Checking if a server is under ddos attack
Monday, June 4th, 2007A quick and usefull command for checking if a server is under ddos is:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Archive for the ‘Security’ Category
Email Header Injection in PHP
Monday, June 4th, 2007It has become apparent that spammers are getting even smarter than we take them for. Rather than abuse open relays, which are almost non-existent, these scum-of-the-earth ‘traders’ are now abusing contact forms.
SSH vs Script Kiddies How-to Guide
Thursday, May 31st, 2007Scope
Some idiot created a SSH worm that uses a dictionary attack to try to log into a computer over port 22. The worm tries to set up shop on your computer and tries to find the next vulnerable computer. This clogs up networks with bazillions of SSH login attempts.
Protecting Linux against automated attackers
Thursday, May 31st, 2007Read the fine article here.
How to block libwww-perl under Apache web server
Thursday, May 31st, 2007Use mod_rewrite and .htaccess file to block user agent libwww-perl. Open your .htaccess file and add rule as follows:
Block LIBWWW-PERL and web addresses to protect your site from botnets
Thursday, May 31st, 2007Not only do I block all accesses from libwww-perl, I also log what they were looking for which turns up an amazing amount of botnet hits on a daily basis just randomly hitting websites trying to find a way inside.