
This is the system I want:
Celeron 1.7 GHz
1 GB RAM
80 GB HD
1500 GB Bandwidth
cPanel / WHm
Full root access
How much time would it take to keep the thing running? How do you monitor the server? How do you know when software updates, and patches are available? Can all of the software needed be found for free? What kind of problems would I encounter, and would this be way over my head?
View 14 Replies
View Related
Mar 17, 2008
I have a dedicated from ovh.
Heres the specs
Intel Core2Duo E6750
2x 2.66 Ghz
Dual Core
2 GB DDR 2
2x 750 GB
SATA2 RAID HARD 1
Now basicaly i dont want the hard raid i wana see both 750gig drives.
Now ive bin told u can only do this through the raid bios?
So if any1 has a guide or any helpful comments i would be very gratful.
Its running windows web.
I can install any os i want,Im not very friendly with linux but if thats the only option then id give it a shot.
View 12 Replies
View Related
Jul 26, 2008
Now iam useing 320Gig SATA harddrive as my primary hard drive,i dont use 2rd harddrive,iam haveing pure download site,in TOP command 4.5%wa is this bit high? or can i add 2rd harddisk and move some data to there to reduce wa,but my load of the server is fine or any way to reduce wa?
View 1 Replies
View Related
Jun 11, 2007
I am running a Fedora box with cPanel...
The hard drive has a capacity of 36 gigs and there's currently 18 GIGs of data on it.
When I do "df -h", it indicates that / has 85% of it's capacity in use. When I run "df -hi" it shows that / has 58% of it's inodes in use.
Is there anything I can do to increase /'s capacity? Can I free up some inodes? All that / contains are folders.
View 4 Replies
View Related
Mar 25, 2007
I am about to buy a Compaq server with 6 SCSI hard drives. In you opinion, what is the best RAID configuration with 6 HDs?
View 14 Replies
View Related
Jan 7, 2008
Do the old RLX Blade servers use 'mini' hard drives? I can't find an answer anywhere. I seem to recall that they use smaller 2.5" drives. Is this the case?
And, if so, do they make "good" drives worthy of being in a server in that size? Are they essentially just a laptop drive?
View 0 Replies
View Related
