Results 1 to 9 of 9
  1. #1
    ABW Ambassador Ron Bechdolt's Avatar
    Join Date
    January 18th, 2005
    Location
    Affiliateville, USA
    Posts
    7,927
    Hosting Problem
    Anyone know if there is anything that can be done about this problem (got this from support services at my server company yesterday):

    It looks like your server is under attack on port 25. I had to stop exim as the load on the server was above 50. I've checked and the attack is from random IPs so there is not much we can do about it.
    I suggest you leave exim stopped and try starting it later.
    Problem is the server was back up after two hours of working with support but I see it is down again today. This is a second server I have with very little business sites.
    Ron Bechdolt | Affiliate Program Management Consultant
    7 Days A Week Marketing

  2. #2
    Full Member TLE's Avatar
    Join Date
    January 21st, 2005
    Location
    Southern California
    Posts
    338
    Hi Ron,

    25 is email/smtp, you can shutdown your email server on this box which may help, depending on the volume of the attack.

    Otherwise, you'll need to get a (hardware) firewall; move; or find the attacker and make peace.

    Good Luck,
    Tuan
    [url="http://www.wholesaler.com"]Wholesaler.com[/url]

  3. #3
    ABW Ambassador Ron Bechdolt's Avatar
    Join Date
    January 18th, 2005
    Location
    Affiliateville, USA
    Posts
    7,927
    Well, today the message from support is "It seems your server is under a heavy DoS attack. Please provide the root passwd so I can check. Temporary it's up, but http is down."
    Ron Bechdolt | Affiliate Program Management Consultant
    7 Days A Week Marketing

  4. #4
    Newbie
    Join Date
    July 15th, 2006
    Location
    Richmond, VA
    Posts
    6
    Hey Ron,

    a DDOS is possibly the worst possible attack on a network, when that happens you just have to kind of let it go and then patch up after its finished. Its aimed at finishing off a network or stop as much traffic as possible from going to it.

    If your interested I might be able to help you out with hosting (if you think about switching, one of our guys might be able to assist you.)

    So as far as the DDOS there isnít much they can do until it has stopped (port 25 one is just flooding the mail server with random spam). Might be able to shut it down but its not a good option normally.

    Best Regards,

    Denis Motova
    HostICan Affiliate Manager
    AIM: lnxcode
    E-mail: dmotova@hostican.com
    Office: 804-550-3118 ext 3202

  5. #5
    Newbie alt-j's Avatar
    Join Date
    March 11th, 2006
    Location
    down here
    Posts
    19
    Actually, there are some things that can be done especially if they're targeting your host specifically with a DDoS instead of your provider's network. If you're running Linux, it's pretty easy to throttle connections on a per-IP level. (e.g. drop all connection attempts from a specific address if they try to make more than 100 connections within a 1 minute period.)

    I run a simple script to throttle brute-force password attacks against SSH on most of my servers and it works great!

    I can't receive PMs here (yet) but you can e-mail me at my gmail account (altjay) and I can send you more detail if you're interested.

  6. #6
    Newbie
    Join Date
    July 15th, 2006
    Location
    Richmond, VA
    Posts
    6
    However, again that depends on how many servers you have if you have 600 servers and your customers are in excess of 20,000 it would be a little difficult.

    But yes, if you have a single solution what alt-j said would work.

  7. #7
    Newbie alt-j's Avatar
    Join Date
    March 11th, 2006
    Location
    down here
    Posts
    19
    If you have 600 servers and 20,000 customers you should have equipment and expertise in house that can deal with such attacks. There are other solutions that scale well for protection against attacks on larger networks.

    He did mention that it was one server. I've posted the Linux firewall rules I use for limiting connections here:
    http://www.alt-j.com/files/SSH_Brute_Force.bash
    !!! Use this script at your own risk !!!

    It blocks an IP for 2 minutes if it tries to make 5 connections in a 60 second period. These are not good settings for a webserver (due to multiple requests required to display a page.) Tweak for your own use and be careful that you don't accidently block everything on your server. (I did this a few times on my test server before putting it on my real server.)

    You will also want to take into consideration certain ISPs that send all of their requests through a proxy. These may appear to be an attack according to this script.

  8. #8
    Affiliate Manager
    Join Date
    June 17th, 2006
    Posts
    108
    In case your server is attacked on 25 port. I would suggest to get a mailfoundry hosted account and point your MX records to their servers. MailFoundry is extremely good with filtering spam and they are using server farm that should be capable to survice from the DDOS attack.

    In case your server port 80 is a target of teh attack you can put the following in the .htacces file located in the document root of your apache webserver /usr/local/apache/htdocs/.htaccess :

    <Directory />
    AllowOverride None

    Order Deny,Allow
    Deny from all
    </Directory>


    Attackers attack servers via IP and teh following script will tell apache to ignore all requests by ip number, but virtual hosting sites will work.

    Its a dumb solution, but helps in many cases when DDOS atack is not heavy and teh attackers are not smart

  9. #9
    AM Navigator Geno Prussakov's Avatar
    Join Date
    May 10th, 2005
    Location
    Washington D.C. Metro Area
    Posts
    11,798
    Serge is the man!

    Just get a new host, Ron.

    Geno

  10. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Domain Hosting Problem Solution
    By Vandvshop in forum Domains & Hosting
    Replies: 6
    Last Post: May 29th, 2015, 01:18 PM
  2. Replies: 8
    Last Post: October 30th, 2004, 11:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •