Forum

> > News > Webserver Attack
Forums overviewNews overviewLog in to reply

English Webserver Attack

79 replies
Page
To the start Previous 1 2 3 4 Next To the start

old closed Webserver Attack

DC
Admin On Online

Quote
Looks like Counter-Strike 2D servers are not the only target of those slightly retarded kids. My webserver has been attacked today, leading to bad accessibility of all Unreal Software websites.
I blocked the attacking IP (50.72.86.162) now. I assume that it overloaded the webserver the entire day.

I want to note that this will be examined and it will draw legal consequences if I'm able to find out who is responsible for this.

Sorry to everyone who wasn't able to access the website because of this.
edited 1×, last 19.07.12 12:07:07 am

old Re: Webserver Attack

Apache uwu
User Off Offline

Quote
Was it really only 1 IP? Doesn't apache/httpd automatically give out 500s for overloading requests? Perhaps you should set that up properly.

old Re: Webserver Attack

DC
Admin On Online

Quote
@user Apache uwu: No I'm not sure if it was just one IP. I didn't examine the logfiles yet. I just know that there was a suspiciously high amount of TCP connections from the mentioned IP so I iptable banned it and the server worked well since that. Maybe a Syn-Flood or something else. I didn't examine it yet.

Before doing that I already tried a shitload of Apache configurations to solve the problem. Apache always reached the maximum number of connections within a few minutes, even if I set them to something like 3000 (a value which is never reached even closely... normally). I know how to setup a webserver properly, that's not the problem...

old Re: Webserver Attack

Apache uwu
User Off Offline

Quote
The reason I say that is because, during the attack, I tried to connect to unreal, and it did try to load the website.

If max connections have been initialized/declared then it should have sent me a 503--which I never got.

old Re: Webserver Attack

DC
Admin On Online

Quote
Your request has benn queued probably or the server wasn't able to send any response I guess.

old Re: Webserver Attack

oxytamine
User Off Offline

Quote
user DC, why wouldn't you limit opened TCP connections from one IP? I think no one probably needs more than 50 connections in the same time.
1
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 9 -j DROP
This one would work great against 80% of TCP attacks (change number to desired, of course, I stick with 9). Dropping when many IP addresses are performing DDoS attack on your server.
edited 2×, last 23.06.12 10:25:10 pm

old Re: Webserver Attack

Ahmad
User Off Offline

Quote
The attacker can hide/change his ip right?
Because this ip is Canadian.Canadian crasher doesn't make sense .

old Re: Webserver Attack

Yates
Reviewer Off Offline

Quote
user Ahmad has written
Because this ip is Canadian,it doesn't make sense .

Canada wants to be seen as nobody cares about them. Ignore.

US.de loaded for me, but very slowly. I was still able to do everything I normally could but slowpoke. It's weird how people want to ruin a community full of kids which probably don't even care as long as the game works.

Sad.

old Re: Webserver Attack

TheTrollHammer
BANNED Off Offline

Quote
This made me lol so bad.
Ahmad has written
Because this ip is Canadian,it doesn't make sense

So what if it's Canadian? It could have been an Arabian IP.

old Re: Webserver Attack

oxytamine
User Off Offline

Quote
SMB attacks could be easily blocked by this.
1
2
iptables -A INPUT -p UDP --dport 135:139 -j DROP
iptables -A INPUT -p TCP --dport 135:139 -j DROP
Since they all use same port. Also, let's limit connections to port 80, DDoS'ing this port is the most common attack since kids often use pre-compiled scripts/programs which flood port 80.
1
-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
That's what I'm talking about - it will reject all the connections from specific IP if limit is reached (in this case limit is 20, I set 40).

old Re: Webserver Attack

Apache uwu
User Off Offline

Quote
DC have you confirmed that the attacker had only 1 IP? These solutions are good but are only towards dos.

old Re: Webserver Attack

Yates
Reviewer Off Offline

Quote
user TheTrollHammer has written
So what if it's Canadian? It could have been an Arabian IP.

Or it could have been you posting gayporn everywhere.

Owait. Did I just? Yea.. I did, screw you.

user Apache uwu has written
These solutions are good but are only towards dos.

That's one thing fixed then. Would you protect something against all attacks yet must wait for an actual solution. Or would you protect it from one attack right away!? Seriously dude, your posts are getting more and more useless.

old Re: Webserver Attack

oxytamine
User Off Offline

Quote
user Yates has written
That's one thing fixed then. Would you protect something against all attacks yet must wait for an actual solution. Or would you protect it from one attack right away!? Seriously dude, your posts are getting more and more useless.

I once told him that he is talking non-sense, but he did not listen.

old Re: Webserver Attack

oxytamine
User Off Offline

Quote
user Jela331 has written
Fucking retarded kids, I hope they burn in hell.

I'll never seem to understand sense of attacking a simple forum. DDoS attacks could be useful when you're making business (I once DDoS'ed e-Quality to death for a couple of hours, I lol'd), but it's completely useless when it turns out that you do not profit from DDoS'ing.
edited 1×, last 23.06.12 10:59:30 pm

old Re: Webserver Attack

TheTrollHammer
BANNED Off Offline

Quote
user Yates has written
Or it could have been you posting gayporn everywhere.

Owait. Did I just? Yea.. I did, screw you.


Hmm.. you seem to have a wild imagination. Stupid much? You're screwing yourself.
To the start Previous 1 2 3 4 Next To the start
Log in to replyNews overviewForums overview