Hi, all friends: I need your helps. My site is attacked. It cant be opened now. How to avoid the attack and how to catch up a bad man who does a bad job? Thank you so much for your helps.
It depends on the attack. It could be initiated by an infected computer of some innocent web surfer. Make sure you use the latest version of whatever web software you have installed on your server. Hackers are constantly searching for web sites with compromised security. Don't give them the second chance to break into your server.
You mean a DDoS attack? Well.. you can't really avoid them but you can contact your host to redirect the attack.
Well, pretty much, don't piss anyone off is your best bet. And use best practices for firewall policies. Disable unneeded services, lock down options that you don't need.
Check your sites folder and file permission settings. Generally folders should not be set above 755 or files above 644. There are some software exceptions. Check with the developers for the correct settings. Google chmod settings for more information.
Also, if you ever send out your FTP info (especially overseas), make sure you change it the second the work is done. 3 times I've hired a programmer overseas, and 3 times my FTP became compromised shortly after
Like a lot of people said, it depends on the attack. Some attacks you can' t avoid. If someone is trying to gain access to your server, thats a lot easier of an attack to prevent than when someone is trying to render your server useless like in a DDOS or Syn attack. If you need any assistance please let me know as i am an administrator for hire.
What sort of attacks are you talking about exactly? Be more definitive. Additionally, I would resort to web logs. Check the behavior of your activity. Understand how your users interact. PM me if you have any problems.
If the damage is not too bad and u have a backup copy, why not just start over again. Sometimes it is cheaper that way. This time round, harden your scripts though (or get someone who knows).
ddos attacks require spacial care. You have to have a mitigation system deployed long before the attack occurs in order to stand a chance of preventing it. the other thing is that the companies offering such services charge a lot of money for protection. other companies offer cheap services but when they get hit by a massive attacks they just collapse and you most probably do not want to be in the position where you pay them to do nothing. appliances are quite effective at stopping and blocking malicious traffic. However, intruders always find new ways to bypass them. Software solutions. It's a must have thing. But then again, they don't stand a chance if used on their own. If your site has huge daily earning I would suggest you to look for a company offering anti-ddos services. If the case is you do not make a lot of money then I'd suggest you to ask for assistance from your ISP.
If it is a DDoS attack, then you can't really do much on your end, however you can do few tricks to make your server much more stable: 1. I use the following sysctl.conf on my BSD machine: security.bsd.see_other_uids=0 net.inet.tcp.msl=15000 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.icmp.icmplim=50 kern.ipc.somaxconn=32768 net.inet.tcp.maxtcptw=40960 net.inet.tcp.nolocaltimewait=1 net.inet.ip.portrange.first=1024 net.inet.ip.portrange.last=65535 net.inet.ip.portrange.randomized=0 net.inet.tcp.finwait2_timeout=30000 net.inet.tcp.fast_finwait2_recycle=1 net.inet.ip.fw.dyn_buckets=4096 net.inet.ip.forwarding=0 net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=0 net.inet.ip.intr_queue_maxlen=512 net.inet.ip.random_id=1 net.inet.tcp.drop_synfin=1 net.inet.ip.redirect=0 net.inet.tcp.syncookies=1 net.inet.ip.fastforwarding=1 net.inet.tcp.delayed_ack=0 net.inet.udp.maxdgram=57344 kern.ipc.maxsockbuf=2097152 net.inet.ip.rtexpire=2 net.inet.ip.rtminexpire=2 net.inet.ip.rtmaxcache=256 net.inet.icmp.maskrepl=0 net.icmp.bmcastecho=0 net.inet.tcp.icmp_may_rst=0 #net.inet.ip.fw.one_pass=0 kern.ipc.nmbclusters=32768 kern.maxfiles=65536 #net.inet.ip.stealth=0 net.inet.ip.accept_sourceroute=0 net.inet.ip.sourceroute=0 Code (markup): Explanation of each can be found trough google. Tweaking your network adapter makes amazing things 2. Tweak apache - install mod_dosevasive, reduce the "Timeout" and "KeepAliveTimeout". 3. Tweak your mysql. 4. Make sure that the maximum apache processes + the maximum mysql load do not exceed your maximum amount of ram (too much). If it do and your server starts swaping - then it will be down very soon.. 5. Configure your firewall smart. If you allow untrusted users on your server - disable their outbound access and grant it by request. My server is hosting a lot of sites, so it's almost permanently under DoS attack. They do nothing serious with proper firewalling and configuration... And the most imporant - the more large your project is - the more powerful your server must be... Many people underestimate that