You are not logged in. [Log In] UBB.threads PHP Forum Software Community » Forums » Managing & Customizing your Board » How do I? » Server getting attacked
Register User    Portal Page     Forum List        Calendar     Active Topics     Search     FAQ
Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online
3 registered (57-Vette, Stan, SteveS), 55 Guests and 17 Spiders online.
Key: Admin, Global Mod, Mod
Featured Member
Registered: 10/19/08
Posts: 52
Top Posters (30 Days)
Ruben 50
DennyP 24
Gizmo 23
Dunny 15
SteveS 13
AllenAyres 12
dbremer 10
SD 10
drkknght00 9
doug 8
Latest Photos
OK Corral Shoot Out
Testing
Basildon Train Station
Basildon Town Centre looking from the rounderbout
Basildon Town Square
Page 1 of 4 1 2 3 4 >
Topic Options
#234647 - 02/10/10 10:56 PM Server getting attacked
Stan Online partay

old hand 		Registered: 06/05/06
Posts: 709
my 1and1.com vps, according to the tech person at 1and1.com is coming under, i think he called it brute force attack from various places like china etc, and is shutting down my forum..

He suggested installing
man hosts.deny

Does anyone know how to do that? or what it does?

Thanks
Top
Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
#234648 - 02/10/10 11:19 PM Re: Server getting attacked [Re: Stan]
SD Offline
Registered: 04/19/07
Posts: 4056
Loc: SoCal, USA
IP tables basically..

you might be better served to install a firewall that wraps the IPTables and has a very easy interface..

CSF firewall.. also handles the brute force crap that is inevitable on ANY server on the NET...

lots of things can be done.. ie: change your SSH port from 22 to a non standard... don't allow root SSH at all.. make them 'su' after login... and much more wink

i have the firewall automatically ban 'bad guys' and email me about it... makes for major peace of mind..

here's a typical example...

Code:
Time:    Wed Feb 10 20:25:46 2010 -0800
IP:      140.123.1.12 (TW/Taiwan Province of China/dns6.ccu.edu.tw)
Hits:    11
Blocked: Temporary Block

Sample of block hits:
Feb 10 20:24:16 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=194 TOS=0x00 PREC=0x00 TTL=56 ID=57140 PROTO=UDP SPT=53 DPT=40421 LEN=174 Feb 10 20:24:16 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=194 TOS=0x00 PREC=0x00 TTL=56 ID=57141 PROTO=UDP SPT=53 DPT=40421 LEN=174 Feb 10 20:24:18 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=153 TOS=0x00 PREC=0x00 TTL=56 ID=57202 PROTO=UDP SPT=53 DPT=40421 LEN=133 Feb 10 20:24:21 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=238 TOS=0x00 PREC=0x00 TTL=56 ID=57310 PROTO=UDP SPT=53 DPT=40421 LEN=218 Feb 10 20:24:21 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=420 TOS=0x00 PREC=0x00 TTL=56 ID=57311 PROTO=UDP SPT=53 DPT=40421 LEN=400 Feb 10 20:24:22 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=153 TOS=0x00 PREC=0x00 TTL=56 ID=57341 PROTO=UDP SPT=53 DPT=40421 LEN=133 Feb 10 20:24:23 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=238 TOS=0x00 PREC=0x00 TTL=56 ID=57362 PROTO=UDP SPT=53 DPT=40421 LEN=218 Feb 10 20:24:23 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=420 TOS=0x00 PREC=0x00 TTL=56 ID=57371 PROTO=UDP SPT=53 DPT=40421 LEN=400 Feb 10 20:24:25 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=238 TOS=0x00 PREC=0x00 TTL=56 ID=57405 PROTO=UDP SPT=53 DPT=40421 LEN=218 Feb 10 20:24:33 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=227 TOS=0x00 PREC=0x00 TTL=56 ID=57580 PROTO=UDP SPT=53 DPT=40421 LEN=207 Feb 10 20:24:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=227 TOS=0x00 PREC=0x00 TTL=56 ID=57976 PROTO=UDP SPT=53 DPT=40421 LEN=207


I usually have taiwan, china and ukraine dudes running automated scanners and most servers have the same.. just have a good security setup... STRONG passwords and you'll be fine wink
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
#234658 - 02/11/10 09:40 AM Re: Server getting attacked [Re: SD]
Bad Frog Offline
addict 		Registered: 05/13/08
Posts: 596
Loc: Coast of Maine
if his site is hosted on 1and1, shouldn't they be handling that?
_________________________
"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Top
#234666 - 02/11/10 12:20 PM Re: Server getting attacked [Re: Bad Frog]
JAISP Offline
old hand 		Registered: 02/10/07
Posts: 1144
You would think.
Top
#234669 - 02/11/10 12:26 PM Re: Server getting attacked [Re: JAISP]
SD Offline
Registered: 04/19/07
Posts: 4056
Loc: SoCal, USA
it all depends... if it's a shared hosting solution, i'd assume so.. dunno what 1and1 is offering for him..

sometimes dedicated server packages just leave security up to the client or they charge for a 'managed hosting' kinda dealio to do that..
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
#234670 - 02/11/10 12:35 PM Re: Server getting attacked [Re: SD]
Stan Online partay

old hand 		Registered: 06/05/06
Posts: 709
it is a VPS, full root access, I understand the onus us on me to do what is needed. They look after problems with shared servers.
Top
#234671 - 02/11/10 12:45 PM Re: Server getting attacked [Re: Stan]
Bad Frog Offline
addict 		Registered: 05/13/08
Posts: 596
Loc: Coast of Maine
I know when I see things like what you are talking about, I start blocking IP ranges in .htaccess

when I start seeing questionable errors, etc, I check the IP address against various databases to see if they are a known spammer or the like.

I also use a very old script called guardian from xav.com that allows me to add filters, so if someone is probing my site for known hacks and they match my filters, they get hit with a DOS and are automatically locked out of the site. anything that doesn't match an existing condition I get notified about so I can check it out.
_________________________
"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Top
#234675 - 02/11/10 01:02 PM Re: Server getting attacked [Re: Bad Frog]
Stan Online partay

old hand 		Registered: 06/05/06
Posts: 709
>>I start blocking IP ranges in .htaccess

Can that be done in the server root? I know it can be done in the domain root.

SIRDUDE... the stuff is way over my head, remember in tecky world I am only 11 inches tall. smile
Top
#234681 - 02/11/10 01:07 PM Re: Server getting attacked [Re: Stan]
Bad Frog Offline
addict 		Registered: 05/13/08
Posts: 596
Loc: Coast of Maine
I'm on a virtual server, my htaccess in my root directory, vannin.com/.htaccess - same folder as your maine index page, robots.txt, etc.

I have it blocked so you can't browse it.
_________________________
"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Top
#234682 - 02/11/10 01:09 PM Re: Server getting attacked [Re: Stan]
SD Offline
Registered: 04/19/07
Posts: 4056
Loc: SoCal, USA
yah..

the quick/dirty way is just to add 'bad IPs' to your .htaccess in the domain root (public_html or httpdocs)

then you don't have those ips hitting your ubbthreads and causing undue load on queries that they shouldn't be allowed to do..

as for the other geek stuff i posted.. it's prolly best to have a geek do it (maybe your hosting provider should do it for FREE! )

dunno smile
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
Page 1 of 4 1 2 3 4 >



Moderator:  AllenAyres, Harold, Ian, Ron M 
Shout Box

Today's Birthdays
No Birthdays
Recent Topics
Temporary Password email not being received
by
05/24/12 10:02 PM
Ability to "like" individual posts (not Facebook "likes)
by doug
05/23/12 09:03 AM
Island Permissions
by ThreadsUser
05/22/12 03:03 PM
streaming video
by prkrgrp
05/20/12 07:02 PM
New Posts Corrupted? Can someone help?
by PianoWorld
05/19/12 09:41 AM
Forum Stats
10492 Members
36 Forums
33842 Topics
181709 Posts

Max Online: 978 @ 06/24/07 11:19 PM
Random Image
Board Rules · Mark all read
Contact Us · UBBCentral · Top