Denial Of Service attack detected!

Discussion in 'Server Operation' started by Nareau, Sep 2, 2008.

  1. Nareau

    Nareau New Member

    My mail server has been working perfectly until just recently. It could no longer send nor receive mails. I checked the mail log and it showed something like this.

    Sep 2 22:49:24 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Sep 2 22:49:24 tkl dovecot: IMAP(username): Disconnected: Logged out
    Sep 2 22:49:25 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Sep 2 22:49:25 tkl dovecot: IMAP(username): Disconnected: Logged out
    Sep 2 22:49:25 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Sep 2 22:49:26 tkl dovecot: IMAP(username): Disconnected: Logged out
    Sep 2 22:50:20 tkl postfix/smtpd[23284]: connect from localhost[127.0.0.1]
    Sep 2 22:50:20 tkl postfix/smtpd[23284]: 596EB3D221F: client=localhost[127.0.0.1]
    Sep 2 22:50:27 tkl postfix/cleanup[23268]: 596EB3D221F: hold: header Received: from www.example.com (localhost [127.0.0.1])??by mail.example.com (Postfix) with ESMTP id 596EB3D221F;??Tue, 2 Sep 2008 22:50:20 +1200 (GILT) from localhost[127.0.0.1]; from=<username@example.com> to=<testuser@domain1.com> proto=ESMTP helo=<www.example.com>
    Sep 2 22:50:27 tkl postfix/cleanup[23268]: 596EB3D221F: message-id=<55463.203.196.24.4.1220352627.squirrel@www.example.com>
    Sep 2 22:50:27 tkl postfix/smtpd[23284]: disconnect from localhost[127.0.0.1]
    Sep 2 22:50:27 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Sep 2 22:50:28 tkl dovecot: IMAP(username): Disconnected: Logged out
    Sep 2 22:50:28 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Sep 2 22:50:29 tkl dovecot: IMAP(username): Disconnected: Logged out
    Sep 2 22:53:53 tkl MailScanner[23035]: Commercial scanner clamav timed out!
    Sep 2 22:53:53 tkl MailScanner[23035]: clamav: Failed to complete, timed out
    Sep 2 22:53:53 tkl MailScanner[23035]: Virus Scanning: Denial Of Service attack detected!

    It seems like we have been attacked with a DoS. Can anyone please tell me how to get out of this? I urgently need this 'cos we have not received mails in a week now.

    Many thanks in advance.

    Nareau
     
  2. Nareau

    Nareau New Member

    My server is now working perfectly well after upgrading the server to a virtual users and domains mail server as described in the howtos. However everything had to be overwritten thus resulting in a loss of all previous mails on the server. So if anyone will ever find a much safer and simpler solution to this, please let me know.
     
  3. CleoKinoham

    CleoKinoham New Member

    For ddos protection and ddos protected hosting i can recommend gigabitdc.com.
     
  4. plago

    plago New Member

    I recommend DDOS PROTECTED HOSTING from Cybercobra.com, it is true ddos protected hosting and cheap prices, they'll transfer your site for free if your site is under ddos attack this moment!
     

Share This Page