[BlueOnyx:03325] Re: Help! Being flooded by attempted hack attacks..

Greg Kuhnert greg.kuhnert at theanchoragesylvania.com
Tue Jan 12 17:55:04 -05 2010 

You have turned on domain name resolution for your HTTP logs. Turn that 
off, and it should start blocking him.

While on the topic of web attacks though, I have noticed an increase in 
attack activity lately, that appears to be a lot more like a 
co-ordinated bot-net style attack pattern. For example, I am seeing a 
lot of web attacks starting at the same time from multiple IP's, with 
similar attack patterns.

Can I suggest to everyone here that we should be a little more vigilent 
in system/log monitoring at the moment.... Something smells a bit off 
right now, and it's not me!

Regards,
Greg.

-- 
+---------------------------------------------------------------------+
|   / \   Greg Kuhnert, gkuhnert at compassnetworks.com.au               |
| <  o  > Compass Networks - Pointing you in the right direction      |
|   \ /   Come see us for BlueQuartz / BlueOnyx modules & Support.    |
+---------------------------------------------------------------------+



Paul wrote:
> Guys,
>
> Help! I am getting flodded by what looks like an attempted hack attack..
> The mails i am getting are:
>
> Subject:   Cron <root at localhost> /usr/local/sbin/dfix.sh
> From:   "Cron Daemon" <root at localhost.localdomain>
> Date:   Tue, January 12, 2010 10:29 pm
> To:   root at localhost.localdomain
> Priority:   Normal
> Options:   View Full Header |  View Printable Version  | Download this as
> a file
>
> Unable to block non-ip target servidor47.suempresa.com
>
>
> So, dfix is seeing an attempted attack, however is unable to block.
> Not sure why, since checking the address out, it does resolve..
>
> servidor47.suempresa.com [201.130.79.57]
>
> I'm getting at least one mail a minute, all with the same content.
> Currently though, i'm remote, with no ssh access to the box. However i may
> be able to get access later tonight.
>
> Anyone any advice on the quickest way to stop this at all??
>
> Many thanks
> Paul
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>

More information about the Blueonyx mailing list