Highest Voted 'botnet' Questions - Server Fault Stack Exchange

10

votes

8 answers

How to check if a Linux server is clean from rootkits/backdoors/botnets etc.?

In case a Linux server was exposed to the internet with extreme low security policy (r/w anonymous Samba folders, Firebird database server with default admin password, no firewall, etc.) for a week, then how do I make sure the system is not…

asked Jul 08 '10 at 21:05

Ivan

3,288
19
48
70

6

votes

1 answer

How to deny POST to a url in nginx

Some of the SQL-heavy URL on my app (say /members) are being attacked by botnets. So I'd like to disable anybody to post to these URL, while allowing others to GET them. I tried to make a nested loop like this: if ($request_uri ~ .*members^) { …

nginx web-server botnet

asked Oct 17 '14 at 21:25

Jand

213
1
4
7

5

votes

2 answers

Will blocking port 25 on a router cripple outlook clients?

I work at a small ISP, we manage about 60 buildings with p2p radios and a main cisco router at a central location. Recently we were notified that a phishing domain is associated with one of our IPs. When tracing the IP, the tracert hops along 20-60…

networking routing spam botnet

asked Oct 16 '14 at 14:20

demiAdmin

155
1
9

5

votes

2 answers

Storm Botnet on Linux?

We have a customer who is running an office CCTV system which he accesses from home. The system runs on an embedded Linux box behind a NAT firewall forwarding to ports 8080 for web browser access and 37777 for proprietary software access. All this…

security firewall botnet

asked Jun 09 '09 at 16:28

MikeJ-UK

201
1
4

4

votes

5 answers

My server was reported to hoster abuse to perform ddos attacks. What should I do?

I do not see anything suspicious on the server (no netstat connections to remote 80 port), but I'm not a professional server admin (I'm a hardcore software developer). Please do not write obvious comments (hire a professional person/company) - we'll…

ddos botnet

asked Aug 26 '11 at 15:48

Nikolay R

143
1
7

3

votes

1 answer

Block requests from bots by pattern in apache with mod_rewrite. mod_rewrite not working

I'm trying to block requests from bots by pattern glitter_calendar on apache. Prehistory. My server is heavily accessed by bots. The request URI is ...glitter_calendar.. The wordpress returns 404. The server even goes down once a week. I tried…

apache-2.2 .htaccess mod-rewrite botnet

asked Jan 29 '17 at 11:47

Tomas Morgan

111
1
4
12

3

votes

1 answer

/phpTest/zologize/axa.php? Another botnet?

Staring at the log made me think, what is /phpTest/zologize/axa.php and why are bots looking for it? Previously, I had lots of /HNAP1/ requests. Requesting /HNAP1/ from IPs from log revealed, that all of them were sent by Linksys routers. 3 months…

logging botnet

asked Jun 05 '14 at 23:29

m132

141
3

3

votes

2 answers

What amount of effort and money should one invest against DDoS threats?

Typically, when you invest money to protect yourself against some possible threat, you should take into account two factors: the probability (p) of the problem actually happening how much money (m) that problem would cost you if it…

ddos cdn botnet risk-management

asked Jul 03 '13 at 16:08

MiniQuark

3,695
2
20
23

3

votes

1 answer

I have many strange requests in my httpd access_log, does it mean I have a virus?

I have httpd log information as such which goes on and on forever. Firstly, does this mean I have a virus? is my server part of a botnet? My server is Linux Centos 5. tail -f /var/log/httpd/access_log Also how can I block this attack? How can I make…

linux centos malware botnet

asked Jun 14 '12 at 02:46

Phil

245
2
5
12

3

votes

5 answers

Remote access of Linux over IRC

I have been tasked with setting up and supporting some computers for some people who have sociological problems. Troubled teens/adults and the like. They need computers to do very basic tasks like web browse, but they know little about computers and…

linux remote irc botnet

asked May 07 '12 at 05:52

Porch

680
5
12

3

votes

1 answer

Mail server hammering

I've noticed a quick increase on smtp connections coming to my server, investigating it further i figured out that there's a botnet hammering my smtp server. I've tried to stop it by adding a rule at iptables: -N SMTP-BLOCK -A SMTP-BLOCK -m limit…

iptables sendmail dovecot botnet

asked Jun 04 '10 at 04:40

Rod

372
4
10

2

votes

1 answer

Too many bad bots killing website

Everyday around 2-3pm, huge amounts of bots are coming to my website and they just kill it. Few days ago it was just 2-3 IPs so I could easily block it, but today more than 600 bots came and kept flooding my website for 3 hours straight. IPs were…

spam ddos botnet

asked Apr 18 '19 at 19:30

lamka02sk

121
2

2

votes

2 answers

How to determine process which makes DNS Request?

I have a server on AWS, GuardDuty started send me notifications: *** "type":"Backdoor:EC2/C&CActivity.B!DNS", *** {"domain":"libcurl.so","protocol":"UDP","blocked":false} *** is querying a domain name associated with a known Command & Control…

amazon-web-services troubleshooting malware auditd botnet

asked Oct 12 '18 at 13:13

kbu

255
4
13

2

votes

1 answer

How to deny requests in nginx when there is no referer?

In nginx access.log I see many lines like: 1.2.3.4 - - [19/Oct/2014:22:48:11 -0400] "POST /someurl/suburl HTTP/1.1" 200 19967 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2" Where only common thing…

nginx deny botnet

asked Oct 20 '14 at 05:03

Jand

213
1
4
7

2

votes

1 answer

Packet flooding, is there any way to handle it?

My machine is being flooded with thousands of packets per second. They don't eat much bandwidth (60mbps out of 1gbit) but they damage system a lot by consuming a CPU responsible for handling network card interrupts. ksoftirqd goes to 100% and…

networking ddos flooding botnet

asked Dec 11 '11 at 23:42

rfire

41
1
4

Questions tagged [botnet]