Security :: Ways To Monitorize And Control/stop Flooding On My Server
Sep 1, 2010
I want to know what are the ways to monitorize and control/stop flooding on my server, because I am heavily flooded. At this moment I am doing all this manually (when I see that my bandwidth is lowering or some applications are freezing), my main working tool being iptables.But I want something automated .
Another problem : if I am flooded with packets having real ip addresses , with a simple iptables command I cand resolve the problem easily. But, the problem is, in most of the cases, I am flooded with packets with spoofed ip adresses (e.g. 1.2.3.4 ), so the only thing I can do in this situation is to block all incoming packets (which ruins everything).Do you have a solution to this ? The flood monitorizing (and controlling) tool may be with/without interface, only to be effective.
View 1 Replies
ADVERTISEMENT
Jun 19, 2010
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies
View Related
Mar 14, 2011
selinux and psacct is disabled in this system (RHEL5.6 2.6.18-194.11.3.el5 SMP x86_64). After performing a yum update, the syslog is flooded with kernel audit messages (related to PAM), even though audit service is turned off. Is there a way to disable this verbosity?
[Code]....
View 2 Replies
View Related
Nov 9, 2010
Im using ubuntu and i run a game server. Ever since i posted my server i have an IP address trying to join my game on a different port everytime, seems random and its nonstop for a week since its been up.
[INFO]/72.52.102.33:[random 5 digit port] lost connection NONstop
I port scanned them and i think its not a person but some service or server type buisness.
I use a linksys router, i couldnt find anything on blocking IP's at the router from the outside.
Is there anything i can do to stop them before the get to this server to login?
View 12 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Feb 22, 2010
After much work finding the bits and bobs to get my PCI controller based modem working in Ubuntu 9.10, I need a better way to start and stop it. Now it dials up when I reboot whether I want to be online or not. I can stop this, but it won't dial up again without a reboot.
I would love a way to push a button to get it to connect and disconnect, and blinking lights (like the green computer screens in WinXP) to tell me when I am communicating. Even better would be a way to set up multiple connections, again like in XP so I could use a variety of numbers and/or user names depending on where I am.
View 1 Replies
View Related
Jul 12, 2010
Are there multiple ways to restart Ubuntu server? I am running Ubuntu Server 10.04, and I know you can restart it with the following code
Code:
sudo shutdown -r now
Also, I have heard about people who haven't had to restart their linux boxes for years, and I was wondering weather restarts whether this was necessary or not. When I logged onto my server the other day, there was a message that said I had to restart the server.
Is there a way to restart the server without effecting the uptime command?
View 3 Replies
View Related
Jul 20, 2011
I have got a nagios server running on my network, The configuration seems to be okay but each time there is a service alert notification, and an e-mail is sent to the contact group, Nagios continuously sends e-mail over and over again. Do anyone know of a way to set Nagios directives to only send one e-mail per alert without it flooding mail boxes.
View 3 Replies
View Related
Oct 26, 2010
My IP is being spoofed by someone and I suspect it is being used for malicious purposes(possibly illegal ones). How can I stop someone from using my IP? I'm using a dynamic IP but obtaining a new IP seems to be useless. Changing my wireless password will probably just as useless I guess.
View 9 Replies
View Related
Nov 4, 2010
Quick explanation about what this thread is: by way of an article featured on linuxtoday, I learned about what appears to be an actively managed IP blacklist: [URL]
# This is a compiled list of dirty hosts associated with
# bruteforcing attempts, spam, botnets, RBN and the list
# continues to grow. The data is comprised of information
# compiled from Arbor Networks, Project Honeypot, FIRE
# (maliciousnetwork.org), Host Exploit, Shadowserver and
# a variety of other similarly based sites.
Quick explanation about what this thread is not: this is not intended to be a discussion about default deny vs. default allow (i.e. whitelists vs. blacklists), nor is this a call for enumerations of your own sshd hardening strategy. Please try to keep on point. That said, can anyone speak to the quality of the blacklist information noted above? And/or are there any suggestions for a readily available blacklist of "known better" quality? I plan to try including an actively maintained blacklist like this into a multi-layered approach for hardening an sshd bastion host.
View 4 Replies
View Related
Feb 19, 2011
I've been reading an interesting article about the fact that ISPs are able to collect net data from web users. What I think It's missing in the article is that in some locations it's compulsory for ISPs to collect and save all your networking data (For example, in Spain, where I live, it's compusory to store people's activity on the net for a period of 6 months (minimum) to 2 years (maximum). In the article they state that Witopia can do the job of encrypting your browsing activity and therefore mantain your privacy. Do you know any open source or, at least, free alternative to Witopia? What do you think about the article and about the ways of safeguarding your privacy?
View 9 Replies
View Related
May 30, 2011
i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?
View 14 Replies
View Related
Aug 24, 2010
I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?
Here is what I want:
username:client1
password:12345
home directory: home/server1
username:client2
password:12345
home directory: home/server2
View 1 Replies
View Related
Jun 6, 2010
Reading from this article New Flash Bug Exploited By Hackers : How to avoid it? In particular the article said
Quote:
A new attack on a Flash bug has surfaced that would give attackers control of a victim�s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.
View 4 Replies
View Related
Nov 5, 2010
Quote:As the line between securely hosted and controlled enterprise applications and cloud-based applications continues to blur, there's more "legitimate" traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers nd cybercriminals as more traffic types are allowed through corporate firewalls. The result is an increase in diversity of covert command and control channels, which hide inside legitimate traffic in order to bypass perimeter security. These C&C channels, used by malware ranging from simple spambots to more sophisticated rootkits, vary in the maliciousness of their intent from casual hacking all the way to advanced persistent threats (APT) and industrial espionage.
View 1 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Feb 12, 2010
After I've booted my machine I can browse the internet over my wireless network just fine, but when I start Evolution email it prompts for my admin password beforeonnecting to ISPCan I automate / avoid my respnse to this password prompt ?
View 4 Replies
View Related
Sep 28, 2010
When I installed Ubuntu (Lucid) on my new computer, As well as the login password I was asked for a keyring password. I gave one, but I am not sure exactly why I need this password. It seems that it was required to let me access the wifi - even though this has its own security code. I found I could stop the system asking for it every time I tried to connect to the internet using wifi by checking a button in the network setup, but when I registered for Ubuntu One, I was again asked for it - twice, once when I registered and again when I set up Tomboy notes sync. Now I get asked for it again every time I switch on.
I would like to know why the keyring passwords are needed in addition to the login password for a single user computer, which mine is and also how I can stop it asking for this password when I switch the computer on. One suggestion I have seen is to make the keyring password the same as my login password. If that is the case, then how do I change the keyring password?
View 9 Replies
View Related
Apr 29, 2011
Does anyone know any common apache 2.2 exploits and how to stop them? I am setting up a web server and want it to be secure as possible. I currently have a basic lamp server on a ubuntu server.
View 1 Replies
View Related
Mar 15, 2010
I had 2 accounts on a single system. Other users are able to see my data. how to stop other users to access my personal data.
View 8 Replies
View Related
Jul 20, 2010
Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations.New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded.
View 9 Replies
View Related
Feb 23, 2010
I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
View 3 Replies
View Related
Mar 13, 2009
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
View 2 Replies
View Related
Sep 25, 2010
Two days ago we started to receive the following message:
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?
View 7 Replies
View Related
Oct 20, 2010
Ive been running ssh to log into server for long time. Recently a x-win app reported that it suspects a man in the middle attack (MiMA), so I want to tighten this up, but it seems to me if there is a MiM, then the initial key exchange is vulnerable to a substitution. This is on solaris, but since its a basic concept I'm ot getting, it shouldnt matter,
Here's the gist of what I read:
- create users key pair,
- enable host authentication (ssh_config file on client and sshd_config file on remote host)
- start an ssh session and accept the remote hosts key (and I assume the remote host will take client users key and store some where)
Questions:
1. What's to stop the MIM from making a substitution of keys during the initial exchange?? Shouldn't the keys be initially transfered in a more secure fashion??
2. Does the server just accept new keys from any existing user who want to create an ssh session? So if some one knows a username and password (such as the owner of an application they know is running) couldn't they just create their own keypair and have the server accept them?
View 5 Replies
View Related
Apr 17, 2011
if it's possible to use a white or blacklist to control which folders are ecryptfs encrypted when you're using the "encrypted home folder" option.
Of course I can always create an extra folder outside of my ~ and then symlink what I don't want encrypted into it, but I'd rather that it's possible to create like, ~/.ecryptsfs/excludelist with a list of paths that shouldn't be encrypted.
View 2 Replies
View Related
Jan 25, 2010
If I enable Wi-Fi on my laptop and use a public Wi-Fi hotspot at an airport, will a firewall such as UFW be enough to stop hackers accessing my personal files which are NOT transmitted over the Wi-Fi connection?
View 9 Replies
View Related
Jan 4, 2010
I am connecting servers using NFS4 the shared directories are on servers running Debian 4 while the one who read from them is Debian 5.0.3. The problem is one of these shared servers suddenly stop responding and you cannot list it from Debian 5 server, also df hang, and the web application that is using it does not respond to requests that use this shared directory since it is blocked. Then the load on the server start to increase until the server cannot respond (over 90). I have found many entries in the syslog that refer to this like:
ma25555 kernel: [1200285.732919] nfs: server 10.xxx.xxx.xxx not responding, still trying
Dec 31 08:16:33 ma25555 kernel: [1200289.815378] INFO: task java:9702 blocked for more than 120 seconds.
Dec 31 08:16:33 ma25555 kernel: [1200289.835249] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
code....
I have tried the connection between the 2 servers using ping for one day and all are OK (zero lost)
There are 3 other servers that are running Debian 4 and are working fine.
View 1 Replies
View Related
Jul 25, 2011
Because our visitors/customers are short term, and may be configured incorrectly with their own mail servers we automagically redirect all port 25 traffic going to internal IP's to our own mail servers while on our network.(postfix on centos 5.6)While I have taken some measures to prevent it from spamming, I would greatly appreciate some assistance.I will be putting in clamav, but I haven't configured it yet with the mail.I am using postfix, but can also put on procmail or even spam assassin
View 6 Replies
View Related
Feb 1, 2010
Our mail server keeps on hanging after a while. This happened after there was a breakdown in electricity supply and the server room air conditioners stopped working for almost half a day. We are not sure whether this is a server hardware problem or a coincidence with a break-in attempt or malware activity.
Following are the message from the server log code...
View 14 Replies
View Related
