gambino Posted November 28, 2011 Share Posted November 28, 2011 Yea, it's called a buffer overflow exploit. Most ftp severs have a long history of this. It's very easy to reproduce, but very hard to actually find/create it. yeah, but my server is constantly connected with cpanel.com for the latest updates and what not. When there's a small update, the server administrator updates the server and backs it up so nothing goes wrong. I've never had this kind of exploit before, and I plan to keep it like this for a while. Would be great if there's a DDOS detector on the server to block the port for a small period of time to kill the DDOS attack. I can't think clearly because of insomnia. I'm going to see if I can get some sleep since today is my day off. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted November 28, 2011 Share Posted November 28, 2011 yeah, but my server is constantly connected with cpanel.com for the latest updates and what not. When there's a small update, the server administrator updates the server and backs it up so nothing goes wrong. I've never had this kind of exploit before, and I plan to keep it like this for a while. Would be great if there's a DDOS detector on the server to block the port for a small period of time to kill the DDOS attack. I can't think clearly because of insomnia. I'm going to see if I can get some sleep since today is my day off. It's possible to write a script, although the default iptables is capable of this. You'd set it to only allow x request per seconds from a port, ip or subnet. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted November 28, 2011 Share Posted November 28, 2011 Useless as even if your server would not answer to the port the flood would still come and kill the network anyhow. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted November 28, 2011 Share Posted November 28, 2011 yeah, but my server is constantly connected with cpanel.com for the latest updates and what not. When there's a small update, the server administrator updates the server and backs it up so nothing goes wrong. I've never had this kind of exploit before, and I plan to keep it like this for a while. Would be great if there's a DDOS detector on the server to block the port for a small period of time to kill the DDOS attack. I can't think clearly because of insomnia. I'm going to see if I can get some sleep since today is my day off. You dont have DDOS detection/prevention on the server you do this before the server and have backup network solutions. DDOS comes in through one route into the datacenter they route traffic through a different node and your back in business. There aint many datacenters that can handle a large ddos and those that can will generally only re-route traffic if its affecting a lot of servers. If its just being targetted at a particular subnet then they will simply disconnect you from the network so your down but the rest of their network is not suffering. Quote Link to comment Share on other sites More sharing options...
Neon Posted November 28, 2011 Share Posted November 28, 2011 When there's a small update, the server administrator updates the server and backs it up so nothing goes wrong. I've never had this kind of exploit before, and I plan to keep it like this for a while. Um. okay. I set my cpanel on the CURRENT branch. If your using EDGE, I'd be scared. Half of those releases bork something instead of actually helping in my experiences. It's possible to write a script, although the default iptables is capable of this. You'd set it to only allow x request per seconds from a port, ip or subnet. Wouldn't help at all. Unless the ddos attack was from less than 50 bots/victims. Scripts or anything server sided will lock up eons before they get to run. The protection has to be at the swithboard or data-center, and its hella expensive. If its just being targetted at a particular subnet then they will simply disconn Yeah they'll null route all your requests. You can't have one site that probably pays 5/m for shared hosting take down a server holding thousands of clients. The expensive blocks I assume do mitigation with some fancy algorithms that notice how fast the requests come after a .1 sec delay, to help differentiate from true users and bots. Some probably are as easy as checking for a user-agent and what not. However, I am not sure how the insides exactly work for the hella expensive stuff. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.