Results 1 to 9 of 9
  1. #1
    Join Date
    Apr 2010
    Location
    In your heart
    Posts
    612

    how to trace inbound attack ?????

    Dear Member

    How you trace inbound attack ?
    Web Hosting in Pakistan -> Fast Hosting,(25 minute initial ticket response time guarantee)
    Hosting in Pakistan -> Keep your site online with Cheap Price

  2. #2
    Join Date
    May 2013
    Location
    Virginia, USA
    Posts
    157
    If you have access to the server you can run tcpdump to see if its a few ip addresses or many hundreds. If its a lot then you will need to get the data center involved.

    It also depends on what kind of attack. Can you give more details?

  3. #3
    Join Date
    Apr 2010
    Location
    In your heart
    Posts
    612
    Quote Originally Posted by DominionHosting View Post
    If you have access to the server you can run tcpdump to see if its a few ip addresses or many hundreds. If its a lot then you will need to get the data center involved.

    It also depends on what kind of attack. Can you give more details?
    what detail you want ?
    Web Hosting in Pakistan -> Fast Hosting,(25 minute initial ticket response time guarantee)
    Hosting in Pakistan -> Keep your site online with Cheap Price

  4. #4
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Quote Originally Posted by gold2 View Post
    what detail you want ?
    Well is it a strong attack?

    PS: Why does your site re-direct to a adult content website (Advert) not sure after the url changed I closed the tab.

    You've got malware: http://sitecheck.sucuri.net/results/pkwebhost.com
    Last edited by Licensecart-Mike; 12-15-2013 at 09:27 AM.

  5. #5
    Join Date
    Apr 2010
    Location
    In your heart
    Posts
    612
    Quote Originally Posted by CW Mike View Post
    Well is it a strong attack?

    PS: Why does your site re-direct to a adult content website (Advert) not sure after the url changed I closed the tab.

    You've got malware: http://sitecheck.sucuri.net/results/pkwebhost.com
    there was some extra code

    <script language="JavaScript" type="text/JavaScript">
    <!--
    function MM_swapImgRestore() { //v3.0
    var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
    }

    function MM_preloadImages() { //v3.0
    var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
    }

    function MM_findObj(n, d) { //v4.01
    var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
    if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
    for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
    if(!x && d.getElementById) x=d.getElementById(n); return x;
    }

    function MM_swapImage() { //v3.0
    var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
    if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
    }
    //-->
    </script>
    no cpanel access but how this edit
    Web Hosting in Pakistan -> Fast Hosting,(25 minute initial ticket response time guarantee)
    Hosting in Pakistan -> Keep your site online with Cheap Price

  6. #6
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,154
    You indeed got malware in your website.

    About your question: There are a lot of different options, depending on what exactly you want to find out. There are tools like "iftop", if you just want to see the traffic. Then there's "iptraf", which shows you the traffic as well as a few more details. The most advanced and best tools to analyze network attacks would be "tcpdump". Now if you could provide a few more details, we can help you. Do you know which IP is under attack or do you want to find that out? Do you want to know the attack size/type? Do you want to block the attack on software level? What's your goal.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  7. #7
    Join Date
    Apr 2010
    Location
    In your heart
    Posts
    612
    Quote Originally Posted by infinitnet View Post
    You indeed got malware in your website.

    About your question: There are a lot of different options, depending on what exactly you want to find out. There are tools like "iftop", if you just want to see the traffic. Then there's "iptraf", which shows you the traffic as well as a few more details. The most advanced and best tools to analyze network attacks would be "tcpdump". Now if you could provide a few more details, we can help you. Do you know which IP is under attack or do you want to find that out? Do you want to know the attack size/type? Do you want to block the attack on software level? What's your goal.
    i want to trace who is attacking, i think any one of account are hacked and attacking but i am not able to trace it

    currently main ip of server are null
    Web Hosting in Pakistan -> Fast Hosting,(25 minute initial ticket response time guarantee)
    Hosting in Pakistan -> Keep your site online with Cheap Price

  8. #8
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,154
    Quote Originally Posted by gold2 View Post
    i want to trace who is attacking, i think any one of account are hacked and attacking but i am not able to trace it

    currently main ip of server are null
    So it's an outbound attack and not an inbound one if you say "i think any one of account are hacked and attacking"? For inbound attacks your chances are almost equal to zero to trace it back to someone. If it's an outgoing attack, first check the originating port with iptraf or tcpdump and then do "lsof -i -n -P | grep 123", where "123" is the originating port of the attack that you found out with iptraf. In the first line it should display the cPanel user the script generating the attack belongs to.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  9. #9
    Join Date
    May 2006
    Location
    Italy
    Posts
    848
    tcpdump will provide you all the infos you need to trace ongoing attacks
    Marco Padovan
    HiperZ.com - providing premium gameservers and fulfilling any kind of hosting needs in Europe/USA.
    DDoS protections & general consultancy / linux servers management specialists
    We provide custom system administration help - Bitcoin Accepted

Similar Threads

  1. Replies: 5
    Last Post: 05-11-2011, 07:01 PM
  2. trace ddos attack logs
    By Calibaba in forum Hosting Security and Technology
    Replies: 1
    Last Post: 04-11-2007, 04:34 PM
  3. Inbound SYN Flood Attack plz
    By usama in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-12-2007, 06:14 PM
  4. how to trace an outbound attack
    By Salvatore in forum Dedicated Server
    Replies: 15
    Last Post: 06-09-2004, 02:44 PM
  5. Replies: 14
    Last Post: 11-22-2003, 05:40 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •