Web Hosting Talk






PDA

View Full Version : Help! Someone is using my server to stage a DoS Attack! CobaltRacks won't help me!

arrty
08-17-2001, 10:23 AM
Hello All,
I have started this thread for two reasons.
1) One of my clients is staging a DoS attack and I want to know how to find out who it is and how to stop him.
2) To protest that CobaltRacks shutdown my server without even informing me. Are'nt they supposed to send me an e-mail or something?

Note: I'm no linux guru so please give your advice in layman's terms :)
joe52
08-17-2001, 10:52 AM
If your machine really was being used for a DOS attack they might have had to shut it down to keep their network up. If the choice was between notifying you in advance and watching your server pump out enough traffic to cripple their network, then I can see turning it off.
That said, I think that they should contact the owner of the server immediately after (or while) taking action.

-joe

PS Why do you think that this was being done by one of your clients. Wouldn't it be more likely that the machine was cracked?
arrty
08-17-2001, 12:20 PM
I understand, and I would do the same. But at least I would notify after shutting it.
I was like a deer caught in the headlights and though that my server had crashed and after frantically trying to access it for one hour did I recieve a response from cobaltracks telling my what was wrong with the server.

What do you mean by crack and how do I secure the Coablt Raq?

also I have rented the domain from cobaltracks and sent them more than 20 e-mails in the past 20 hours but recieved no response.
joe52
08-17-2001, 12:31 PM
Crack as in someone might have comprimised the system. Some people call it being hacked, but many geeks object to that use of the word hack and prefer the term crack, which denotes malicious hacking of computer systems.

Cobalt issues patches for their systems. You can find them for your RaQ by going to this page
http://www.cobalt.com/support/download/

Just pick your model from the pull-down menu.

-joe
arrty
08-17-2001, 12:42 PM
I have changed all the passwords and also I check the cobalt patches very offen and install all the new ones.

Also it could have been one of my users that was attacking and I would like to investigate in that direction.

Is there any way to be alerted when someone tries to DoS from your server? a software or something?