Forum

> > News > Webserver Attack
ForenübersichtNews-ÜbersichtEinloggen, um zu antworten

Englisch Webserver Attack

79 Antworten
Seite
Zum Anfang Vorherige 1 2 3 4 Nächste Zum Anfang

alt geschlossen Webserver Attack

DC
Admin Off Offline

Zitieren
Looks like Counter-Strike 2D servers are not the only target of those slightly retarded kids. My webserver has been attacked today, leading to bad accessibility of all Unreal Software websites.
I blocked the attacking IP (50.72.86.162) now. I assume that it overloaded the webserver the entire day.

I want to note that this will be examined and it will draw legal consequences if I'm able to find out who is responsible for this.

Sorry to everyone who wasn't able to access the website because of this.
1× editiert, zuletzt 19.07.12 00:07:07

alt Re: Webserver Attack

Apache uwu
User Off Offline

Zitieren
Was it really only 1 IP? Doesn't apache/httpd automatically give out 500s for overloading requests? Perhaps you should set that up properly.

alt Re: Webserver Attack

DC
Admin Off Offline

Zitieren
@user Apache uwu: No I'm not sure if it was just one IP. I didn't examine the logfiles yet. I just know that there was a suspiciously high amount of TCP connections from the mentioned IP so I iptable banned it and the server worked well since that. Maybe a Syn-Flood or something else. I didn't examine it yet.

Before doing that I already tried a shitload of Apache configurations to solve the problem. Apache always reached the maximum number of connections within a few minutes, even if I set them to something like 3000 (a value which is never reached even closely... normally). I know how to setup a webserver properly, that's not the problem...

alt Re: Webserver Attack

Apache uwu
User Off Offline

Zitieren
The reason I say that is because, during the attack, I tried to connect to unreal, and it did try to load the website.

If max connections have been initialized/declared then it should have sent me a 503--which I never got.

alt Re: Webserver Attack

DC
Admin Off Offline

Zitieren
Your request has benn queued probably or the server wasn't able to send any response I guess.

alt Re: Webserver Attack

oxytamine
User Off Offline

Zitieren
user DC, why wouldn't you limit opened TCP connections from one IP? I think no one probably needs more than 50 connections in the same time.
1
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 9 -j DROP
This one would work great against 80% of TCP attacks (change number to desired, of course, I stick with 9). Dropping when many IP addresses are performing DDoS attack on your server.
2× editiert, zuletzt 23.06.12 22:25:10

alt Re: Webserver Attack

Ahmad
User Off Offline

Zitieren
The attacker can hide/change his ip right?
Because this ip is Canadian.Canadian crasher doesn't make sense .

alt Re: Webserver Attack

Yates
Reviewer Off Offline

Zitieren
user Ahmad hat geschrieben
Because this ip is Canadian,it doesn't make sense .

Canada wants to be seen as nobody cares about them. Ignore.

US.de loaded for me, but very slowly. I was still able to do everything I normally could but slowpoke. It's weird how people want to ruin a community full of kids which probably don't even care as long as the game works.

Sad.

alt Re: Webserver Attack

TheTrollHammer
BANNED Off Offline

Zitieren
This made me lol so bad.
Ahmad hat geschrieben
Because this ip is Canadian,it doesn't make sense

So what if it's Canadian? It could have been an Arabian IP.

alt Re: Webserver Attack

oxytamine
User Off Offline

Zitieren
SMB attacks could be easily blocked by this.
1
2
iptables -A INPUT -p UDP --dport 135:139 -j DROP
iptables -A INPUT -p TCP --dport 135:139 -j DROP
Since they all use same port. Also, let's limit connections to port 80, DDoS'ing this port is the most common attack since kids often use pre-compiled scripts/programs which flood port 80.
1
-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
That's what I'm talking about - it will reject all the connections from specific IP if limit is reached (in this case limit is 20, I set 40).

alt Re: Webserver Attack

Apache uwu
User Off Offline

Zitieren
DC have you confirmed that the attacker had only 1 IP? These solutions are good but are only towards dos.

alt Re: Webserver Attack

Yates
Reviewer Off Offline

Zitieren
user TheTrollHammer hat geschrieben
So what if it's Canadian? It could have been an Arabian IP.

Or it could have been you posting gayporn everywhere.

Owait. Did I just? Yea.. I did, screw you.

user Apache uwu hat geschrieben
These solutions are good but are only towards dos.

That's one thing fixed then. Would you protect something against all attacks yet must wait for an actual solution. Or would you protect it from one attack right away!? Seriously dude, your posts are getting more and more useless.

alt Re: Webserver Attack

oxytamine
User Off Offline

Zitieren
user Yates hat geschrieben
That's one thing fixed then. Would you protect something against all attacks yet must wait for an actual solution. Or would you protect it from one attack right away!? Seriously dude, your posts are getting more and more useless.

I once told him that he is talking non-sense, but he did not listen.

alt Re: Webserver Attack

oxytamine
User Off Offline

Zitieren
user Jela331 hat geschrieben
Fucking retarded kids, I hope they burn in hell.

I'll never seem to understand sense of attacking a simple forum. DDoS attacks could be useful when you're making business (I once DDoS'ed e-Quality to death for a couple of hours, I lol'd), but it's completely useless when it turns out that you do not profit from DDoS'ing.
1× editiert, zuletzt 23.06.12 22:59:30

alt Re: Webserver Attack

TheTrollHammer
BANNED Off Offline

Zitieren
user Yates hat geschrieben
Or it could have been you posting gayporn everywhere.

Owait. Did I just? Yea.. I did, screw you.


Hmm.. you seem to have a wild imagination. Stupid much? You're screwing yourself.
Zum Anfang Vorherige 1 2 3 4 Nächste Zum Anfang
Einloggen, um zu antwortenNews-ÜbersichtForenübersicht