Highest Voted 'botnet' Questions - Server Fault Stack Exchange

1

vote

1 answer

Exim undergoing distributed dictionary attack

Our web server is currently undergoing a botnet attack on Exim. Our server is CentOS and is setup with BFD (Brute Force detect that uses APF to prevent access) to detect attempts and block them. This setup works 99% of the time, however since…

centos brute-force-attacks botnet

asked Feb 21 '15 at 10:40

Neo

187
3
10

1

vote

1 answer

How would I scan for botnets being hosted on my server?

I know this may sound like a noob type question but, I want to know if there are any programs/techniques out there that scan for botnets being hosted on a server. I run a small hosting company and sell kvm vpses. I just hate when the data center…

botnet

asked May 05 '14 at 15:34

mike

21
2

1

vote

2 answers

How can I block a malicious port scanner currently running on my server?

I'm currently attempting to clean and secure a server that has pnscan running on it. This instance of pnscan was installed by an outside party most likely to use our server as part of a port scanning botnet. It seems to be able to write it's…

linux security botnet

asked Dec 16 '13 at 23:30

Zack Lerner

11
3

1

vote

1 answer

sudo passwd on Ubuntu 11.10 strange behavior. Have I been rooted?

I'm in a really strange situation. A few hours ago Rackspace issued a ticket saying there's a outbound flood originating from my server. Thinking the server might have been rooted with a rootkit I ran chkrootkit scans and nothing showed up. So I…

ubuntu security password flooding botnet

asked Mar 26 '13 at 15:08

qwexar

111
2

1

vote

1 answer

Configuring Wireshark for Rolling Captures during DDoS Attack

We have been getting hit with DDoS Attacks on various machines for months. The datacenter either null routes or sets up an ACL for us. However, it just came to my attention there's a tool floating around meant for targeting Game Servers that…

windows-server-2008-r2 ddos wireshark packet-capture botnet

asked Jan 08 '12 at 09:29

Aidan Knight

650
3
11
19

1

vote

1 answer

Can't figure out this attack, getting botnets and something else

About two months ago a site of mine started getting some sort of attack, and after further investigation I found it to be botnet zombies and something else which I can't figure out. My site is not ecommerce, wasn't popular and has nothing that…

denial-of-service botnet

asked Jul 21 '11 at 15:48

Bernard

19
1

1

vote

2 answers

Block bad bot based on a query param signature

My nginx instance is getting hammered every couple of days by some bad bot using random query parameter values. /var/log/nginx/access.log:209.107.204.224 - - [14/Mar/2023:16:01:42 +0100] "GET /?ttrp353217=ttrp540516 HTTP/1.1" 501 560 "-"…

nginx botnet

asked Mar 14 '23 at 23:04

Jovan Perovic

143
2
3
14

1

vote

1 answer

What things should I consider when identifying and rate limiting bots?

// Not sure if this question is best fit for serverfault or webmasters stack exchange... I am thinking to rate limit access to my sites because identifying and blocking bad bots take most of my time. For example I have bots accessing the site by…

ip rate-limiting ip-blocking web-crawler botnet

asked Jan 30 '23 at 00:52

adrianTNT

1,077
6
22
43

1

vote

0 answers

Apache mod QOS is blocking all users when it should only block per IP

I am running Apache web server on Ubuntu. I am trying to reduce the load on the server due to aggressive bot traffic. Thus I am trying to make use of Apache's mod QOS (http://mod-qos.sourceforge.net/index.html) to create a rate limiter for…

linux apache-2.4 botnet

asked Sep 26 '22 at 23:38

AMF

141
6

0

votes

1 answer

How to defend against attackers looking for faulty code?

I have a production IIS running on WS2012R2 on AWS. I was looking at the C:\Windows\System32\LogFiles\HTTPERR when I noticed some unusual requests in the logs. You can look at some of what they tried to request here. They even checked to see if I…

amazon-web-services botnet requests

asked Jun 18 '19 at 22:29

RisingSun

103
3

0

votes

0 answers

Miner bot taking up CPU on old server

I've been asked to take a look at an old web server (Ubuntu 12.04) which has been running very slow recently. After a quick check I found a process constantly topping the cpu: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 26331…

ubuntu-12.04 malware botnet

asked Jan 13 '18 at 01:23

Arturski

274
1
5
18

0

votes

0 answers

Block smtp botnet

My server provider shutdown one of our servers and it says that is sending a tons of email. When I made a tcpdump I see the following: 04:52:49.743068 IP .51796 > mail.dsityre.lk.smtp: Flags [P.], seq 1631:1662, ack 906, win 123, length 31:…

linux ubuntu smtp linux-networking botnet

asked Sep 04 '17 at 08:58

jackhammer013

143
1
5

0

votes

1 answer

Random spikes of high ingress traffic. What could be the cause?

I understand that this is rather a generic question but wanted to see if you all could offer some good feedback. Our business has three locations, one in the West Coast, two in the East Coast. Our two East Coast locations seem to experience random…

traffic network-traffic botnet

asked Apr 10 '15 at 20:17

vpaterno

113
1

0

votes

1 answer

Apache2 Mod_spamhaus Whitelist

We are using Apache2 mod_spamhaus and many customers were banned using the "Post" method. There is no way to deny mod_spamhaus ban continuously our customers making false positive or ban customers only cause their ip is on a range of banned…

apache-2.2 security malware spam botnet

asked Dec 17 '14 at 11:43

User-N

255
1
3
6

0

votes

2 answers

How to defend against botnet attack which tries to send a lot of mail to my server?

few days ago some kind of botnet attack started on my mail server which tries to send a lot of spam emails to certain domains on my mail server. Biggest issue here is that almost every attacker IP address is different. I've checked log from one day…

smtp email-server botnet

asked Sep 05 '09 at 08:20

GrZeCh

605
4
12
28

Questions tagged [botnet]