-
Some bugger is using a botnet to try and attack our little farm.
37 IP addresses have been blocked in the last 24 hours as a result of port scans, Denial of Service attacks.
Weird stuff.
Blocking the port scans is easy stuff, but the denial of service attacks might slow down the forum today. So if you're seeing the forum become slow it's because of this.
If anyone knows how to make an adjustment to nginx to have it discard malformed requests I'd be interested in hearing more. Effectively I'm looking for mod_security type functionality for nginx.
-
Speak to Alien, hes a security guy
forum seems fine to me, lets hope they got bored and moved on, cant your host do anything for you?
just been having a look on the cisco forum and they have this to offer:
- *Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection.*
This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet.
The effect of Unicast RPF is that it stops SMURF attacks (and other attacks that depend on source IP address spoofing) at the ISP's POP (lease and dial-up). This protects your network and customers, as well as the rest of the Internet. To use unicast RPF, enable "CEF switching" or "CEF distributed switching" in the router. There is no need to configure the input interface for CEF switching. As long as CEF is running on the router, individual interfaces can be configured with other switching modes. RPF is an input side function that enabled on an interface or sub-interface and operates on packets received by the router.
It is very important for CEF to be turned on in the router. RPF will not work without CEF. Unicast RPF is not supported in any 11.2 or 11.3 images. Unicast RPF is included in 12.0 on platforms that support CEF, including the AS5800. Hence, unicast RFP can be configured on the PSTN/ISDN dial-up interfaces on the AS5800.
- *Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection.*
-
Couldn't access the forum with my old bookmark and the site doesn't load (for me) when going through Google. Does that happen for anyone else?
Had to use https://lfgss.com to get here...Bookmark amended.
-
we're.... under attack...? Our ...farm?
Velocio.. are you playing this: http://www.tribalwars.net/
-
Get a dog. my uncle protected his farm with one and had no problems
-
we're.... under attack...? Our ...farm?
Velocio.. are you playing this: http://www.tribalwars.net/
Every server on the internet is open to being attacked, IP addresses and domain names are scanned each day and 0-day vulnerabilities are scanned for all the time.
If a vulnerability is found, they exploit it to grab control of the server.
Usually it's just for spam, or to grab machines to expand a botnet, etc.
Anyhow, farm... this is just what people call many (usually cheap) servers that work together to share a larger piece of work... in our case we have a bunch of machines that make web pages for this site.
And nope, I don't do games except for rummikub.
-
I suspect Addison Lee is behind it.
-
Every server on the internet is open to being attacked, IP addresses and domain names are scanned each day and 0-day vulnerabilities are scanned for all the time.
If a vulnerability is found, they exploit it to grab control of the server.
Usually it's just for spam, or to grab machines to expand a botnet, etc.
Anyhow, farm... this is just what people call many (usually cheap) servers that work together to share a larger piece of work... in our case we have a bunch of machines that make web pages for this site.
And nope, I don't do games except for rummikub.
Very interesting. You're missing a trick by not playing Tribal wars though.
If there's anything we can do...?
-
Just done another software update to get rid of a security vulnerability discovered yesterday. I was going to ignore it for a few days but someone actually tried to exploit it so I had to upgrade.
Anyhow, if anything that was working yesterday isn't working today, it would be good if you could let me know.
On an aside, I was just checking the server stats too as it happens to be the end of the month. During January we transferred over 400GB of data. That's a phenomenal amount. When you think that each page is only 9KB compressed, and images have long cache times, it's just astounding. Google Analytics suggests it's something around 5.5 million web pages a month, just shy of 180,000 pages a day.
-
Test
-
I keep getting server problems :-(
*"*The following errors occurred with your submission
- The server seems to be really busy at the moment, I can only apologise and as soon as you let me know this is happening I'll do something about it.
*Alternatively you can let me know at *david@londonfgss.com
As for what to do, perhaps a cup of tea would help pass the time until it's all working again."
- The server seems to be really busy at the moment, I can only apologise and as soon as you let me know this is happening I'll do something about it.
-
maybe go and get a cup of tea then?
or do some work.
Just sayin' like.
hippy
hael
pifko
kisu_shimo
Greasy_Slag
D._Generate
deleted
Pistanator
Sainsburys_Ed-
Post a reply
About
Server move
Posted by
@Velocio
**Geek. **
A good Geek; our Geek but a Geek nonetheless.
Thank you for all you have done and Maerry Christmas.