Jump to content
dlewis23

Damn Hacker!

Recommended Posts

Ok ive got a damn hacker that is trying to DOS my site and i can't get it to stop ive tried everything that i can think of. right now i have throlted the connection speed down from 100mbps to 10mbps so that the hacker does not use a ton of bandwidth. and today i went to turn it backup from 10mbps to 100mbps and once i did that the usage went from 10mbps consistent usage to 97mbps usage. Does anyone have any idea of anything that i can try?

Share this post


Link to post
Share on other sites

well you have to see the ip's of the people trying to dos you and its probably more than 1 address.  alot of people who do this stuff have a dos network setup just for this crap.

well i had this problem on monday and was put on a special firewall that will watch and block traffic like this and it blocked a bunch of IPS over 250 then i had the problem again on wednesday and again it blocked over 250 ip address so they just keep changing there ip address.

Share this post


Link to post
Share on other sites

Well it isnt a DoS attack..  If settings are being changed then your box has been compromised.  If it was compromised through a brute force attack then it should be in the logs, if they were not already removed or edited.

One thing you could try, if you have a static IP, would be to allow only that IP address the use of the ssh port though IP tables.

Share this post


Link to post
Share on other sites

Well it isnt a DoS attack..  If settings are being changed then your box has been compromised.  If it was compromised through a brute force attack then it should be in the logs, if they were not already removed or edited.

One thing you could try, if you have a static IP, would be to allow only that IP address the use of the ssh port though IP tables.

the box has not been compromised, ive had 5 different techs go in and look at it and nothing has been changed. And i do have a static ip and only allow my ip to connect to ssh, i also run a different port then 22

Share this post


Link to post
Share on other sites

What does netstat show on the box?  Is any process showing high bandwidth or CPU usage?  Any strange ports in use?  I agree with Swimmer that it would be good to go through your firewall logs.

netstat shows over 300 connections and they are consistantly getting blocked, but once they are blocked then new ip's connect. There are no strange ports in use its all http traffic.

I don't have to go through my firewall logs i get a email every morning  saying who connected or tried to connect to ssh ftp, sftp etc. etc. and and im the only one connecting. People are trying to connect but they can't

Share this post


Link to post
Share on other sites

netstat shows over 300 connections and they are consistantly getting blocked, but once they are blocked then new ip's connect. There are no strange ports in use its all http traffic.

I don't have to go through my firewall logs i get a email every morning  saying who connected or tried to connect to ssh ftp, sftp etc. etc. and and im the only one connecting. People are trying to connect but they can't

Would that be when I try to ping it, I can't?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...