the Rainbow Networks
+++eXy FFA
Map: q3dm18
Players: 2 / 18
The golden pot › RAINBOW NETWORKS › Tech & Support › How to stop serious DDOS
How to stop serious DDOS
Something wrong with our servers or your system?
Go to page Previous  1, 2
Post new topic   Reply to topic   Printer Friendly Page     Forum IndexTech & Support
View previous topic :: View next topic  
Author Message
chiquita
Alpacas Approved
Alpacas Approved


Joined: Sep 01, 2007
Posts: 1410
Location: psychiatric ward

PostPosted: Thu Jun 04, 2009 5:32 pm    Post subject: Re: How to stop serious DDOS Reply with quote

Yea, I think they give a general worse case scenario for an infected website. But in my case, it looks like someone has found a specific use for infected websites.

I'll pm my logging events.. if iptables or the hosts.deny thing where I can dump a list of IP's, i can easily idendify them
Back to top
View user's profile
Falkland
Übergod
Übergod


Joined: Aug 01, 2008
Posts: 922
Location: Nowhere

PostPosted: Thu Jun 04, 2009 6:12 pm    Post subject: Re: How to stop serious DDOS Reply with quote

chiquita wrote:
Yea, I think they give a general worse case scenario for an infected website. But in my case, it looks like someone has found a specific use for infected websites.

I'll pm my logging events.. if iptables or the hosts.deny thing where I can dump a list of IP's, i can easily idendify them

EDIT : I misunderstood ... your credentials were not compromised , so read the following as an exercise of good practice.

The " last " command shows the loggin events : they appears as in the following template :
Code::

<username> <local/remote console number> <source*> <date> <duration>


* the source is an IP for remote logins or the screen number for local graphical logins ( not your case )

The information is stored in /var/log/wtmp file , but usually, in most linux distributions , is subjected to a periodically cron based log rotation.

In case of ssh , it's better allowing remote access only to normal users and permanently deny root accesses : root access can be still possible with "su" command and/or with "sudo" ...

In Debian root login through ssh are denied by default.

Root login through ssh is denied by default also in FreeBSD but "su" or "sudo" access are denied by default unless the user is not in the wheel group or in the sudoers respectively.

Someone has suggested for first to configure user than can access to ssh , upload the ssh keys and then disable the password based login.

Configuring a vpn or a vpn+ssh based remote access to do all that is needed ( administration , file upload ... ) and disable all the other remote login daemons could be the last ( for now ) better solution.
Back to top
View user's profile
chiquita
Alpacas Approved
Alpacas Approved


Joined: Sep 01, 2007
Posts: 1410
Location: psychiatric ward

PostPosted: Thu Jun 04, 2009 6:48 pm    Post subject: Re: How to stop serious DDOS Reply with quote

Yea, I checked 'last' it's fine.

I also checked the messages file and spoof root login attempts only happened a couple of times. On another server they appear every 5 mins :D
That site accomodates 50,000+ users though.

The comprimised machines are being used to spam and shit. keyloggers and grabbing full access is probably mentioned because govt. machines etc are being hit. But all the useless sites are probably using resorces to spam and do javascripty things
Back to top
View user's profile
chiquita
Alpacas Approved
Alpacas Approved


Joined: Sep 01, 2007
Posts: 1410
Location: psychiatric ward

PostPosted: Thu Jun 04, 2009 8:49 pm    Post subject: Re: How to stop serious DDOS Reply with quote

Sorted.. coincidently i got a mail from turkey, i pay a turkish security company 20 usd per month and i get no attacks \:D/
Back to top
View user's profile
jackthompson
Admin
Admin


Joined: Aug 15, 2007
Posts: 1302
Location: Here

PostPosted: Fri Jun 05, 2009 6:41 pm    Post subject: Re: How to stop serious DDOS Reply with quote

turkish security companies are the best!

\:D/
Back to top
View user's profile
jackthompson
Admin
Admin


Joined: Aug 15, 2007
Posts: 1302
Location: Here

PostPosted: Fri Jun 05, 2009 6:46 pm    Post subject: Re: How to stop serious DDOS Reply with quote

they guard your shit in a ford taunus 1600 coupe with machineguns build into the lights... ahahahaaa...
Back to top
View user's profile
Falkland
Übergod
Übergod


Joined: Aug 01, 2008
Posts: 922
Location: Nowhere

PostPosted: Fri Jun 05, 2009 7:31 pm    Post subject: Re: How to stop serious DDOS Reply with quote

jackthompson wrote:
they guard your shit in a ford taunus 1600 coupe with machineguns build into the lights... ahahahaaa...

It's a Ford TauR(RRR)us :D

But the expertise they have backup in years and years makes me think that the car is a Ford Gran Torino red with lateral white bands ... :D
Back to top
View user's profile
Falkland
Übergod
Übergod


Joined: Aug 01, 2008
Posts: 922
Location: Nowhere

PostPosted: Fri Jun 05, 2009 9:57 pm    Post subject: Re: How to stop serious DDOS Reply with quote

:D

Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic   Printer Friendly Page     Forum Index -> Tech & Support All times are GMT + 1 Hour
Go to page Previous  1, 2
Page 2 of 2


Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Welcome Anonymous


Membership:
Latest: Evilemerold
New Today: 0
New Yesterday: 0
Overall: 354

People Online:
Members: 0
Visitors: 18
Total: 18
Who Is Where:
 Visitors:
01: The golden pot
02: The golden pot
03: My Account
04: The golden pot
05: The golden pot
06: The golden pot
07: The golden pot
08: The golden pot
09: Home
10: The golden pot
11: The golden pot
12: The golden pot
13: Rainbow Media
14: The golden pot
15: The golden pot
16: Home
17: My Account
18: The golden pot

Staff Online:

No staff members are online!

The Rainbow Networks website is hosted by JockeTF and Soder on furver.se.

The Rainbow Networks
Interactive software released under GNU GPL, Code Credits, Privacy Policy
Azul theme and related images designed by Jamin