Weird 404 Requests From Hundreds Of Unique IPs : Possibly DDOS
Nov 13, 2008
I went through my error_log and access_log and found out something really peculiar.
I kept getting multiple requests/second for a document that is non existent from different IPs.
From the way I see it, it is a mild DDOS.
access_log
221.208.181.38 - - [13/Nov/2008:03:11:00 -0500] "GET /testtxt.txt HTTP/1.1" 404 2088
218.26.203.79 - - [13/Nov/2008:03:11:00 -0500] "GET /testtxt.txt HTTP/1.1" 404 2088
76.172.156.49 - - [13/Nov/2008:03:11:00 -0500] "GET /testtxt.txt HTTP/1.1" 404 2088 ....
View 8 Replies
ADVERTISEMENT
Sep 26, 2007
Im actually under ddos attack.
I'll be life long grateful is some one can tell me how to allow only my IP address to access the whole vps server, to add ddos protection on it in the end.
I already try, but i'm a dummy already on linux interface.
View 3 Replies
View Related
Jun 17, 2009
one of my clients told me he tried to send an email to somebody and he receives this error:
The addresses to which the message has not yet been delivered are:
a.......u@a.......t.ro
Delay reason: SMTP error from remote mail server after MAIL FROM:<a.......r@i.....s.ro>:
host mail.a.....t.ro [82.77.203.xx]: 451 4.1.8 Possibly forged hostname for 67.222.136.xx
No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
Last message received on 17.06.2009 at 16:10
Any ideea what might be? he's having this problem only when tries to send an email to that email address, and I'm not sure if it's a problem on our server or on their server
View 13 Replies
View Related
Apr 27, 2007
I installed Oracle via aptitude on Ubuntu.
Everytime I try to access a PHP script with Oracle on it, I get this message:
Quote:
Warning: oci_connect() [function.oci-connect]: OCIEnvNlsCreate() failed. There is something wrong with your system - please check that ORACLE_HOME is set and points to the right directory in /path/to/file.php on line 215
This was on PHP 5.
In my attempts to resolve this problem, here is what I did.
I tried the following with oracle-xe running and while it had been stopped:
Code:
$ . /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle_env.sh
and I saw this message:
Quote:
/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/nls_lang.sh: 114: [[: not found
/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/nls_lang.sh: 114: [[: not found
and here is /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/nls_lang.sh:
Code:
103 # Detertmine the LANGUAGE_TERRITORY part of NLS_LANG
104 # we derive it from the current locale by inspecting the LC_ALL and
105 # the LANG environment variable. Other LC_* environment variables
106 # are not inspected.
107 #
108 if [[ -n "$LC_ALL" ]]; then
109 locale=$LC_ALL
110 elif [[ -n "$LANG" ]]; then
111 locale=$LANG
112 else
113 locale=
114 fi
I then opened /etc/bash.bashrc and
tried adding this to the bottom:
Code:
LC_ALL='en_GB'
export LC_ALL
and sourced it but that did not work so I replaced it with this:
Code:
LC_ALL='C'
export LC_ALL
and sourced it but still no luck.
Does anyone know how I could sort this out?
View 1 Replies
View Related
Feb 22, 2007
My server running mailenable is possibly sending out spam because ive had a returned mail saying my IP is on a blacklist at CBL.
IP Address 64.X.X.10 was found in the CBL.
It was detected at 2007-02-17 13:00 GMT (+/- 30 minutes), approximately 5 days, 5 hours, 30 minutes ago.
However when i checked my smtp and pop logs i only see small ammounts of mail thats been delivered.
When I run the netstat command have the following connections. The ones to the .nl domain looks strange
C:Documents and SettingsAdministrator>netstat
Active Connections
Proto Local Address Foreign Address State
TCP server:telnet server.indis.nl:3409 CLOSE_WAIT
TCP server:telnet server.indis.nl:3410 CLOSE_WAIT
TCP server:epmap dsl10-037.express.oricom.ca:2253 ESTABLISHED
TCP server:1121 ipchicken.com:http CLOSE_WAIT
TCP server:1122 ipchicken.com:http CLOSE_WAIT
TCP server:1136 ipchicken.com:http CLOSE_WAIT
TCP server:1138 ipchicken.com:http CLOSE_WAIT
TCP server:1199 ecostumeshop.com:domain ESTABLISHED
TCP server:telnet server.indis.nl:3326 CLOSE_WAIT
View 2 Replies
View Related
Jan 31, 2009
I am trying to figure out a way to move a site from 1 host to another... The problem is that I don't just have a bunch of HTML files to move... I rented a VPS server for the last year, I believe it was CentOS 5 (OS). I setup several things on the server, MYSQL, FFMPEG, ETC...
I am now wanting to move to a dedicated server HOWEVER I DO NOT WANT TO START ALL OVER AGAIN. The site is rather busy and it is important to do the transition as fast as possible.
SO -- I have used Symantec Ghost before to "clone" a computer before. It basically takes an IMAGE of the entire HD and then you can paste/burn that image on a new HD and it makes a PERFECT copy of the original machine.
BUT - I have NO CLUE how to do this over the internet?
View 7 Replies
View Related
Jul 22, 2009
for a router than can handle a couple hundred BGP peers, but will not necessarily be pushing a lot of traffic. The router should be able to handle 200-400 BGP peers, but will only need to push around 2-3 Gbit/sec.
What would anyone recommend for this specific configuration?
I am willing to spend whatever is needed, though I also don't want to just be throwing more money at it than I need to to get the job done effectively.
View 13 Replies
View Related
Mar 10, 2007
I have hundreds and hundreds of messages in mail queue waiting delivering. Log file says:
connect to remote.host[000.000.000.000]: server refused to talk to me: 421 4.7.0 remote.host Error: too many connections from my-servers-ip
delivery temporarily suspended: connect to remote.host[000.000.000.000]: Connection timed out
(I replaced real IP addresses with 000, my-servers-ip and hostname with "remote host")
It happends only with one host (the most popular free email provider in my country). All emails to yahoo, gmail etc are being delivered without any problems.
What does it mean - too many connections from my server? I have a busy dating website and php script sends out a lot of email notifications (for example - when users get new instant messages). Anyway, I never heard that email providers limit the number of emails from the same server. During the night time all messages from mail queue are being delivered, but at day time this number sometimes grows to 1000.
I have Postfix installed.
View 3 Replies
View Related
Jun 4, 2009
How would I go about implimenting this:
I have 1 main domain, I have hundreds of subdomains, and want to host the subdomains across multiple servers with cPanel. What's the best option for executing this?
View 10 Replies
View Related
Sep 9, 2008
We are a small ISP with about 5000 users. Only a very small percentage of our users can send email to Yahoo, and even that is sporadic.
Hundreds of our users' legitimate emails are rejected daily with the following message:
421 Message from (208.66.56.9) temporarily deferred - 4.16.50. Please refer to help.yahoo.com/help/us/mail/defer/defer-06.html
I have filled out "Yahoo! Mail Delivery Issues Form" a few times. I get the following automated response message:
--------------------------------------------------------------------
Hello,
This is an automated message regarding your recent request for Yahoo!
Mail Customer Care support. We have received your message and willYa
respond within the next 48 hours with an answer.
Thank you for reaching out to us. We look forward to helping you!
Sincerely,
Yahoo! Customer Care
**Please do not respond to this message as no one will receive it.
--------------------------------------------------------------------------
But I never received a response from Yahoo and they continue rejecting our users' legitimate emails.
After reading many forums and blogs, it appears that they are doing the same thing to many other small ISPs and companies with their own email servers.
This practice can interrupt many legitimate business communications and hurts many small businesses.
View 14 Replies
View Related
Mar 10, 2008
RedHat Box running Sendmail 8.13.1, php 4.4.7, only 1 domain on it running the most recent vBulletin version and vBulletin has been successfully setup to run mail through GMail. The files in the domain directory have been cleaned up, ie. old unused files, etc.
Every night running into the same issue. Server goes on VERY high load due to sendmail. With hundreds of following processes:
apache 29425 0.0 0.0 6712 2576 ? D 19:31 0:00 /usr/sbin/sendmail -t -i
apache 29426 0.1 0.0 6688 2500 ? D 19:31 0:00 /usr/sbin/sendmail -t -i
apache 29427 0.2 0.0 7080 2572 ? D 19:31 0:00 /usr/sbin/sendmail -t -i
I also have hundreds of files left in /var/spool/clientmqueue
I am a little confused, is the clientmqueue directory mail coming into the server or mail that is leaving the server?
If it is incoming mail to the server, is there a way to stop or minimize it's effects?
If it is outgoing mail, is there a way I can chase it's origin?
I would shut down sendmail, but there is 1 email address on the domain that receives mail.
View 8 Replies
View Related
Apr 9, 2009
I need web hosting that I can put 10 sites on with unique ips that the host provides.
How can I find someone who does this here on WHT?
I already have two accounts with other hosts like this but like to break things up through different hosts.
Please advise who would be good for this for $30/mo or less.
View 14 Replies
View Related
Apr 8, 2008
I ordered 4 unique IP addresses 2 weeks ago for our server. Have still not had them even though I seem to be constantly chasing the company.
View 13 Replies
View Related
May 23, 2008
We're actually hosted at site5.com and our 7 wordpress blogs (+1 wp-mu) get about 2500 unique/day... blogs uses a lot of plugins and costumization, but i think we shouldn't have problem with such number of vistitors.
[about 20gb transfer per month and 1 gb disk space used]
Customer service sometimes write about mysql load, sometimes complain about server problems and so on... we're thinking about move somewhere else.
Of course we don't want to move to something like dreamhost and have the same problems after a couple of months and we're not rich, but:
- our readers are mostly italians, so we'ld like to move somewhere in europe, but european services are expensive
- we need mysql/php/... bla bla usual stuff
- we have a lot of domains for underdevelopment projects
- we gave a try to MT gridservice but it was really slow
- we need ssh access
- we don't have time to manage hosting configurations and so on
- we need a reliable hosting service but we aren't google.com
- we can spent AT MOST 20$/month
which you think can be the best hosting service for us? is better to think about a VPS solution?? managed bla bla bla service?
View 17 Replies
View Related
Oct 9, 2009
any other hosts as rock solid as they are and able to offer small shared accounts with private nameservers?
View 11 Replies
View Related
Jul 30, 2008
I have a new website that has a similar feature to tripadvisor's Reviews, where users share detailed thoughts and experiences. They fill in all this information on one form so there is no interaction with the system while they are writing.
I know Apache has the TimOut setting which is set to 5 minutes by default. This ensures that you do not have users using active memory and sessions for a long period of time.
But the problem I have seen is that some users are spending 15-20 minutes writing very detailed experiences and when they hit the submit button obviously their session has timed out and they lose everything and get a system error.
I really don't want to change the TimeOut value in Apache to 20 min due to resource constraints, but is this my only option?
View 3 Replies
View Related
Apr 29, 2007
Got a bit of a debate going here because I have a site that is showing wildly varied results for traffic between different trackers.
The three we are watching are:
extreme paid version
awstats
webalizer
Extreme shows 70k uniques for this month while awstats is showing 16,555 then to make things even more confusing webalizer is showing 22564.
So that leads us to the question, what exactly is a unique and is there really any precise definition of how a unique should be counted. is it:
1. one unique IP visit for the whole site
2. one unique IP visit per page on the site
then on top of that we have to factor in the time frame so now is it:
1. one unique IP visit for the whole site per day
1. one unique IP visit for the whole site per month
3. one unique IP visit per page per day
4. one unique IP visit per page per month
Now some may say the above is being picky BUT how many site owners do you hear saying "I get 100,000 uniques per month". This comment alone begs for an answer to this question. I don't think I have ever heard someone come back at a comment like that with "Really, How do you count your uniques?"
With all the trackers out there and all the companies that are relying on accurate statistics to sell advertising and / or value the site this is one of THE grayest areas around ......
So again, the question is:
What the heck is the definition of a unique and for that fact is there one?
View 24 Replies
View Related
Apr 25, 2008
which hosts offer unlimited or to "x" amount of unique ip address per shared hosting account
i liked hostgator, but they didn't offer the free unique ip addresses... which are needed so i can add ssl certs to my domains (ecommerce sites are what i plan on launch)... not all domains need a unique ip, just 3-4 per account would be nice...
View 9 Replies
View Related
Nov 19, 2008
Can anyone recommend a hosting company that allows multiple unique class C IP's?
View 11 Replies
View Related
May 19, 2008
I've been doing a lot of research for webhosts lately, and that is how I found this forum. I'll cut right to the chase.
I'd like to order webhosting for my small business soon. My requirements are:
UPTIME, PHP, MySQL (basically, it just has to support Wordpress for now)
Storage isn't a big deal really, but I'd say we'd need at least 50 gigs just in case.
Most hosts seem to be pretty generous in that department.
Traffic is my biggest concern. The business will not be very active until August, when traffic should begin to increase at a rate we just cannot predict. Should an event happen (like being Slashdotted), the traffic could be insane because we would be most likely hosting video content (not adult content). I can picture the overage charges now, and it would be a nightmare. That is what I'd prefer to avoid.
I've looked into Yahoo and their promise of "unlimited" bandwidth. I'm thinking that might be the best choice at this point. It sounds like they will throttle your site but you won't be hit with any overages charges so I'm OK with that. I am not worried if MS buys Yahoo.
Which hosts would you recommend though? My budget is $0-25 per month until the business grows. Then I may consider VPS and dedicated solutions, but that is for the future.
View 9 Replies
View Related
Aug 9, 2008
is there a host that lets me add on as many unique ip as i want for extra cost?
for example, i want to test out several prototype .com sites on the same server. however, i want a unique ip for each site.
View 14 Replies
View Related
Jan 19, 2009
I was just looking at awstats for a domain that is not in use and only got a max of 10 visits a month till October 08.
Now since November 2008 I have been getting a lot of unique visitors from Italy but there is nothing on the domain, no folders or files.
Here is what AWStats say:
Nov 08: 710
Dec 08: 1593
Jan 09: 4243 (so far)
These are unique visitors 99% coming from Italy
What do you think going on ?
The domain in question is testingurl.com
View 8 Replies
View Related
May 20, 2008
We've got a client who is using both AWstats and Webalizer and they are claiming the numbers are different between the two and that the numbers reported are not accurate. They need a specific list on how many impressions they are getting on a daily, weekly and monthly time period for advertisers.
View 7 Replies
View Related
Mar 2, 2007
i only see page, hits and bandwidth on the weekly report, how come the columns for unique visitors and visits are gone?
View 2 Replies
View Related
Jul 9, 2015
Have the following error message:
ProtDir_IIS::update() failed: Add Protected Directory failed: columns siteId, path are not unique (Error code 1)
View 1 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Sep 22, 2007
Someone f'in spammer has used my legitimate email address as the from address for their spam emails. Now I am getting hundreds of
"Mail delivery failed: returning message to sender" in my inbox.
I use cpanel to host the domain/email, is there anything I can do?
View 2 Replies
View Related