[BlueOnyx:03326] Re: Help! Being flooded by attempted hack attacks..

Paul paul at planetcentral.net
Tue Jan 12 18:31:56 -05 2010 

Hiya Greg,

Many thanks for the rapid reply :)

As far as the logs etc are concerned, i havent touched anything on that
front since it was installed - so much so i havent got a clue as to how to
turn this off!! :(

Any advice on how to carry this out please?? :)

Many thanks again!!
Paul

> You have turned on domain name resolution for your HTTP logs. Turn that
> off, and it should start blocking him.
>
> While on the topic of web attacks though, I have noticed an increase in
> attack activity lately, that appears to be a lot more like a
> co-ordinated bot-net style attack pattern. For example, I am seeing a
> lot of web attacks starting at the same time from multiple IP's, with
> similar attack patterns.
>
> Can I suggest to everyone here that we should be a little more vigilent
> in system/log monitoring at the moment.... Something smells a bit off
> right now, and it's not me!
>
> Regards,
> Greg.
>
> --
> +---------------------------------------------------------------------+
> |   / \   Greg Kuhnert, gkuhnert at compassnetworks.com.au               |
> | <  o  > Compass Networks - Pointing you in the right direction      |
> |   \ /   Come see us for BlueQuartz / BlueOnyx modules & Support.    |
> +---------------------------------------------------------------------+
>
>
>
> Paul wrote:
>> Guys,
>>
>> Help! I am getting flodded by what looks like an attempted hack attack..
>> The mails i am getting are:
>>
>> Subject:   Cron <root at localhost> /usr/local/sbin/dfix.sh
>> From:   "Cron Daemon" <root at localhost.localdomain>
>> Date:   Tue, January 12, 2010 10:29 pm
>> To:   root at localhost.localdomain
>> Priority:   Normal
>> Options:   View Full Header |  View Printable Version  | Download this
>> as
>> a file
>>
>> Unable to block non-ip target servidor47.suempresa.com
>>
>>
>> So, dfix is seeing an attempted attack, however is unable to block.
>> Not sure why, since checking the address out, it does resolve..
>>
>> servidor47.suempresa.com [201.130.79.57]
>>
>> I'm getting at least one mail a minute, all with the same content.
>> Currently though, i'm remote, with no ssh access to the box. However i
>> may
>> be able to get access later tonight.
>>
>> Anyone any advice on the quickest way to stop this at all??
>>
>> Many thanks
>> Paul
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>

More information about the Blueonyx mailing list