Using IPSec Policies To Help Prevent DoS Attack

Apr 22, 2008

Is it possible to use IP Security policies in Windows Server 2003 to help prevent types of DoS attacks? Today my server was attacked by a single attacker who merely connected and disconnected on open ports at an incredibly fast rate. This was enough to eat the cycles of the server processes effectively creating a DoS attack. I was hoping IPSec could help prevent this, but I'm open to use any other software as well.

View 4 Replies


ADVERTISEMENT

What Can I Do To Prevent DDoS Attack

Aug 4, 2008

My site was recently under a DDoS attack and was down for a few days, the attack came from Russia i believe.

The people who did it asked for $800, but of course i didnt pay. My hosting company did the best they could in order to stop the attack but it still lasted a few days and badly hurt my rankings.

I moved my site to a dedicated server, but i dont know what kind of software/hardware i need to install on it in order to prevent more future attacks, the hosting company suggested a few things but i dont know if they are just trying to get more money out of me.

View 3 Replies View Related

Way To Prevent Iframe Attack

Oct 31, 2007

some sites on my server is inserted iframe code to its homepage index.php and index.html
I found this topic is discussed on WHT for sometimes but no solution yet. I found a article help to solve this issue but i am lack of knowledge to understand the article.

[url]

View 4 Replies View Related

Check And Prevent Ddos Attack

May 25, 2009

While working with different issues, I have seen that many clients complaining about ddos attack on their server. So, I am posting here some useful commands to check and prevent ddos attack.

First of all when you see that your site's or server speed is very slow even though there is not much load on your server, you can guess it might be ddos. Then run 'top' command and see which processes is more, if those are httpd then fire following command
which will show how many active connections your server is currently processing.
netstat -n | grep :80 | wc -l
netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems.If the second command is over 100 you are having trouble with a syn attack.

netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server.

use follwoing command to block a ip with iptables on server

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

--------OR---------------
You can place ip's which you want to block in hosts.deny

vi /etc/hosts.deny

httpd: IP

write and quit

---------------------------

Then KILL all httpd connection and restarted httpd service by using following command

killall -KILL httpd

service httpd startssl

-----------------------------------

This are all the step to check and prevent ddos on your server.

View 4 Replies View Related

IIS FTP Brute Force Attack How To Prevent At Network Level

Jan 21, 2008

I am getting a few hundred IIS 6.0 FTP login attempts a second on my windows 2003 x64 server.

We have a Sonicwall TZ180, a full IPS and Firewall in front of the server but I cannot determine a way to block these attacks. I simply have port 25 open to all ip addresses, as I do not know a range of valid ips.

Is there any way to prevent these attacks at the firewall/hardware level? I suspect not, because the firewall doesn’t know if a login attempt is valid or not.

I have enabled IPS on the firewall but doesn’t appear to be stopping these attacks. Is there any way to automatically ban ips that hit port 25 X number of times in a second?

View 6 Replies View Related

IPSec Script

Apr 23, 2007

I must add tons of subnets (in the xxx.xxx.xxx.xxx/xx format) to the IPsec policies. I am on Windows 2003 servers.

It will take forever to add them one by one...
It's almost 500 subnets.

Is there an automation script or...?

View 3 Replies View Related

IPSec VPN Connection

Apr 22, 2007

to configure a VPN connection between two Cisco Routers.

I have the configuration in one side but for another side I have nothing.Is any one can help me about it??Another question is :are two routers need to have a valid IP or not?

View 0 Replies View Related

IP Security Policies

Jul 16, 2009

I want to setup a Windows 2003 security policy to filter traffic.

I want to let most of the world through to port 80 so maybe just ban a few nuicance IP's.

But then I have a POP / IMAP server, VPN, SMTP, etc that I want to block all but UK IP addresses.

I know I can do this through the MMC snap in but this is 1000's of IP's.

Is there a way I can import a list/range of IP's that I want to block from a country IP database?

View 14 Replies View Related

Securing Server Traffic- IPSEC

Jul 8, 2009

secure a windows server 2003 traffic.

I have one server with a small number of clients <10. The clients have dynamic IPs.

The server hosts a number of public facing websites, email, FTP and remote desktop.

What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?

Is there quick utility that would do this or can you point me to a good example article?

View 10 Replies View Related

Range Banning With IPSec On Windows Server

Oct 9, 2006

Does anyone know how to range ban IPs using IPsec.

I can enter IPs manually but unable to ban an entire RANGE of ips

i.e. For example 172.10.10.10 - 172.1.1.999

Anyone know?

View 4 Replies View Related

Uploading Scripts And Hosting Policies

Feb 25, 2008

I'm working on a php app that will be publicly released at a later point, that includes uploading functionality, but on my testing account, I get acces to /temp denied for permission reasons.

How normal is it for this type of obstruction to occur with webspaceproviders in general? If this is a fairly common policy, I need a solution of somekind. Perhaps uploadig the file temporarily to a folder on the users own webspace, instead of the location on the hosting server, being used by PHP by default (/tmp)

View 6 Replies View Related

Email Bounces + Spamcop Policies

Mar 30, 2008

So I get this email today from SpamCop complaining about my server sending unsolicited bounce messages.

Well yea... thanks to spammers domain spoofing and sending spam to my server, my server finds that there's no address - so it replies to the spoofed address.

My question is.... what do I do about it? The spamcop site has this to say... Though if I setup the server to do something odd like not sending a bounce because it's "filed internally", how will legit people get the proper bounce response??

Problem: Misdirected bounces

Description: When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. These bounce emails are often misdirected.

Solution: Upgrade and/or configure your mail server software so that this situation is never encountered. Configure your software to either reject messages during delivery or accept them permanently. Do not let your software make choices about delivery after it has accepted a message. If you must accept delivery before you know the status of a message, then file it internally - do not send, forward or bounce it outside your organization. The errant message can be placed in a special folder or routed to your postmaster.

View 2 Replies View Related

Webhosting Providers And Permissions Policies

Jan 26, 2008

I don't have too much experience with different providers, so I need to ask this:

I'm creating a set-up/installation script for an application I will be releasing to the public at some point where I would like to autogenerate it's set-up (tables, users etc.) to the largest extent possible. I just tried out my script on a testing account and the automated creation of a limited MySQL user with GRANT failed, due to lack of permissions for doing that with this particular provider. My question is this:

What can I safely - on average - automate through a set-up script for a webapplication running in a shared envrionment and what will usually be disallowed by the average provider? Plesk allows me to create a new user through it's web interface, but it doesn't (as far as I can see anyway) allow the individual setting of permisssions for that user, making it very hard to follow the security policy of "least priviledge"...

Stuff that I'm thinking of is: Table creation, folder, file- and user creation.

View 4 Replies View Related

Configuring Openswan(ipsec) Or Poptop(pptp) Vpn Inside VPS

May 4, 2009

I'm trying to establish a VPN server inside a Fedora 10 VPS under OpenVZ. Openswan or Poptop is preferred over OpenVPN because Windows has built-in support for these protocols.

It looks like the host node (it's actually the vps from myprohost.com) doesn't have the required kernel modules enabled(installed?). Take Poptop for example, if I run pppd after rpm installation, the output is like this:

[root@v ~]# /usr/sbin/pppd
/usr/sbin/pppd: This system lacks kernel support for PPP. This could be because
the PPP kernel module could not be loaded, or because PPP was not
included in the kernel configuration. If PPP was included as a
module, try `/sbin/modprobe -v ppp'. If that fails, check that
ppp.o exists in /lib/modules/`uname -r`/net.
See README.linux file in the ppp distribution for more details.

[root@v ~]# modprobe -v ppp
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory

And when I check for the availability of the encryption module "MPPE", I got the same result:

[root@v ~]# modprobe mppe
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory

Openswan complains about some missing kernel modules too. So what do I do? Do I tell the provider to enable these modules? Do they normally do that? Will the host node require a reboot after having done that?

What modules are required for Poptop and Openswan? And, do I need to tell them to re-enable these modules every time I rebuild my OS?

View 1 Replies View Related

Custom SELinux Policies For Their Cpanel Server

Apr 11, 2008

Has anyone wrote custom SELinux policies for their cpanel server?

View 1 Replies View Related

[Review] SameerHosting SCAM COMPANY, BREAKS PRIVACY POLICIES

Apr 21, 2009

SameerHosting has been the biggest mistake I have ever made as far as purchasing a service online is concerned. This fake company and more importantly their Owner/Employee/[Insert Job Title Here] Jordan has been the most nasty, hard to work with, and distasteful person I have ever dealt with in my life. I recommend anyone to stay as far away from this company and child as possible. Below are parts of an initial post of mine at DP Forums. There are so many posts, threads, reviews and this kid and his fake company out there that you shouldn't have any trouble finding out everything that has occurred in the past 1-2 months. Thanks for your time:

I had purchased a dedicated server with this guy not realizing he was a 14 year old kid with a bad temper and poor spelling. I paid for the server and he managed to get into an argument with my tech about something (its in that thread). He then got mad at me and took out his anger on me even though I had no idea anything had happened until after the fact. He involved me in something I had no part in.

I have discussed this guy so many times that I am tired of talking about it but will give you a summary of what recently happened. Jordan pmed me through this forum through one of his other (now banned) accounts. This kid knows he will be banned from most forums and makes a handful of accounts to fall back on. He offered to give me a refund if I tell my tech to stop posting about him. Of course I did what he had asked me to do.

I have been honest and given him far to many chances to make right. Well, he ended up telling me I am no longer getting a refund from him because my tech keeps messing with his servers (which I doubt is actually happening). I am being punished again for something that does not have anything to do with my actions. He has now block me from yahoo messenger,msn messenger, his live chat.

Since I posted this on DP I have been in contact with his legal guardians and they have been no help.
Jordan has messaged my Personal Billing details to many of his customers and others along with edited defamatory pictures of someone that is supposed to be myself. That is totally illegal and childish. He did this because I spoke against his scam company and illegal wrongdoings.

If anyone has had bad dealings with this company please post everything that has happened in this thread and also PM me and I can give you the e-mail of the people who take care of him and you can tell them what he has done. He needs to be stopped.

Again, it is very important to post in this thread with information about what he has done to you, the more info the better as these people will possibly listen to me and others.

View 14 Replies View Related

How To Prevent Rm -rf /

Jul 4, 2009

Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this?

Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly.

Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.

View 14 Replies View Related

How To Prevent DNS Flood

May 28, 2008

Can anyone share tips how to prevent DNS flood on a cPanel and Directadmin server platform on Centos?

View 7 Replies View Related

Prevent Phishing

Jun 1, 2008

I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.

logs:

May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec)

Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.

View 1 Replies View Related

How Prevent Hackers Away

Feb 21, 2007

I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.

1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.

As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.

2. Compile apache with safe mode as well.

3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.

4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.

5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.

keeping your server secure from hack attempts.

View 7 Replies View Related

Prevent Php Script Run As .gif Or .jpg

Oct 28, 2007

Does anyone know how to prevent some shell, php script change file name from file.php to file.jpg or file.gif and upload to server and run it to attack server?

View 14 Replies View Related

Prevent Ddos

Sep 11, 2007

from 2 days ago until now my server be ddos and i stay in my computer and block ip but it is not finish is a program to do block ip automatic?

View 2 Replies View Related

Prevent IPs Unallocated IPs Being Used

Sep 13, 2007

We have been using our L2 switches functionality to only allow IPs that are assigned to a particular server to be accessed for sometime. However, the latest version of this particular switch no longer includes this feature. Moreoever, it is quite a labor intensive task which is not good for "budget" servers.

I am considering moving the rules to the main router, but am afraid of the scalability of this. Will it hold up with a few 1000 servers?

How are other hosties going about this? I have heard that some just don't bother at all, which leaves their clients open to having their IPs duplicated by others on the same subnet. This can't be good....

View 1 Replies View Related

Prevent Mass Download

Sep 21, 2006

i need any thing to prevent mass download

my server is cost a huge bandwidht monthly . because mass downloading?

View 1 Replies View Related

Prevent From Iframe Virus

May 24, 2008

I need to know so idea, how to prevent iframe virus injection into the server,also is there is any mod which help in protection for iframe virus.

View 14 Replies View Related

How To Prevent Nobody To Move In Server

Jun 13, 2009

i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script..

as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?

View 7 Replies View Related

Mod_security To Prevent Some Script

Jul 30, 2009

I try to use mod_security to prevent some script in some files,

imagine I want to block all scripts includes "test" in the body

so if code of script.php is:

HTML Code:
<html>
<p>test</p>
</html>

and someone run script.php , I want block running and show 406 error

now can you tell me how can I write this rule in mod_security 2 with apache 2?

I use SecRule RESPONSE_BODY "test" but its now working ...

View 8 Replies View Related

How To Prevent Perl From Working

Jan 12, 2008

I have a cPanel/Linux server, runing apache as a webserver.

i want to know how can i prevent perl/cgi files from working on all virtual hosts on both apache2/apache1.3!

View 14 Replies View Related

Prevent User Use Custom Php.ini

Apr 26, 2008

I have added some functions in php.ini for security.

But when user use their php.ini file located in their account, all functions enabled again.

How can i prevent user custom php.ini?

View 10 Replies View Related

How To Prevent OOM (Out Of Memory) Crashes

Aug 19, 2008

I have a colocated server with the following specs:

Intel Core 2 Quad Q6600 2.4Ghz
4GB RAM
400GB SATA Drive

I have a problem every few days, the server keeps hanging up and giving an "Out of Memory" message and SSH just hangs and doesn't connect. Every time i have to call out a tech to manually reboot it.

Is there a setting i can change to make SSH connect even when it is out of memory, or anything that can prevent it happening?

View 6 Replies View Related

Prevent Directory Listing

Apr 2, 2007

I've just made a transition from a VDS to a Dedicated and I'm having problems preventing directory contents from showing. In my previous server whenever I created a directory, it would automatically give a 403 when you tried to access the directory directly in your browser (which is what I want). Now when I set up directories in this new dedicated the contents of the directories display when there is either no index page or if I didn't have an htaccess file preventing it from listing the contents.

So what im asking is how did my previous server automatically set up the directories to not display the contents but use the contents and allow access to say for example pictures in the directory?

Is there a way I can have apache automatically do this for me or do I have to place a blank index page in every directory i create or have to place an htaccess file in every directory I create? How can I protect the contents with a 403 but still allow the contents to be accessed only through full path?

View 13 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved