You are not logged in. [Log In] UBB.threads PHP Forum Software Community » Forums » Managing & Customizing your Board » How do I? » Server getting attacked
Register User    Portal Page     Forum List        Calendar     Active Topics     Search     FAQ
Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online
6 registered (Ruben, SD, nims2, Dunny, GregK, SteveS), 22 Guests and 14 Spiders online.
Key: Admin, Global Mod, Mod
Featured Member
mig
mig
Registered: 07/22/05
Posts: 39
Top Posters (30 Days)
Ruben 65
SD 57
Gizmo 53
gliderdad 32
Iann128 22
Dunny 21
Steve C 20
driv 18
dbremer 16
Stan 15
Latest Photos
Testing
Basildon Train Station
Basildon Town Centre looking from the rounderbout
Basildon Town Square
Gizzo Marx
Page 1 of 4 1 2 3 4 >
Topic Options
#234647 - 02/10/10 10:56 PM Server getting attacked
Stan Offline

addict 		Registered: 06/05/06
Posts: 687
my 1and1.com vps, according to the tech person at 1and1.com is coming under, i think he called it brute force attack from various places like china etc, and is shutting down my forum..

He suggested installing
man hosts.deny

Does anyone know how to do that? or what it does?

Thanks
_________________________
As of Aug - 2010 I am using version 7.5.6 and hosted by http://www.mindraven.com/

UBBsite
http://clubadventist.com
Top
Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
#234648 - 02/10/10 11:19 PM Re: Server getting attacked [Re: Stan]
SD Online partay
Registered: 04/19/07
Posts: 4031
Loc: SoCal, USA
IP tables basically..

you might be better served to install a firewall that wraps the IPTables and has a very easy interface..

CSF firewall.. also handles the brute force crap that is inevitable on ANY server on the NET...

lots of things can be done.. ie: change your SSH port from 22 to a non standard... don't allow root SSH at all.. make them 'su' after login... and much more wink

i have the firewall automatically ban 'bad guys' and email me about it... makes for major peace of mind..

here's a typical example...

Code:
Time:    Wed Feb 10 20:25:46 2010 -0800
IP:      140.123.1.12 (TW/Taiwan Province of China/dns6.ccu.edu.tw)
Hits:    11
Blocked: Temporary Block

Sample of block hits:
Feb 10 20:24:16 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=194 TOS=0x00 PREC=0x00 TTL=56 ID=57140 PROTO=UDP SPT=53 DPT=40421 LEN=174 Feb 10 20:24:16 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=194 TOS=0x00 PREC=0x00 TTL=56 ID=57141 PROTO=UDP SPT=53 DPT=40421 LEN=174 Feb 10 20:24:18 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=153 TOS=0x00 PREC=0x00 TTL=56 ID=57202 PROTO=UDP SPT=53 DPT=40421 LEN=133 Feb 10 20:24:21 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=238 TOS=0x00 PREC=0x00 TTL=56 ID=57310 PROTO=UDP SPT=53 DPT=40421 LEN=218 Feb 10 20:24:21 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=420 TOS=0x00 PREC=0x00 TTL=56 ID=57311 PROTO=UDP SPT=53 DPT=40421 LEN=400 Feb 10 20:24:22 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=153 TOS=0x00 PREC=0x00 TTL=56 ID=57341 PROTO=UDP SPT=53 DPT=40421 LEN=133 Feb 10 20:24:23 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=238 TOS=0x00 PREC=0x00 TTL=56 ID=57362 PROTO=UDP SPT=53 DPT=40421 LEN=218 Feb 10 20:24:23 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=420 TOS=0x00 PREC=0x00 TTL=56 ID=57371 PROTO=UDP SPT=53 DPT=40421 LEN=400 Feb 10 20:24:25 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=238 TOS=0x00 PREC=0x00 TTL=56 ID=57405 PROTO=UDP SPT=53 DPT=40421 LEN=218 Feb 10 20:24:33 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=227 TOS=0x00 PREC=0x00 TTL=56 ID=57580 PROTO=UDP SPT=53 DPT=40421 LEN=207 Feb 10 20:24:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:76:c2:8f:9e:00:17:df:8d:64:0a:08:00 SRC=140.123.1.12 DST=74.50.5.2 LEN=227 TOS=0x00 PREC=0x00 TTL=56 ID=57976 PROTO=UDP SPT=53 DPT=40421 LEN=207


I usually have taiwan, china and ukraine dudes running automated scanners and most servers have the same.. just have a good security setup... STRONG passwords and you'll be fine wink
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
#234658 - 02/11/10 09:40 AM Re: Server getting attacked [Re: SD]
Bad Frog Offline
addict 		Registered: 05/13/08
Posts: 593
Loc: Coast of Maine
if his site is hosted on 1and1, shouldn't they be handling that?
_________________________
"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Top
#234666 - 02/11/10 12:20 PM Re: Server getting attacked [Re: Bad Frog]
JAISP Offline
old hand 		Registered: 02/10/07
Posts: 1144
You would think.
Top
#234669 - 02/11/10 12:26 PM Re: Server getting attacked [Re: JAISP]
SD Online partay
Registered: 04/19/07
Posts: 4031
Loc: SoCal, USA
it all depends... if it's a shared hosting solution, i'd assume so.. dunno what 1and1 is offering for him..

sometimes dedicated server packages just leave security up to the client or they charge for a 'managed hosting' kinda dealio to do that..
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
#234670 - 02/11/10 12:35 PM Re: Server getting attacked [Re: SD]
Stan Offline

addict 		Registered: 06/05/06
Posts: 687
it is a VPS, full root access, I understand the onus us on me to do what is needed. They look after problems with shared servers.
_________________________
As of Aug - 2010 I am using version 7.5.6 and hosted by http://www.mindraven.com/

UBBsite
http://clubadventist.com
Top
#234671 - 02/11/10 12:45 PM Re: Server getting attacked [Re: Stan]
Bad Frog Offline
addict 		Registered: 05/13/08
Posts: 593
Loc: Coast of Maine
I know when I see things like what you are talking about, I start blocking IP ranges in .htaccess

when I start seeing questionable errors, etc, I check the IP address against various databases to see if they are a known spammer or the like.

I also use a very old script called guardian from xav.com that allows me to add filters, so if someone is probing my site for known hacks and they match my filters, they get hit with a DOS and are automatically locked out of the site. anything that doesn't match an existing condition I get notified about so I can check it out.
_________________________
"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Top
#234675 - 02/11/10 01:02 PM Re: Server getting attacked [Re: Bad Frog]
Stan Offline

addict 		Registered: 06/05/06
Posts: 687
>>I start blocking IP ranges in .htaccess

Can that be done in the server root? I know it can be done in the domain root.

SIRDUDE... the stuff is way over my head, remember in tecky world I am only 11 inches tall. smile
_________________________
As of Aug - 2010 I am using version 7.5.6 and hosted by http://www.mindraven.com/

UBBsite
http://clubadventist.com
Top
#234681 - 02/11/10 01:07 PM Re: Server getting attacked [Re: Stan]
Bad Frog Offline
addict 		Registered: 05/13/08
Posts: 593
Loc: Coast of Maine
I'm on a virtual server, my htaccess in my root directory, vannin.com/.htaccess - same folder as your maine index page, robots.txt, etc.

I have it blocked so you can't browse it.
_________________________
"No matter where you go, there you are."
"If you can't do something smart, Do something right"
"There are three kinds of people in the world, those who can count, and those who can't"
Top
#234682 - 02/11/10 01:09 PM Re: Server getting attacked [Re: Stan]
SD Online partay
Registered: 04/19/07
Posts: 4031
Loc: SoCal, USA
yah..

the quick/dirty way is just to add 'bad IPs' to your .htaccess in the domain root (public_html or httpdocs)

then you don't have those ips hitting your ubbthreads and causing undue load on queries that they shouldn't be allowed to do..

as for the other geek stuff i posted.. it's prolly best to have a geek do it (maybe your hosting provider should do it for FREE! )

dunno smile
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
Page 1 of 4 1 2 3 4 >



Moderator:  AllenAyres, Harold, Ian, Ron M 
Shout Box

Today's Birthdays
No Birthdays
Recent Topics
A positive note
by SteveS
Yesterday at 09:36 PM
How to locate links to particular site if they are only used in images?
by Conrad
02/10/12 09:41 PM
Pictures not displaying
by Marker23
02/09/12 10:04 PM
Issue with logging out constantly
by Flanuva
02/09/12 07:05 PM
Long thread, UBB code not parsing
by Bad Frog
02/09/12 07:47 AM
Forum Stats
10213 Members
36 Forums
33666 Topics
180902 Posts

Max Online: 978 @ 06/24/07 11:19 PM
Random Image
Board Rules · Mark all read
Contact Us · UBBCentral · Top