Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 20th August 2012, 11:57
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default Urgent. Server used for SYN flood attack

Hi

I have a server with Ubuntu 10.04 LTS and ISPConfig 3.
Use it for some Joomla sites, and som other self composed sites.

The server now seems to be used to run SYN flood attack to some destinations.
So I think one of the websites have a security issue, and a script is run.
When I shut down apache, the activity stops.

But I have a hard time tracking down witch website it is, and where the script is. When I know this, the security issue must be dealt with.
I do not want my server being used to cause trouble for others.

I need some quick help here, how do I find witch file the SYN flood originates?
Any way to use lsof, netstat or something?
netstat shows me the connections, but not where they where initialized from.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Local mail server - final touch Alexhor Installation/Configuration 4 12th April 2012 22:33
amavis & ispconfig 3 yalex2000 Installation/Configuration 20 18th February 2010 17:02
I don't recieve mail. privir Installation/Configuration 2 3rd June 2009 22:08
Problems with Postfix Mysql Courier PatrickAdrichem Installation/Configuration 3 13th April 2007 15:44
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 08:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.