Questions tagged [attacks]
The attacks tag has no usage guidance.
102
questions
0
votes
1
answer
98
views
Apache HTTP server under DDoS attack [closed]
One of the servers has been under attack for four weeks. First the attack was weak, but now it is aggressive after I started fighting him.
It consumes CPU resources to keep starting the Apache server ...
0
votes
0
answers
35
views
Server trying to connect to Spamhaus DROP networks
I have a small Ubuntu mail/web server running an outbound proxy server and also recently using the Spamhaus DROP lists to block connections from and to the networks listed in those.
I see almost as ...
4
votes
2
answers
267
views
Abuse report attack on AWS SES
An application that runs on AWS uses SES to send verification emails to new customers. An attacker signs up to the website and reports the verification email as abuse.
I'm wondering what options are ...
0
votes
1
answer
125
views
Securing a secret key on a linux server to be consumed by a software running on the server
I'm not an expert in server security and I have a question regarding a situation where server is being compromised. I have a nodejs app which is a bot that only have https connection to read from some ...
0
votes
1
answer
150
views
VM crash - can it be related to SSL errors?
I am not much into server configuration, and I need some help with a problem I am facing.
I have an Debian 11 machine with nginx 1.18.0.
It frequently crashes around 2:00 - 3:00 am.
By inspecting ...
0
votes
0
answers
33
views
avoid leaking info whether the user is denied access or typed the incorrect password
I am currently tinkering with the sshd_config and /etc/security/access.d for a large system with 10k+ users. There are so many different ways of restricting user access and it makes my head spin a bit ...
0
votes
0
answers
34
views
Detect website attack by using azure sentinel serviceazure
I have a website which builds on AKS. I'm getting DDoS and other kind of attacks in website. In order to take prevention against such attacks, I'm planning to use the tool Azure Sentinel service.
...
0
votes
0
answers
59
views
Data reconciliation for applications
I need to create a plan for a catastrophic data loss scenario where I need to recover some services (multiple apps each) from bare metal using data backups.
The process (i believe) requires the ...
0
votes
1
answer
281
views
Block IPs without receiving traffic
I'm hosting on OVH Game dedicated server, the bandwitdth of this server is 1gbp/s, I'm receinving attack from other OVH Servers and they are saturating the bandwidth with 1gbp/s.
OVH doesn't filter ...
0
votes
1
answer
133
views
Monitor outgoing specific traffic
I have kinda of an idea but I want to consult. I was following this guide for finding out which php processes spawn outgoing brute force attacks. I found the culprits everything is working fine.
Now, ...
0
votes
1
answer
183
views
Can a bots scanning my server change its source ip? Why do I keep getting attacks even after blocking the IP?
I have a PBX (VOIP server) where phones connect in order to make phone calls. The pbx I am using is Asterisk. That server is not being used and it's only purpose is to analyze attacks.
The PBX service ...
2
votes
1
answer
45
views
How HTTP POSTing to a CSS resource could be useful to an http attacker?
After a surge in network activity, checking the logs of Apache that's serving a casual minimal WordPress site, through a Cloudflare proxy, I see the following entry repeated hundreds of times:
172.71....
0
votes
1
answer
398
views
Stopping UDP Attack
I am now getting support emails from OVH that there is unusual activity on my server.
This is a simple server that I have RDP connections for students to access QuickBooks, Excel, and Word, and there ...
1
vote
0
answers
452
views
Is someone trying to hack into our system?
I have a CentOS 6 server that has misbehaved over the last couple of weeks. I have tried to trace network, adjust settings, and asked a lot of clever people about it (see more in this question: ...
1
vote
1
answer
4k
views
Nginx log shows ssl handshake errors
I have seen my nginx error log is full of messages like this:
(*date*) [info] 69487#0: *1064573 peer closed connection in SSL handshake while SSL handshaking, client: 95.64.*.*, server: 0.0.0.0:443
(*...