Results 1 to 9 of 9

Thread: Attempt of hack

  1. #1

    Attempt of hack

    Hi all

    I'm not able to access my website. I've recieved an email from the webhosting team with the following message

    ----------------------------

    Our server was heavily DoSed through your hosting account. Please see below:

    tcp 0 0 66.116.228.238:80 217.197.156.197:29857 SYN_RECV -
    tcp 0 0 66.116.228.238:80 201.135.134.33:2517 SYN_RECV -
    tcp 0 0 66.116.228.238:80 218.94.61.136:3230 SYN_RECV -
    tcp 0 0 66.116.228.238:80 61.220.150.2:2877 SYN_RECV -
    tcp 0 0 66.116.228.238:80 203.169.250.29:3108 SYN_RECV -
    tcp 0 0 66.116.228.238:80 194.63.225.1:54486 SYN_RECV -
    tcp 0 0 66.116.228.238:80 219.93.174.108:39672 SYN_RECV -

    and so on...

    At the moment your IP address was filtered on the firewall to prevent the server from crashing. Please, check your scripts, applications, anything which might cause this. You need to close all the security holes.
    ----------------------------

    I'm sure this is an attempt of hack.

    What should i do now ?? Website is running on a Linux server

    any help will be appreciated

    Thanks

  2. #2
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    umm...you are getting DOS'ed which is not hacking. There is nothing you can do about your webpage, it is probably some script kiddie you pissed off. The server admin should be able to do some stuff to help with the DOS but you have to wait it out. Enabling syncookies will help if he has not.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  3. #3
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,163

  4. #4
    thanks eth00 and Dan

    this is what I recieved from webhosting team

    -----------------
    Unfortunately, it was not a security hole. What has happened is your site was a victim of a DOS attack. We had to block access to your site to make sure it did not overload our servers. You will need to find out who would want your site down because they hit your site over and over again from the same location in a very short time.
    -----------------

    Experts ! what I have to do to get my site back working? Any way to stop these DOS attack OR make my website secure from these attacks ?

    I'll be much thankful

  5. #5
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    Nope there is nothing you can do. Any script kiddie with a botnet can randomly start attacking you. There is some stuff at a server and ISP level that can be done but they usually do little and only mitigate not prevent.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  6. #6
    Join Date
    Feb 2005
    Location
    I am air u breathe
    Posts
    229

    *

    Did you check up the files on your server this includes all the temperoary files that your clients uploaded. Check if there is any hidden trigger for the bots.

    You can watch the logs to identify and target any particular client.

    So be assured.

    Al
    It is reliability that counts...
    Few tips

  7. #7
    Originally posted by eth00
    Nope there is nothing you can do. Any script kiddie with a botnet can randomly start attacking you. There is some stuff at a server and ISP level that can be done but they usually do little and only mitigate not prevent.
    They said that they will remove filter once dos wave will go down

    thanks eth00

  8. #8
    Originally posted by albatross.smart
    Did you check up the files on your server this includes all the temperoary files that your clients uploaded. Check if there is any hidden trigger for the bots.

    You can watch the logs to identify and target any particular client.

    So be assured.
    hi albatross .. thanks for the reply

    I'm running a phpBB2 based forum on the site. let me see if there is any such kind of files

  9. #9
    Join Date
    May 2005
    Posts
    67
    Originally posted by ninteen83
    thanks eth00 and Dan

    this is what I recieved from webhosting team

    -----------------
    Unfortunately, it was not a security hole. What has happened is your site was a victim of a DOS attack. We had to block access to your site to make sure it did not overload our servers. You will need to find out who would want your site down because they hit your site over and over again from the same location in a very short time.
    -----------------

    Experts ! what I have to do to get my site back working? Any way to stop these DOS attack OR make my website secure from these attacks ?

    I'll be much thankful
    If it is truly coming from the same location then they should be able to drop just that IP at the router and not effect your machine otherwise. Equally, I would be asking them to respond to the DOS attack since it is their network. Whoever you are hosted through isn't stepping up to the plate.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •