Fedora Networking :: VPS - Blocking HTTPD DOS Attacks?
Apr 6, 2010
I have a VPS which is running HTTPD, and its getting blown to bits by a DOS Attack. Turns out mod_evasive is totally useless (due to not running a total - rather counting per child process) and the only way to stop the box from running at 100% on all cores is to term HTTPD. So, what rules can I implement on the iptables firewall to block multiple requests from an IP? I saw this: [URL] Where someone has posted some rules but these dont work ("unknown error 4294967295" on the 3rd line). This is what i'm after though - block multiple requests from a single IP for a certain period of time.
View 3 Replies
ADVERTISEMENT
Sep 19, 2010
I have installed fedora 13 in my system. httpd server is also installed. when I tried to start the service of httpd, following error message displayed: Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
View 1 Replies
View Related
Apr 21, 2009
I have a lifttime premium account at Megaupload.com. Recently I found that megaupload has blocked all IPs in my area. I have sent emails to their tech but nothing has returned!!I have tried to use proxies to download stuff from megaupload, however, none of them works for suspected bandwidth reason, not to mention that it might be slow too.
View 5 Replies
View Related
Aug 8, 2009
So, let's say there was a website www.qwerty.com, which is completely appropriate if not necessary except for the asdfg subfolder (www.qwerty.com/asdfg), which contains,say, pornographic material I want blocked. Is there any way to block "asdfg" without blocking the entire domain (www.qwerty.com)? I already tried editing my hosts file, but apparently that only works for whole domains.Also, while we're at it, can the hosts file be used to actually block IP addresses, or just domain names (so if I wanted qwerty.com with IP of 128.127.126.125 to be completely blocked, but know my family or employees are little smarter than that, I could add the line "0.0.0.0 128.127.126.125" to prevent all access to that website)?
View 3 Replies
View Related
Jul 9, 2011
Friends the following shall block a particular machine in the same network, what can be done if it is dynamic IP and from other network?
iptables -A INPUT -s 192.168.0.0/24 -m mac --mac-source 00:50:8D:FD:E6:32 -j DROP
View 3 Replies
View Related
Mar 12, 2009
when I try to connect to internet SELinux give my a preventing NetworkManager here is what its say:
Code:
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "getattr" to /dev/ppp
(ppp_device_t).
[Code]....
View 2 Replies
View Related
Dec 1, 2009
I can not stablish PPTP VPN because SELinux blocking Network Manager.
I get the following:
Summary: SELinux is preventing NetworkManager (NetworkManager_t) "unlink" to ./reso
Code:
I'm attaching complete alert.
View 1 Replies
View Related
Apr 9, 2010
I need to learn how to analyze network traffic for attacks and while finding the attack seems easy in my case I need to identify what hes doing. I will be happy right now if you guys can answer my question. How to identify if an attack has brought the server down? I have packet captures of an attack in progress and I noticed that every now and then the attacker would do something weird and the server would start sending packets with just the RST packet sent in response. Normally I had been seeing the RST ACK flags set or the FIN ACK bits set to terminate a connection. So once again my question is how do I tell if the traffic indicates a server crash?
View 1 Replies
View Related
Jan 6, 2011
my task is to store the data to a file at server sent via HTTP POST, i written suitable cgi script in C, but the PROBLEM is that i can't complete the task, I guess i require server permission to do so, how to configure server or how to get access right from server to store data to a file.
View 3 Replies
View Related
Mar 23, 2010
For system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.
View 4 Replies
View Related
Dec 25, 2010
I have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
#define DEBUG
#include <fcntl.h>
#include <string.h>
[code]...
View 5 Replies
View Related
Dec 24, 2010
I'm new to Apache configuration so could be misunderstanding but shouldn't the characters highlighted in red below be removed?
Code:
View 9 Replies
View Related
Nov 9, 2009
accidentally I do something wrong with my server and the httpd folder missing and I need it to setup my mail server and anyone can help me what can I do without reinstalling my Cent OS? Here is the error msg :
[root@mydomain etc]# service httpd stop
Stopping httpd: [FAILED]
[root@mydomain etc]# service httpd restart
[code]....
View 3 Replies
View Related
Jul 30, 2010
We are using this url on our testing box and this ip is reverse proxy IP ( 10.192.64.52)
Without reverse proxy:- URL is working fine.
http://10.192.16.77/akc-qa/arsys/ser...TS000000001430
But with reverse proxy its putting escape [%25] in between %3a
[url]
Is it possible to write a rewrite rule to bypass escape [NE] for this particular URL?
View 1 Replies
View Related
Jun 10, 2011
Running CentOS 5 x64 And today my httpd is running very slow and I can't find a fix. Looked all over different forums
When starting httpd I get the message: /var/lock/subsys/httpd': No space left on device I checked that directory above and there is no file called httpd tried rebooting server
Can't do updates too:
[root@u15438957 ~]# yum update
Loaded plugins: fastestmirror, priorities
rpmdb: unable to join the environment
[Code]...
View 4 Replies
View Related
Jul 15, 2010
I would like to block downloading for my LAN users through squid or other.
View 2 Replies
View Related
Dec 23, 2010
I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
View 5 Replies
View Related
Feb 17, 2010
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?
acl blocksites url_regex yahoo http_access deny blocksites
I have also tried saving some url & filter content in a file and edited configuration as follows,
acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites
The squid-block.acl file contents are, .cricinfo.com mp3
View 4 Replies
View Related
Sep 5, 2010
I'm trying to configure bind9 to block porn by having it pretend to be authoritative for a list of porn domains. It can then return a "fake" IP for the port sites, which points to a page on my server. So far, the only way I have found to do in this in bind requires a separate zone for each porn domain. This doesn't work because of memory problems - I have 1000's of porn domains to block.
I'd like to instead have bind forward queries to rbldnsd, which can take a list of domains in a "data set" file, and use it to return a single A record (pointing to my "access denied" page). However, I think this will not work because I would still need a separate "zone" for each porn domain name.
View 4 Replies
View Related
Feb 2, 2010
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
Code:
> netstat -a | grep ssh
tcp6 0 0 [::]:ssh [::]:* LISTEN
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[Code].....
View 1 Replies
View Related
Feb 17, 2010
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?acl blocksites url_regex yahoohttp_access deny blocksitesI have also tried saving some url & filter content in a file and edited configuration as follows,acl blocksites url_regex "/etc/squid/squid-block.acl"http_access deny blocksitesThe squid-block.acl file contents are.cricinfo.commp3
View 2 Replies
View Related
Jun 17, 2010
I bought a wired broadband dsl router to provide another layer of security for my computer running ubuntu. I just plugged it in without installing any software etc. It blocks the internet connection.
View 3 Replies
View Related
Aug 30, 2010
I've setup ufw rules on my system but noticed that the rule i created to allow traffic from my local network is still dropping some RST packets.here's part of the output of dmesg
[43627.361500] [UFW BLOCK] IN=wlan0 OUT= MAC=00:16:ea:03:9c:3a:00:1f:a7:3d:d5:eb:08:00 SRC=192.168.0.4 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2210 PROTO=TCP SPT=59521 DPT=9000 WINDOW=0 RES=0x00 RST URGP=0
[code]....
View 3 Replies
View Related
Feb 21, 2011
Today I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux. From the same PC I can send and receive email, I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro
I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route.. Could this be a problem with /etc/resolve.conf?
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings. MS Gold partners are so nice...
View 2 Replies
View Related
Mar 2, 2010
Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below:I'm not even going to bother covering the IP addresses because I personally don't see why I should care but as you can see, there has been loads of them attempting to connect to ports 3674 - 3675. I ran nmap 127.0.0.1 and it came back as 631 being the only one open. So then I thought maybe lsof -i would mention much more but all it shown was:
@boris:~$ cat meh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1644 root 5u IPv6 14329 0t0 TCP localhost:ipp (LISTEN)
[code]...
View 1 Replies
View Related
Aug 17, 2010
Is there a way to configure my interface to promisc mode and also make it not capture the "transmitted" packets. ?I mean, i want the interface in Promisc mode but only for inbound traffic.If there isnt any using ifconfig, can it be by configuring eth0 to promisc using ifconfig , and filtering outbound traffic from being captured using sockets or something ?
View 4 Replies
View Related
Jun 5, 2010
I have two asterisk servers each one behind a linux firewall/gw. Linux is Centos 5.4, kernel 2.6.18-164.el5, iptables v1.3.5. Routes on the fws are ok and when iptables is stoped the servers are see each other, all good. But when I run iptables script in any fw, one server (not always the same) goes unreachable. I verify this with asterisk -r, then show sip trunk, and status becomes UNREACHABLE.
Iptables scripts is generated by fwbuilder. The weird part is I put only one rule to de script and it looks like Source=any, Destination=any, Service=any, Interface=any, Direction (Inbound,Outbound)=any, Time=Any, Action=ACCEPT. So as you can see I tried something like "Do not do anything at all". But anyway I run the script in any fw and one server becomes UNREACHABLE. I think the script does something wrong after all or maybe I have some missconfiguration in my asterisk conf files. The point is I am not so expert in iptables or shell scripting so I can't see anything in the iptables script. I have look for some issues like iptables blocking because of ip_conntrack table full, or "dont fragment" bit set in kernel problem, but nothing seems to be the right problem at all.
View 14 Replies
View Related
Nov 7, 2010
In order to connect to the internet when i am at work i have to use a proxy server; the problem is that this proxy also blocks port xxxxx which is used by a internet radio station. Is there any way to be able to listen to that radio station?
View 5 Replies
View Related
Feb 21, 2011
I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux.
From the same PC I can send and receive email,I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route...
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings.
View 6 Replies
View Related
Nov 30, 2010
When i was try to execute this command in my router device it will show error...
First execution:-
Second Execution:-
So I Need to block this kind of websites ...kindly tell me what i have to rectify & change..here i didnt execute this command...
View 1 Replies
View Related
