We have 2 servers, one running Windows 2003 Enterprise that hosts a ColdFusion app, and one running Windows 2003 Standard that hosts our SQL database that is used by the CF app. Nothing else runs on them.
Does anyone have any suggestions for anti-virus products that we could use on these? I don't want one of those elaborate and expensive "suite" programs. I just need to protect the boxes.
I use Kaspersky on our individual machines, and I really don't care much for Norton anymore.
"What anti-virus do you use on your postfix email server powered by Plesk?".Is there an anti-virus program that can be installed on Plesk version 12.0.18 as an extension or component? I need it primarily for protection of incoming email from malware.I've seen in Add or Remove Components in the Mail hosting features that I have installed Kaspersky antivirus, but I didn't seen anywhere that it actually can be configured from within Plesk. It also, as far as I can see, doesn't do anything. what is Kaspersky antivirus used for in Plesk and how can I configure it?
Seems like I'm having considerable problems with APF's antidos feature. I keep getting legit users banned from my site, and don't know how to stop it (other than disabling antidos altogether, but I guess there should be another way).
I've already set: TRIG="100" SF_TRIG="100"
...in the antidos configuration file but I'm still seeing more and more legit IPs getting added to ad.rules. I've read that raising or lowering LN="100" is the other tweak I should try, but there simply is no such value defined in my conf.antidos file.
Another thing I noticed that, although I only got two notification mails telling me about "attackers" blocked by antidos, there are roughly 40 entries in ad.rules. As a matter of fact, I don't understand what antidos is doing there in the first place. Seems like iptables doesn't log to var/log/messages anyway, at least not on my machine - so where is antidos getting those ips from?
Does anyone know of any virus protection software that will work with Cpanel. Actually it probably doesn't have to work with Cpanel.. but here is my situation..
I have a lot of people uploading PDF’s and Word docs to our MySQL database, for other people to download. So far I have been downloading the files to my computer first and scanning them, then approving them. it would be nice if I can automate this check some how. I'm wondering of anyone out there does this sort of thing with the dedicated servers they run. Maybe just putting virus software on the server is good enough.
I am looking to backup client data to a second hard drive on the server. I was wondering if there is any way to protect this data from virus's or any other software attack that may compromise the server data.
There's supposed to be a virus on one of my server (called "cdpuvbhfzz"). Anyone has any idea on how to remove it? What software to install, what do do next. Also, is transferring an infected account on a different machine is also transferring a virus?
In the event of hosting a web program, who is responsible for the security, ie against hackers, virus and the like. Is it the hosting company or the program developer or the person running the website? Also, what is the best thing to do, with personal computers there's anti virus software, but what about the case of an entire website, do anti virus software companies have solutions for entire websites?
I wonder which virus scanner software is useful for Unix server(Centos 4.5). One of my client install SMF forum and when visitors access the forum,their virus scanner warn that site is affected by trojan. I used Clamav to scan entire home directory but seem nothing found.
Alright guys - my server the past two weeks is just freaking ridiculous. It's a Core2Quad Q9300 2.5ghz server with 8gb of ram. It should be fast as hell. I can't move 20 e-mails in my mail client without the server grinding to a complete halt and httpd and mysql going unresponsive. Right now I'm just trying to copy a damned screen shot of the task manager performance tab and it's taking about 3 minutes to paste it - even though the CPU utilization is averaging only 20% at the moment and memory is only 2.5gb.
I restarted WAMP and now it seems to be running smoother. My Outpost firewall, though, didn't show too many connections to the server that it was maxing out.
Here's my ping responses just now while I was typing this - I was watching the firewall connections and I was only having like 60 connections to httpd, 20 connections to mysql, 5-10 to my SmarterTools mail server, and then my remote desktop connection. My network utilization got up to a whole 5% - so it's not that I have too many connections or something. Here's the ping responses:
C:Documents and SettingsBrian>ping mifbody.com -n 99
Pinging mifbody.com [126.96.36.199] with 32 bytes of data:
Reply from 188.8.131.52: bytes=32 time=70ms TTL=115 Reply from 184.108.40.206: bytes=32 time=73ms TTL=115 Reply from 220.127.116.11: bytes=32 time=81ms TTL=115 Reply from 18.104.22.168: bytes=32 time=78ms TTL=115 Reply from 22.214.171.124: bytes=32 time=71ms TTL=115 ....
i have 2 blogs with ixwebhosting.com from 1 1/2 years. from 10 days my blogs are getting attack frequently. every time i am cleaning and reporting to them. they are also clean it. but it is attacking again. They said my system has virus. (but i have latest bitdifender 2010 total security,probably the best antivirus) i also have account with 3 more hosts with many sites. everything works fine.
i am asking them why only this account getting affected if i have virus in my system.i already moved one site to another host where it is working fine now. Except this problem they are very good. So i can't left them.
if any one has experience this kind of problems, please suggest me what to do?
it seems people tell Dos Deflate is the best basic antiddos script and tons of webhosts use it.
I think its ratter old and it doesnt work for anything these days. Why do hosts still run it? And why isnt there a better alternative?
I used Deflate some years ago and I got problems. And tried then after some years again and nothing changed, the same basic old script which counts connections and ban IPs.
The think with Deflate is that if you have a high limit, lets say ban with 150 connections per IPs, its absolutely worthless for attacks, since you are letting already 150 connections per IP.
And if you lower it at least me got with tons of problems banning real visitors. Even over 150 I had complaints about real visitors on a server telling the server blocks him. Dont ask me how someone has 150 connections to a servers but I got complaints from multiples people over the world the 1 month i had it running over a 2 years ago.
I also see a really big problem with it. Allot of ISP share IPs between users. So its really possible you get 200 connections from the same IP and they are different users. Banning an IP based on the connections you can probably shutdown a full IPS and their visitors. I wish there was a better solution but using a high value like 300 or 500 doesnt make sense in a Dos attack. And if you use a low value you start to get into problems.
We agree it will not work with distributed attacks but I dont think it can even work with single attacks since besides connection count it doesnt seem to be any more analisys behaviour.
The way I would make a script like that. Is to check all traffic and IPS all the time. And mark IPs that always access a server ass good ones. The newer the IP the more suspicious. On a attack this way real visitors would still pass but attackers will not as they are new ips. You can also match then the number of times its connecting, how long, etc.
Over the past number of years there has been an obvious increase in credit card fraud and identity theft.
Our policies have always tried to stay a step ahead but it seems no matter what is done the occasional fraudster manages to squeeze through, costing us a lot of money. At one some point in early 2009, it got as bad as 60% of the orders we received. It ended up eating a LOT of our time just to go through each order and verify them as best we could.
What methods do you use to fight fraud?
I'll start with some of the things we do.
- Require CVV code on the credit card - We call the customer's telephone number and verify with them. - Verify the telephone number matches the region of the address they provide - Require the CC issuing Bank's name and number - We often require the customer to fax a signed credit card authorization form - GeoIP matches location of the address in the order
Obviously the big challenge is proving that the person placing the order is the actual owner of the card. I've received the correct CVV, spoken with the customer on the phone number, had the phone number match the region... non-US so I wasn't able to verify their telephone details with the issuing bank. Had the GeoIP match and still found out it was fraud.
On a side note: Am I the only one that feels banks and those issuing credit cards need to take more responsibility for a system that's clearly broken? Even after going through the process above, it can still be fraud with a chargeback issued. In those cases, the company loses the money they made, pay a fee to the payment provider, lost time for Sales Reps and Tech Reps, and of course they lose money on hardware, electricity and bandwidth.
I am running Win2003 server with Plesk 8.3. Antivirus running is F-Prot. Me and my clients have been getting a lot of spam emails and I am looking for suggestions on how to stop them. Plesk seems to provide some options for checking blacklisted spam servers but I was not too satisfied with the result. Maybe I was not looking up the right urls?
So, any suggestions on blocking the spam would be welcome. I am ready to pay for it too...but I am on a very tight budget. A free solution would be the best for me at the moment.
I also used SpamAssasin for a time being but it did not work out to any of my client's satisfaction even after a month's "training" of SpamAssasin.