Highest Voted 'attacks' Questions - Server Fault Stack Exchange

9

votes

2 answers

DNS attacks from external IP with port 80, how could that happened?

Just noticed from my DNS server's log, showing someone attack my server through port 80: /var/log/bind.log:31-Jul-2020 03:25:50.536 query-errors: client @0x7f63345948a0 185.107.80.2#36045 (PEACECORPS.GOV): view internet: query failed (REFUSED) for…

domain-name-system attacks

asked Aug 02 '20 at 04:21

watchsat

101
1
5

7

votes

1 answer

Windows RDP: Attack targeting real account names

We have a Windows 2012 R2 server hosted in a datacenter, and we are using RDP for its administration. Automatic updates are enabled. RDP login is not allowed for the Administrator account, and there are several user accounts with RDP enabled. I…

windows-server-2012 remote-desktop rdp brute-force-attacks attacks

asked Oct 22 '19 at 10:17

Olivier Leneveu

171
3

6

votes

4 answers

How to stop a ICMP attack?

We are under a heavy icmp flood attack. Tcpdump shows the result below. Altough we have blocked ICMP with iptables tcpdump still prints icmp packets. I've also attached iptables configuration and "top" result. Is there any thing I can do to…

linux iptables icmp denial-of-service attacks

asked Oct 01 '12 at 00:09

cumhur onat

163
1
4

4

votes

3 answers

Lots of connections in SYN_RECV, not a SYN flood, is it some reflection attack?

Since at least a few months, issuing a netstat -t command on our web server, which has TCP ports 22, 80 and 443 exposed to the Internet, often reveals dozens of connections in SYN_RECV status: $ netstat -nt Active Internet connections (w/o…

networking tcp attacks syn

asked Aug 22 '19 at 14:32

Ale

1,613
17
25

3

votes

1 answer

Is this real google bot or attack? How do I deal with it?

So basically my site was unaccessible and I went to logs folder to see what's wrong and noticed a lot of weird requests from various IPs: 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - -…

ddos attacks

asked Mar 30 '20 at 17:34

me_yy

33
3

2

votes

1 answer

Suspicious ssh log entries (“Accepted none for anonymous”)

I got this log entry chain (and similar repeatedly) on my server: Nov 24 07:38:59 server sshd[28676]: SSH: Server;Ltype: Version;Remote: 54.38.81.12-40482;Protocol: 2.0;Client: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 Nov 24 07:38:59 server sshd[28676]: SSH:…

ssh hacking synology attacks

asked Nov 24 '18 at 11:51

Cigydd

21
6

2

votes

1 answer

TMG only windows 2008 r2 installing. NOT WORKING windows server 2012 r2

TMG Forefront only working windows server 2008 or 2008R2 - Not working windows server 2012. How to mitigation windows server 2012R2 - Flood attacks,http attacks ? Please help how to build windows server 2012R2 Maximum TCP connect requests per minute…

windows ddos flooding attacks tmg

asked Feb 24 '17 at 00:36

Ahmet Berk Başaran

31
5

2

votes

1 answer

What's the legit use of a deauthentication packet?

Most people that have tampered with external wireless networks in a malicious fashion for the sake of education (hopefully your own personal testing network) have probably heard of a deauthentication attack. These attacks are simply a single host…

networking network-protocols attacks

asked Jul 19 '16 at 22:22

TheFuzzyFish

23
3

2

votes

0 answers

What would cause named to send out hundreds of bogus responses?

My DNS server running RHEL 6.6 is actively sending unsolicited DNS responses to a couple of IP's. By unsolicited I mean that there is no incoming request from the external IP, the DNS server seems to want to talk to this external host for some…

networking domain-name-system linux-networking attacks

asked Dec 14 '15 at 20:41

user53029

619
2
14
34

2

votes

2 answers

500,000 GET requests to a random jpeg per day (Apache)

So I'm getting this on my Apache log on a small server for a local company: 1.2.3.4 - - [09/Nov/2015:17:00:16 +0000] "GET /wp-content/uploads/2012/08/gold-coins.jpeg HTTP/1.1" 301 342 about 500,000 times per day with 150,000 unique IP's. I've…

apache-2.2 log-files attacks

asked Nov 09 '15 at 17:30

user321255

21
2

2

votes

1 answer

Another domain points to my webserver

Somebody else has registered a name pointing to my webserver's IP address in .ma TLD. My domain foo.bar -> my ip address 1.2.3.4 Somebody defined: suspiciousdomain.ma -> my ip address 1.2.3.4 So this looks like a reverse to typical DNS…

domain-name-system security attacks

asked Apr 11 '14 at 14:01

LetMeSOThat4U

1,159
2
14
29

2

votes

1 answer

What sort of attack URL is this?

I set up a website with my own custom PHP code. It appears that people from places like Ukraine are trying to hack it. They're trying a bunch of odd accesses, seemingly to detect what PHP files I've got. They've discovered that I have PHP files…

php http website exploit attacks

asked Nov 03 '12 at 22:21

Asker

41
1
3

2

votes

2 answers

Reverse Proxy - should it be a different technology stack?

Got a skeptical question about a reverse proxy setup I'm considering. I've currently got a pair of load balanced application servers in the DMZ (S1,S2 in figure below). These accept inbound requests from external clients. They also connections to…

networking security reverse-proxy dmz attacks

asked May 02 '12 at 02:45

Happyblue

75
1
8

2

votes

1 answer

Ping O' Death and iptables

Is there a simple rule that can be written to stop a ping o' death with iptables?

iptables ping attacks

asked Nov 17 '10 at 18:36

John

2,266
6
44
60

2

votes

4 answers

Server FTP attack from multiple IP addresses spanning 5 countries - how can this be?

I recently had an FTP attack where 3 files were copied into public HTML directory of my domain. (It looks like the FTP password was compromised, but I'm still investigating this.) The strange thing is that the FTP log documented 5 separate IP…

ftp hacking attacks

asked Jun 21 '10 at 16:24

Owen

356
5
19

Questions tagged [attacks]