List Of IP Addresses That Is Block By APF And Anti Ddos?
Jan 29, 2008how can i know the list of IP that is block by APF and anti-dos?
View 2 Replies
ADVERTISEMENT
A List & Anti-phishing Stuff
Dec 17, 2007I don't know about security on servers much, and we're setting up our new server. I have the techs doing the install stuff, but I would love to know what to install security wise. My current list:
Firewall - good free one?
Antivirus - good free one?
rootkit, some way of stopping it (anti-rootkit?)
Also, is there some sort of script which searches all cPanel accounts/files for phishing sites or spam sites etc? I swear I've seen one before, in firewall form?
Oh the server setup is going to be:
php5-CGI, fCGI, mySQL 5, apache 2.2.x, centOS, ruby on rails, django, ioncube, other php libraries, mod_rewrite, I think thats everything. (cPanel).
Anti-DDOS
Jun 12, 2007One of my potential client is getting DDOS occassionally. According to the DCs-PCCW and Singtel, the attacks come from China mainly and the DDOS used up all the available bandwidth.
I have asked many DC in Hong Kong. Most of them said they will only null route their IPs and wait the DDOS gone. It seems that none of the DC in HK offer any sort of Anti-DDOS solution.
My client don't want their site completely offline every time they got attacked. So, could any professional suggest what we can do?
What I am thinking of is:
1. Getting 2 connection from different bandwidth providers
2. Using Geo DNS: [url]
Then, I can separate all China users by forcing them to use 1 connection. Will this work? Is there any potential problem here?
Also, I am also thinking of using BGP. Will that make us partially visible as well?
Anti DDOS Service
Mar 8, 2008Can you recommend any anti DDOS provider that can help My servers are being attacked by low bandwidth, botnet attack.
View 14 Replies View RelatedRun Dos Deflate :: Anti DDOS
Jul 9, 2009it seems people tell Dos Deflate is the best basic antiddos script and tons of webhosts use it.
I think its ratter old and it doesnt work for anything these days. Why do hosts still run it? And why isnt there a better alternative?
I used Deflate some years ago and I got problems. And tried then after some years again and nothing changed, the same basic old script which counts connections and ban IPs.
The think with Deflate is that if you have a high limit, lets say ban with 150 connections per IPs, its absolutely worthless for attacks, since you are letting already 150 connections per IP.
And if you lower it at least me got with tons of problems banning real visitors. Even over 150 I had complaints about real visitors on a server telling the server blocks him. Dont ask me how someone has 150 connections to a servers but I got complaints from multiples people over the world the 1 month i had it running over a 2 years ago.
I also see a really big problem with it. Allot of ISP share IPs between users. So its really possible you get 200 connections from the same IP and they are different users. Banning an IP based on the connections you can probably shutdown a full IPS and their visitors. I wish there was a better solution but using a high value like 300 or 500 doesnt make sense in a Dos attack. And if you use a low value you start to get into problems.
We agree it will not work with distributed attacks but I dont think it can even work with single attacks since besides connection count it doesnt seem to be any more analisys behaviour.
The way I would make a script like that. Is to check all traffic and IPS all the time. And mark IPs that always access a server ass good ones. The newer the IP the more suspicious. On a attack this way real visitors would still pass but attackers will not as they are new ips. You can also match then the number of times its connecting, how long, etc.
Best Dedicated Hosting For Anti DDOS
Nov 3, 2008Best Dedicated Hosting for Anti DDOS - Please Help!
Our website has been coming under attack for the last 6 months. Usually every weekend for 3 days. We are currently hosting at ThePlanet and they do nothing more than turn on Cysco Guard which blocks the bad traffic and the good traffic as well. They don't do anything on their level to block the ddos attack.
I contacted the guys at ProxyShield and they want $1244 a month to route the traffic for us. That's a bit high for someone with a small business not making more than $500 a week online. EDIT: Just got back in touch with them and the $1244 is only for 20mb if you need 100mb it's $2400! that's just insane for a small business.
My question to you guys is who can host us or what services can I use to get rid of these ddos attacks? The Planet has horrible support and I'm not sure where to go or look. Unless we sit at the computer and block every inbound attack all day we simply can't beat it.
Any suggestions?? Currently they are sending SYN_FLOODs in the amount of 93MBit/s and our hosting only includes 100MBit/s, so you can guess how difficult it is to maintain reach ability.
Anti Ddos Or Firewall Hardware
Apr 10, 2009I am trying to purchase either a anti-ddos or firewall machine. My main objective is to prevent from ddos attack.
Do i purchase a anti-ddos hardware (please recommend), or firewall hardware (please recommend)?
anti-ddos and firewall is the same right? is about ip analyse and filter right?
After using the ddoss/firewall , i may also want to subscribe to those third party doss prevention which has big bandwidth, if i have a good hardware anti-ddos/firewall already, do i still need to have subscribe to these services?
Dedicated Server With Anti Ddos Feature = Reliable Web Host
Jun 3, 2008i would like to have reliable web host who can provide
1- anti ddos
2- fully managed dedicated server
3- server location - traffic mostly come from asia regions for 60% and usa for 25% - pls suggest the best location
4- bandwidth req 2500 gb
5- hard space - 1000 gb
6- daily backup req
7 - cost ?
Netstat :: How To List IP Addresses?
May 19, 2009My site is under attack, when i run this command
[php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php
it show
1 116.xxx
1 118.xxx
1 203.xx
1 222.xxx
1 Address
1 servers)
3 115.xxx
3 123.xxx
4 58.xxx
10 127.0.0.1
694
What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?
How Do I See A List Of Blocked IP Addresses
Feb 15, 2008to know whatever command to use to see which ip's are blocked from my server.
View 10 Replies View RelatedBlock A Range Of IP Addresses?
Feb 27, 2007Server: OS RHEL 4
Web Server: Apache1.3.37
Hi. I want to block a range of IPs. Currently, I use the following command as an effective weapon against the IPs of people I find in the log trying to do bad things.
/sbin/route add -host x.x.x.x reject
Works like a charm. I then put the offending IP in the file /etc/rc.d/rc.local so that it will reload the bad ips when the server reboots next.
I also use the CSF/LFD firewall, and it successfully blocks single, offensive IPs also.
What I need, though, is the ability to block an entire range of IPs. For example, i have a very persistent hacker trying to access from a certain range like so....
255.155.x.x.
The last two numbers are always changing but the first two remain the same.
How do I block this "range" of IPs from accessing my server?
Note, I know how to block a range of IPs in a .htaccess file for a certain account, I put this in the .htaccess file...
deny from 205.196.
But when I try this with /sbin/route, it will not accept the ip. My firewall will also not accept a range of IPs.
How To Block All And Allow Certain IP Addresses Range
May 7, 2007Is there any way to block all and just allow certain IP using APF or iptables?
I want to block all the traffic to the server and just alow IP range.
Block All IP Addresses Except One From Accessing Server.
Jan 28, 2007The subject pretty much says it all. A simple implementation / reversal is what we are looking for.
View 1 Replies View RelatedWay To Block IP Addresses Windows 2003 Or Hotbrick
Dec 3, 2007Recently our windows 2003 server, running Microsoft SQL 2005 has been the victim of brute force attacks on the MS SQL admin account. They are unsuccessful, but its annoying all the logged entries in event viewer and the extra stress they are putting on the server asking to authenticate 25 – 60 times a minute.
It comes from the same IP addresses. Is there a way to configure a software fix to block these ip addresses completely from the server? We are running a Hotbrick NAT router, SPI firewall but to my knowledge there is no way to configure an individual IP block with it. Here is link to the specs on the Hotbrick we have:
[url]
DDOS Deflate Block Server IP
Aug 4, 2009i have problem when using ddos deflate for ddos protection in my server,
i get this message,
Quote:
Banned the following ip addresses on Tue Aug 4 13:12:37 WIT 2009
67.21.44.60 with 4011 connections
ddos deflate is blocking my server ip, what's wrong?
: 67.21.44.60 not real my server ip just for sample
I Want To Block IP Address Of Ddos Like Behavior
Oct 18, 2009Like exceeding 60 connections per minute same IP = automatically blocked.
How do I set it up?
How To Use Ddos Deflate To Block IP Permanently
May 26, 2008I use deflate to prevent ddos attack.
But after I start deflate, I still keep seeing a lot of connection from certain IP.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
87 218.86.252.158
363 219.150.191.62
501 60.216.238.212
I want to block those IPs permanently.
How can I do that.
Block DDOs SYN_RECV Attack
Dec 5, 2008My server is under DDOS attack. Its getting more than 1000 SYN_RECV requests. Please let me know how can I protect my server from it.
View 7 Replies View RelatedPlesk 11.x / Linux :: Anti-virus And Anti-spam Enabled By Default On Mailbox Creation?
May 27, 2013It is possible to have anti-virus and anti-spam enabled by default when we go to "CREATE E-MAIL ADRESS" -> "SPAM FILTER" / "ANTI-VIRUS" is always disabled.
View 13 Replies View RelatedHow To Block IP Addresses In Windows 2003 Server - Software Firewall
Jun 18, 2007I am running windows 2003 server.
Recently, there have been brute force attacks to try and compromise my sa password (MSSQL) and root password (MYSQL).
I would like to block certain ip addresses, but looking in the built in firewall in windows I don't see a way to do this. Is this possible with the built in tools/firewall that comes with windows 2003?
If not, can anybody recommend a simple firewall solution that will allow me to block ip addresses? I don't want something that is bloated and blocks popups, viruses, adware, etc. I just want a solution that will allow me to block ip addresses and prevent brute force attacks.
How Do You Detect And Block Ddos Or Large Number Of Connection
Nov 7, 2008sometimes, some people may try to guess the password of ssh,whm,ftp,...etc,
or any ddos attack,
do you only use iptables to place this problem?
or do you install any other scripts to secure your server?
my serve is centso.
Apf Anti-dos Acting As Anti-user
Feb 7, 2007Seems like I'm having considerable problems with APF's antidos feature. I keep getting legit users banned from my site, and don't know how to stop it (other than disabling antidos altogether, but I guess there should be another way).
I've already set:
TRIG="100"
SF_TRIG="100"
...in the antidos configuration file but I'm still seeing more and more legit IPs getting added to ad.rules. I've read that raising or lowering LN="100" is the other tweak I should try, but there simply is no such value defined in my conf.antidos file.
Another thing I noticed that, although I only got two notification mails telling me about "attackers" blocked by antidos, there are roughly 40 entries in ad.rules. As a matter of fact, I don't understand what antidos is doing there in the first place. Seems like iptables doesn't log to var/log/messages anyway, at least not on my machine - so where is antidos getting those ips from?
Being Ddos'd By A U.K Ddos Protection Company - Dragonara.net
Nov 7, 2008it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
Anti-Virus Recommendations
Apr 13, 2009We have 2 servers, one running Windows 2003 Enterprise that hosts a ColdFusion app, and one running Windows 2003 Standard that hosts our SQL database that is used by the CF app. Nothing else runs on them.
Does anyone have any suggestions for anti-virus products that we could use on these? I don't want one of those elaborate and expensive "suite" programs. I just need to protect the boxes.
I use Kaspersky on our individual machines, and I really don't care much for Norton anymore.