Highest Voted 'attacks' Questions - Server Fault Stack Exchange

0

votes

1 answer

Suspicious logs on ebs, is it some kind of trojan attack?

I found lots of similar logs in cloud watch logs where logs from my ebs application are streaming. I am using Platform: 64bit Amazon Linux 2017.03 v2.5.0 running Java 8 Here are the logs which are repeating: Caused by: java.net.URISyntaxException:…

amazon-web-services amazon-ebs attacks

asked Jun 08 '17 at 08:34

Meghraj .

1

0

votes

2 answers

Possible attack on my website; excessive traffic to nonexistent page

One of the websites I manage had unusual traffic last month. There was ~6,500 hits on a URL within the site that doesn't exist (the server sent a correct 404 response according to the logs). The URL was /fkzk-start.html and the hits were from a…

website attacks

asked Apr 19 '17 at 09:26

GeoffAtkins

261
2
9

0

votes

2 answers

Possible SQL Injection and malformed URLs on Drupal Server

We have a Production Drupal server serving content but some pages are broken when a pager link is clicked upon. It was found that the URL's are being changed with unrecognizable keywords. For example, For the URL…

drupal attacks

asked Feb 01 '17 at 03:45

Lego

465
4
7
12

0

votes

1 answer

Drop first packet with iptables

Our servers are getting UDP-flood spoofed ip attacks. I think, we can solve this problem with iptables and i want to make a rule with iptables. When a ip tried to send a udp packet, iptables will block this. And after this first packet, for 10 secs.…

linux iptables firewall udp attacks

asked Jan 29 '17 at 08:00

impossible

1
1

0

votes

1 answer

Strange connection on ssh serer

So, one day, I decide to check the ssh server logs. Did so, and found something odd. There were about 3 different ips trying to brute-force guess the root password? What should i do, if anything? PS: IP is: 187.141.70.67, and from mexico? The other…

ssh attacks

asked Oct 30 '16 at 02:12

Lee Ikard

53
3

0

votes

2 answers

Server is currently under massive DDoS

Over the past few days, been having a number of problems that I can only describe as a massive DDoS attack one a CENTOS VPS server that is only hosting one website. The website is really slow but not going offline at any point. I'm running…

centos ddos cloudflare slow-connection attacks

asked Oct 01 '16 at 11:46

Phorce

101
4

0

votes

0 answers

MYSQL error: IP address could not be resolved

My website is hosted with Linode, I installed webmin on Ubuntu 14.04 to manage it. Recently my database server keeps shutting down, when I look at /var/log/mysql, there are several log files in there -rw-r----- 1 mysql adm 14642 Jun 28 07:25…

mysql security attacks

asked Jun 28 '16 at 12:04

shenkwen

199
2
14

0

votes

1 answer

Any way to block DNS response using BIND?

I am using BIND as my DNS-server. I have disabled recursive DNS-request. Now I am under some kind of attack. Is there any was to block this or do I have to let it go? My query log: client 75.214.6.32#39884: query: elipylavofkb.www.florasky.cn IN A +…

domain-name-system bind attacks

asked Mar 02 '15 at 14:04

fl0pp

13
1
5

0

votes

1 answer

What is a typical request rate per hour in a distributed attack?

I am concerned that some static files hosted publicly in S3 can be the target of an attack that aims to hurt me financially (ramping up my AWS bills). I have set up a logging system, that runs every hour and tries to block suspicious IPs. To…

ddos attacks

asked Feb 17 '15 at 05:18

Victor

131
3

0

votes

0 answers

Server usage topped 100% and crashed - how to diagnose and prevent

I'm running a small webserver on Ubuntu 12.04. Last night, the server topped off at 100% cpu usage and crashed. This is unusual as I'm normally around 1-5%. I suspect a DDoS attack from someone related, but I'm not certain. I searched apache logs,…

ubuntu-12.04 cpu-usage server-crashes attacks

asked Apr 22 '14 at 08:26

user1732521

121
1
1
5

0

votes

2 answers

How to block requests for virtual hosts that dont exist in apache

First up, check out this question: Why are external domains appearing in my apache logs? We're seeing the exact same thing on one of our Debian VPS servers - with one big difference, the regularity of said requests. We're seeing 5000+ requests per…

apache-2.2 debian iptables proxy attacks

asked Apr 11 '14 at 09:29

HeavenCore

207
4
11

0

votes

1 answer

Network attack on dedicated server

I am using a dedicated server hosting for one of my project. I got a mail from my server provider that their monitoring system noticed a network scan (or network attack) from an IP address. The Netscan output they send to me is something like this…

networking dedicated-server attacks

asked Mar 16 '14 at 19:20

Haider Ali

113
4

0

votes

1 answer

What is maximum legitimate SYN traffic rate

Recently my server gets syn flood attack. I use hitcount limitation, but I wonder what is the maximum rate of legitimate syn traffic for a single user IP. The source-IP based rule I use is blow; iptables -A INPUT -p tcp --syn -m recent --update…

iptables attacks syn

asked Feb 28 '14 at 11:50

afelaho

101
1

0

votes

2 answers

How can I decipher this HTTP PHP-request?

On my server I have serious HTTP an SSH attacks running. Most of them are brute force password checks or attemps of /etc/passwd retrievals. But some of them are trying to start the bash via plugin systems or performing strange requests. Watching the…

log-files url attacks

asked Jan 30 '14 at 09:19

math

443
3
10

0

votes

1 answer

How to expose securely a Node.js/Express server into the real world?

Essentially I would like to know what the title suggests. Node.js/Express is nice. However, node is a fairly recent thing and hence there may be security risks by exposing the server to the real world. So, my question really boils down to what sort…

security node.js attacks vulnerability

asked Nov 03 '13 at 19:42

MightyMouse

103
3

Questions tagged [attacks]