Results 1 to 23 of 23
  1. #1
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436

    Angry Ddos Attack, csf: DENY_IP_LIMIT (100)

    Hello,

    Am getting Dossed, and still.

    I run this command

    Code:
    netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk
    and it's show me this list of ip's

    Code:
          1 0.0.0.0
          1 117.200.2.199
          1 122.162.130.104
          1 125.167.58.26
          1 15.211.169.107
          1 188.132.103.230
          1 188.132.21.26
          1 188.132.22.142
          1 188.132.4.161
          1 188.132.75.225
          1 188.161.128.220
          1 188.161.206.221
          1 188.161.227.248
          1 188.161.238.75
          1 188.161.241.55
          1 188.248.152.85
          1 188.248.57.193
          1 188.48.197.219
          1 188.48.22.85
          1 188.48.27.17
          1 188.48.31.66
          1 188.48.67.229
          1 188.49.123.17
          1 188.49.57.18
          1 188.49.75.117
          1 188.50.109.49
          1 188.50.35.167
          1 188.50.48.35
          1 188.50.65.122
          1 188.50.65.154
          1 188.50.83.118
          1 188.50.8.87
          1 188.51.14.108
          1 188.51.40.78
          1 188.51.88.139
          1 188.51.97.124
          1 188.52.100.22
          1 188.52.10.179
          1 188.52.111.76
          1 188.52.26.214
          1 188.52.6.138
          1 188.52.75.180
          1 188.52.82.17
          1 195.189.143.55
          1 195.229.241.173
          1 196.1.219.162
          1 196.12.236.112
          1 196.12.236.19
          1 196.12.242.147
          1 196.1.232.104
          1 196.205.228.10
          1 196.205.232.17
          1 196.206.185.120
          1 196.206.203.185
          1 196.206.224.61
          1 196.217.31.89
          1 196.217.36.63
          1 196.217.64.169
          1 198.36.32.137
          1 212.11.160.150
          1 212.116.219.110
          1 212.118.119.113
          1 212.118.123.249
          1 212.118.140.227
          1 212.118.140.230
          1 212.118.140.232
          1 212.118.140.233
          1 212.118.142.228
          1 212.118.142.229
          1 212.118.142.74
          1 212.215.152.110
          1 212.62.97.20
          1 213.166.134.177
          1 213.178.224.168
          1 213.188.81.213
          1 213.236.48.96
          1 213.236.52.108
          1 213.6.122.163
          1 213.6.210.170
          1 213.6.220.7
          1 213.6.255.139
          1 213.6.68.124
          1 213.6.72.127
          1 213.6.75.85
          1 213.6.80.51
          1 213.6.86.21
          1 213.6.93.125
          1 217.194.135.6
          1 41.100.148.66
          1 41.102.27.164
          1 41.102.41.67
          1 41.103.168.124
          1 41.105.114.219
          1 41.105.22.190
          1 41.130.31.148
          1 41.196.224.192
          1 41.196.246.235
          1 41.196.80.60
          1 41.201.168.163
          1 41.201.39.231
          1 41.205.120.252
          1 41.209.112.162
          1 41.209.113.50
          1 41.209.75.253
          1 41.214.174.91
          1 41.214.179.216
          1 41.218.14.148
          1 41.218.31.180
          1 41.224.99.190
          1 41.225.176.33
          1 41.226.206.215
          1 41.232.118.182
          1 41.232.169.113
          1 41.233.198.253
          1 41.233.6.245
          1 41.234.145.30
          1 41.234.229.84
          1 41.235.101.206
          1 41.235.1.210
          1 41.235.239.121
          1 41.236.240.163
          1 41.237.169.19
          1 41.237.37.240
          1 41.238.151.79
          1 41.238.61.158
          1 41.238.69.232
          1 41.249.47.233
          1 41.250.224.66
          1 41.251.101.54
          1 41.251.93.115
          1 41.252.204.9
          1 41.252.232.134
          1 41.252.250.121
          1 41.254.1.138
          1 41.254.2.29
          1 41.254.2.53
          1 41.98.31.152
          1 59.126.52.78
          1 62.117.46.221
          1 62.120.149.250
          1 62.120.190.180
          1 62.120.220.195
          1 62.120.234.11
          1 62.120.254.167
          1 62.251.188.72
          1 62.61.164.141
          1 62.61.164.158
          1 62.61.164.217
          1 62.90.200.246
          1 65.55.106.139
          1 65.55.107.181
          1 72.30.81.187
          1 77.30.66.187
          1 77.30.70.41
          1 77.31.0.1
          1 77.31.152.139
          1 77.31.16.15
          1 77.31.64.205
          1 77.31.70.100
          1 77.31.72.64
          1 77.31.75.242
          1 77.42.154.106
          1 77.64.45.194
          1 78.101.112.34
          1 78.101.51.18
          1 78.101.71.233
          1 78.93.103.99
          1 78.93.109.250
          1 78.93.111.156
          1 78.93.76.211
          1 78.93.90.154
          1 79.172.131.31
          1 79.172.136.197
          1 79.172.163.169
          1 79.172.167.93
          1 79.173.236.209
          1 79.181.219.81
          1 79.183.133.165
          1 81.192.12.116
          1 81.192.174.189
          1 81.192.184.160
          1 82.116.136.254
          1 82.167.27.76
          1 82.167.28.42
          1 82.178.171.25
          1 82.198.27.70
          1 82.201.215.88
          1 83.244.109.254
          1 84.202.39.231
          1 84.22.224.100
          1 85.195.186.69
          1 86.108.109.26
          1 86.108.30.93
          1 86.60.31.109
          1 86.60.37.194
          1 86.60.45.129
          1 86.60.51.125
          1 86.60.78.130
          1 86.60.88.75
          1 86.62.20.230
          1 86.96.226.87
          1 86.96.226.88
          1 86.96.226.89
          1 86.96.226.93
          1 86.96.227.88
          1 86.96.227.89
          1 86.96.227.93
          1 86.96.228.84
          1 86.96.228.87
          1 86.96.229.85
          1 86.96.229.88
          1 87.101.138.187
          1 87.109.135.17
          1 87.109.137.163
          1 87.109.139.93
          1 87.109.174.97
          1 87.109.215.159
          1 87.109.232.8
          1 87.109.243.161
          1 89.108.9.128
          1 89.203.6.108
          1 89.5.114.71
          1 89.5.41.241
          1 89.5.5.30
          1 90.206.42.226
          1 90.233.139.102
          1 91.142.51.35
          1 91.142.51.36
          1 91.142.51.37
          1 91.142.51.38
          1 91.142.51.41
          1 91.142.57.220
          1 91.142.61.244
          1 91.144.1.38
          1 91.186.244.49
          1 92.132.174.161
          1 92.241.62.102
          1 92.48.38.245
          1 92.48.44.25
          1 92.48.50.70
          1 92.48.6.136
          1 93.109.62.199
          1 93.191.178.139
          1 93.98.2.44
          1 93.98.25.240
          1 93.98.71.218
          1 94.249.3.101
          1 94.249.3.97
          1 94.79.197.40
          1 94.79.205.121
          1 94.96.102.58
          1 94.96.123.95
          1 94.96.143.63
          1 94.96.191.167
          1 94.96.240.20
          1 94.96.54.48
          1 94.96.64.48
          1 94.96.74.12
          1 94.96.86.41
          1 94.97.100.232
          1 94.97.104.68
          1 94.97.120.67
          1 94.98.100.121
          1 94.98.25.225
          1 94.98.62.119
          1 94.98.98.44
          1 94.99.5.231
          1 95.170.210.4
          2 188.132.28.43
          2 188.161.147.63
          2 188.249.47.106
          2 188.48.14.45
          2 188.49.58.253
          2 188.50.30.140
          2 188.50.36.177
          2 188.51.43.254
          2 188.51.70.1
          2 188.52.13.180
          2 188.52.94.134
          2 196.1.252.226
          2 196.217.36.177
          2 212.118.140.228
          2 212.118.142.77
          2 212.119.90.10
          2 212.162.130.92
          2 213.6.225.237
          2 213.6.228.92
          2 213.6.237.103
          2 213.6.245.124
          2 213.6.66.136
          2 213.6.69.114
          2 213.6.69.76
          2 213.6.82.26
          2 41.200.187.109
          2 41.205.107.174
          2 41.209.72.188
          2 41.232.227.176
          2 41.238.59.29
          2 41.250.200.137
          2 41.254.0.246
          2 62.120.225.3
          2 62.120.56.243
          2 62.120.93.65
          2 77.237.36.246
          2 77.30.14.92
          2 77.30.57.30
          2 77.31.103.136
          2 77.31.83.194
          2 78.93.121.248
          2 78.93.91.163
          2 79.172.157.141
          2 79.214.181.105
          2 80.197.107.206
          2 82.114.160.34
          2 83.136.61.188
          2 84.22.225.219
          2 84.22.245.194
          2 84.235.73.20
          2 84.235.73.21
          2 84.235.75.19
          2 86.60.86.187
          2 86.96.226.90
          2 86.96.227.86
          2 86.96.229.84
          2 86.96.229.90
          2 87.109.167.250
          2 87.109.240.182
          2 87.109.66.70
          2 87.109.68.2
          2 89.108.18.163
          2 89.5.15.183
          2 91.142.59.36
          2 93.186.20.122
          2 94.249.70.79
          2 94.96.227.186
          2 94.96.242.104
          2 94.98.119.33
          2 94.98.92.32
          2 94.99.99.87
          2 95.84.72.50
          3 188.132.30.91
          3 188.161.228.99
          3 212.116.219.112
          3 213.6.68.104
          3 218.128.117.54
          3 41.209.112.78
          3 77.31.22.158
          3 77.64.120.158
          3 77.64.32.13
          3 78.110.3.32
          3 82.114.160.31
          3 82.114.160.36
          3 84.235.75.20
          3 86.108.50.89
          3 86.60.66.28
          3 86.60.72.190
          3 86.62.31.90
          3 86.96.227.91
          3 86.96.228.93
          3 88.213.26.36
          3 88.213.58.3
          3 94.96.181.217
          3 94.96.23.116
          4 188.51.74.239
          4 193.188.105.20
          4 41.235.235.177
          4 41.238.14.8
          4 41.249.114.191
          4 41.97.32.176
          4 72.30.79.92
          4 77.30.57.33
          4 77.30.58.102
          4 79.172.181.100
          4 81.192.180.213
          4 84.235.75.18
          4 87.109.158.159
          4 94.97.2.228
          4 94.98.117.54
          4 94.99.25.138
          4 94.99.89.43
          5 41.130.9.161
          5 41.201.195.150
          5 86.60.64.34
          6 196.217.97.190
          6 82.194.62.200
         11 77.30.126.101
    and i blocked them with csf v4.76 the last version.

    i Installed this 2;
    Code:
    cd /usr/local;pwd
    wget http://www.inetbase.com/scripts/ddos/install.sh
    chmod 0700 install.sh
    ./install.sh
    
    nano /usr/local/ddos/ddos.conf
    ##### How many connections define a bad IP? Indicate that below.
    NO_OF_CONNECTIONS=50
    now when i try to add ip's to csf deny list it's give me this error...

    Code:
    root@server [/home/]# /usr/sbin/csf -d 94.249.44.40
    csf: DENY_IP_LIMIT (100), the following IP's were removed from /etc/csf/csf.deny:
    41.205.107.174
    Adding 94.249.44.40 to csf.deny and iptables DROP...
    DROP  all opt -- in !lo out *  94.249.44.40  -> 0.0.0.0/0
    DROP  all opt -- in * out !lo  0.0.0.0/0  -> 94.249.44.40
    root@server [/home/]#
    It's mean that the deny list had more than 100 ip's and every ip i add it there it's remove an old ip... i need something helpfull for this kind of attack, Please help guys !

  2. #2
    Join Date
    Jun 2006
    Location
    Cluj Napoca
    Posts
    468
    well, it's useless to add IPs to CSF deny list. You can easily add them to iptables directly but if this is a real ddos you will end up adding too many IPs and still not solving your issue. Does that ddos lead to too many apache childs that eat all your memory ?

    Also, if you know for sure this is a real DDOS ignore every advice that will follow about mod_dosevasive and other scripts that won't help in that case.
    IntoDNS - Check your DNS health and configuration
    IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  3. #3
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    Hello Christi4n, i search before i wrote this topic and i found your advice in other topic, what am doing now as you advice before in some old topic for this comment

    Code:
        * install and configure CSF - check the config file carefully
        * run the netstat command above to see if a few IPs are the main source of attack and block with "csf -d IP" as above
        * tweak kernel constants such as net.ipv4.tcp_syncookies, net.ipv4.tcp_max_syn_backlog, and net.ipv4.tcp_synack_retries
        * reduce Apache timeout (/etc/httpd/conf/httpd.conf "Timeout 100") to harden against slowloris
    now should i add these ip's in iptables ? or csf deny.list ?? i think it's same.. ( not sure actually )..

    and The server is good it's can handle it i think becouse there is just 1 website, and the server is detecated not vps, and the load there is 2.5%.. so what am looking for is there any method how to complete this step;

    Code:
    tweak kernel constants such as net.ipv4.tcp_syncookies, net.ipv4.tcp_max_syn_backlog, and net.ipv4.tcp_synack_retries
    Thanks!

  4. #4
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    and is there any script could show/explane from were this attack come from ??

    i look at the log msg

    Code:
    root@server [/home]# tail -f /var/log/messages
    Aug 27 11:19:38 server pure-ftpd: (__cpanel__service__auth__ftpd__w_DxE4EHQw3xxxxvuBna2xkZggRXI4weJKuJpsKLM5FHUJBzRow6X@127.0.0.1) [INFO] Logout.
    Aug 27 11:21:43 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:30:48:da:57:exxx:72:9a:00:08:00 SRC=8x.214.1x3.21 DST=9xx.31.8x.83 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=30916 PROTO=UDP SPT=1203 DPT=17167 LEN=28
    Aug 27 11:24:26 server pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Aug 27 11:24:37 server pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__6Df4C5l0xZNIuCsXNLpAl4ItAswbHdKHhthXCnUD68xi0PVcRwa0th4AnuU_Pmgu is now logged in
    Aug 27 11:24:38 server pure-ftpd: (__cpanel__service__auth__ftpd__6Df4C5l0xZNIuCsXNLpAl4ItAswbHdKHhthXCnUD68xi0PVcRwa0th4AnuU_Pmgu@127.0.0.1) [INFO] Logout.
    Aug 27 11:29:03 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ffxxx0 SRC=xxx1.216 DST=255.255.255.255 LEN=29 TOS=0x00 PREC=0x00 TTL=128 ID=10633 PROTO=UDP SPT=1061 DPT=1434 LEN=9
    Aug 27 11:29:29 server pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Aug 27 11:29:40 server pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__9VpllQ8Iy8mT3YF61YMSPz5_4zjIS7p4jsUYgiUaoV5HfEEn5u3qH6mEKEtnZJoD is now logged in
    Aug 27 11:29:40 server pure-ftpd: (__cpanel__service__auth__ftpd__9VpllQ8Iy8mT3YF61YMSPz5_4zjIS7p4jsUYgiUaoV5HfEEn5u3qH6mEKEtnZJoD@127.0.0.1) [INFO] Logout.
    Aug 27 11:29:42 server kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:30:48:da:xx:e8:00:xx:80:xx:9a:00:08:00 SRC=116.197.128.58 DST=96.31.85.86 LEN=48 TOS=0x00 PREC=0x00 TTL=43 ID=7708 DF PROTO=ICMP TYPE=8 CODE=0 ID=51810 SEQ=7198
    Last edited by boxer; 08-27-2009 at 11:31 AM.

  5. #5
    Join Date
    Jun 2006
    Location
    Cluj Napoca
    Posts
    468
    well, that is the thing with those ddos attacks. If I would be able to know the source I would probably reach that guy myself (usually a kid) and.... But you can't really find out who is behind a ddos. What you can do is to mitigate that ddos and the attacker will give up after he will be convinced he can't get you down.

    For a ddos there is no script you can use that will solve your problem. Also blocking those IPs in your firewall won;t really help, I suspect that most of those IPs are real visitors since they only have 1 or 2 connections.

    Also how big is the number of IPs you see when you run that command (the one with netstat) ?

    csf is a perl script that will (sort of) manage iptables and automates a few things. You can increase the IP limit to more than 100 by changing DENY_IP_LIMIT in /etc/csf/csf.conf

    If that is a ddos (I don't see anything that looks like a ddos from what you posted) you can use nginx for example as a reverse proxy to lower the number of apache children created since a ddos will only send our syns a.s.o.

    Also you should check to see if those are real requests to apache or just syns.
    IntoDNS - Check your DNS health and configuration
    IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  6. #6
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    i run this command

    netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

    it's show me that list, so i should ( JUST ) Deny the ip's who have more than 1 + 2 connection to my server ?

  7. #7
    Limit the no of the IPs in the /etc/csf/csf.deny files,

    Raise the limit on the number of IP addresses you keep permanently banned. Replace 100 with the number of your choice.
    Code:
    DENY_IP_LIMIT = "100"

    Raise the limit on the number of IP addresses you keep temporarily banned. Replace 100 with your new limit.
    Code:
    DENY_TEMP_IP_LIMIT = "100"
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  8. #8
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    I did it, what about the /etc/csf.deny ip's ? should i remove them or keep them there ?

  9. #9
    Join Date
    Jun 2006
    Location
    Cluj Napoca
    Posts
    468
    well, can you also post the output of:
    netstat -plan|grep :80 | grep ESTABLISHED | wc -l
    and
    netstat -plan|grep :80 | wc -l
    ?
    IntoDNS - Check your DNS health and configuration
    IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  10. #10
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    Code:
    root@server [/home]# netstat -plan|grep :80 | grep ESTABLISHED | wc -l
    26
    root@server [/home]# netstat -plan|grep :80 | wc -l
    258
    root@server [/home]#

  11. #11
    Join Date
    Jun 2006
    Location
    Cluj Napoca
    Posts
    468
    well that looks pretty normal, especially for a dedicated server and it should not cause any problems. Do you have load problems on that server or how did you reach the conclusion you have a ddos ?
    IntoDNS - Check your DNS health and configuration
    IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  12. #12
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    Code:
    0.25 (2 cpus)
    I don't think so.. so by the way, is there any script to monitor the server from ddos, ( know from were the attacks come from ) else look at ip2location.com manually ..?

  13. #13
    Join Date
    Jun 2006
    Location
    Cluj Napoca
    Posts
    468
    even if you find the IP location it won't help you at all. Also, you do not have a ddos on that server, everything looks normal. Probably there are some scripts to get an IP location but those scripts will only consume time and they won't work ok under a real ddos and won't help you either.

    What is wrong with your server now and why do you think you are under a ddos ?
    IntoDNS - Check your DNS health and configuration
    IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  14. #14
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    Now everything is normal, but "why" i think it's a ddos becouse the server was working fine, and get down one time, and back, i ping the server ip and it's look like timout sometimes and sometimes getting okay ( replaying ), after i login to the server i run some command to check the ips connected to the server and it's show me all this ip list, that's all, i contact with hivelcity dc to check out the server and monitor it and they well replay back shortly, hope everything going fine, and Thank you alot Cristi4n for your help. i'll be back with the dc monitor soon.

  15. #15
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    416
    If it doesn't ping there might be another reason. Ping is a ICMP protocole, but those IPs connected to your port 80 are using TCP protocole
    Next time, try to find out what they are doing (connection state) :

    netstat -nt | grep ':80 ' | awk '{print $6}' | sort | uniq -c
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  16. #16
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    Nice one!

    Code:
    root@server [/home/www/public_html]# netstat -nt | grep ':80 ' | awk '{print $6}' | sort | uniq -c
         38 ESTABLISHED
          5 FIN_WAIT1
         40 FIN_WAIT2
          6 SYN_RECV
        344 TIME_WAIT
    root@server [/home/www/public_html]#
    could you explane what is that options here ? and what dangerous and what normally plz

  17. #17
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    416
    I don't see anything wrong with that ! No SYN flood, no HTTP GET DDoS, no slowloris-like attack.

    Have a look at your network stats :

    # netstat -s

    And check your HTTP logs : which page are they requesting and also their referer (someone may have put a link to your website and you're getting famous !)
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  18. #18
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    i'll sent the info resualt pm 2 you khunj, and what about how to get the HTTP Logs ?sorry i didn't know how, or forget it.

  19. #19
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    416
    Nothing wrong with the output you sent.

    Your apache logs can be in /var/log/apache (or /var/log/apache2) on Debian system, or /usr/local/apache/domlogs on Redhat/CentOs etc..
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  20. #20
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    the logs here in redhat directory show's

    Code:
    -rw-r-----  2 root r1z      13264321 Aug 27 14:33 site.com
    -rw-r--r--  1 root root       551730 Aug 27 14:33 site.com-bytes_log
    -rw-r--r--  1 root root            1 Aug 27 09:11 site.com-bytes_log.offset
    -rw-r-----  1 root root       658398 Aug 27 14:22 site.com-smtpbytes_log

  21. #21
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    If you're receiving DDoS attacks and the csf.deny is over 1000 entries it is recycling the old denies which is going to deplete your resources. If you increase the .conf to over 1000 you'll also deplete your resources.

    You're going to need a non-software solution.

  22. #22
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    416
    Quote Originally Posted by boxer View Post
    the logs here in redhat directory show's

    Code:
    -rw-r-----  2 root r1z      13264321 Aug 27 14:33 site.com
    -rw-r--r--  1 root root       551730 Aug 27 14:33 site.com-bytes_log
    -rw-r--r--  1 root root            1 Aug 27 09:11 site.com-bytes_log.offset
    -rw-r-----  1 root root       658398 Aug 27 14:22 site.com-smtpbytes_log
    Have a look at the first one.
    And also :
    - /usr/local/apache/logs/access_log
    - /usr/local/apache/logs/error_log
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  23. #23
    Join Date
    Sep 2008
    Location
    NewYork
    Posts
    436
    Thanks guys,

    I sent a msg to you khunj with the link for that file.

  24. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. DENY_IP_LIMIT csf v4.63
    By crazyaboutlinux in forum Hosting Security and Technology
    Replies: 5
    Last Post: 04-14-2009, 10:46 AM
  2. Ddos attack
    By Nassou in forum Dedicated Server
    Replies: 13
    Last Post: 11-17-2008, 01:48 AM
  3. DDOS ATTACK
    By hellman in forum Hosting Security and Technology
    Replies: 12
    Last Post: 10-10-2008, 04:24 AM
  4. DDOS Attack
    By BlueCapacity in forum Running a Web Hosting Business
    Replies: 10
    Last Post: 10-25-2004, 02:07 PM
  5. What is a DDOS Attack exactly?
    By Scout in forum Web Hosting
    Replies: 6
    Last Post: 11-06-2003, 06:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •