Server is under http flood attack from 65.41.92.26 , I'll try to see if I can get it blocked....

Ok it's now blocked, had to install a better firewall...

damn your fast :P

What kind of nerd would be attacking a nice forum like this.

What kind of nerd would be attacking a nice forum like this.

probably one from a N!K@N forum! :lol:

Took some time because I thought first mysql was stuck as there were 50 mysql processes running all the time - I rebooted the server and then found out with nice unix command I found

netstat -anpe | grep ':80' | sort | more

Which listed endlessly


tcp 0 0 207.44.132.74:80 24.6.181.61:3405 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 24.6.181.61:3407 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24144 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24145 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24146 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24147 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24148 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24149 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24151 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24152 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24153 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24154 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24155 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24156 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24157 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24158 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24159 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24160 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24161 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24162 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24163 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24164 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24165 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24166 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24167 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24168 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24169 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24170 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24171 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24172 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24173 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24174 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24175 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24176 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24177 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24178 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24179 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24180 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24181 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24182 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24183 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24184 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24185 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24186 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24187 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24188 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24189 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24190 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24191 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24192 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24193 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24194 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24195 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24196 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24197 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24198 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24199 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24200 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24201 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24202 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24203 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24204 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24205 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24206 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24207 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24208 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24209 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24210 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24211 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24212 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24213 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24214 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24215 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24216 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24217 TIME_WAIT 0 0 -
tcp 0 0 207.44.132.74:80 65.41.92.26:24218 TIME_WAIT 0 0 -
--More--

that showed http port 80 was flooded by some program-driven DOS attack so mysql was actually not stuck but Apache ate the CPU in order to push out the pages. I had one older firewall installed and adding IP block was not easy so I installed much better one which had this feature.

I really wonder who would want to attack this site - perhaps someone got tough photo critique? :)

Script kiddies looking for insecure phpBB forums. Maybe the same person that spammed the forum a while ago.

It wasn't me!

I did tracert the errant 65.41.92.26 and pinged him/her a few times. Tried a whois - sounds like a dynamic address but I'm not too keen on these kinds of things.

I really wonder who would want to attack this site - perhaps someone got tough photo critique? :)
:lol:

What kind of nerd would be attacking a nice forum like this.

probably one from a N!K@N forum! :lol:
Haha :lol:

Stoopid hackers.... :mad:

Interesting, I have that ip address banned from my forum - i dont know if you remember a pm i sent you pekka with "fix" in it. :wink:


OrgName: Sprint DSL Network
OrgID: SDSL
Address: 500 N New York Ave
City: Winter Park
StateProv: FL
PostalCode: 32789
Country: US

NetRange: 65.40.0.0 - 65.41.255.255
CIDR: 65.40.0.0/15
NetName: SPRINTDSL02
NetHandle: NET-65-40-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.UTELFLA.COM
NameServer: DNS2.UTELFLA.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-04-08
Updated: 2002-12-27

TechHandle: IA98-ARIN
TechName: IP Administrator
TechPhone: +1-407-741-0500
TechEmail: support@sprint-hsd.net

OrgTechHandle: SAN6-ORG-ARIN
OrgTechName: IP Administrator
OrgTechPhone: +1-407-741-0500
OrgTechEmail: ipsupport@sprintnetops.net

# ARIN WHOIS database, last updated 2004-07-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

They always say that they aren't trying to hurt anyone, just trying to show you where your weaknesses are. . . You know, a public service.

Catch 'em, skin 'em and hang 'em up as an example.

I really wonder who would want to attack this site - perhaps someone got tough photo critique? :)

It was probably somebody who was not satisfied with the answer he heard on a 10D backfocus issue.

---Bob Gross---

:lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol:

so I installed much better one which had this feature.I was curious which (better) firewall you had installed (or at least hint least revealing it may compromise security). Thanks. :)

They always say that they aren't trying to hurt anyone, just trying to show you where your weaknesses are. . . You know, a public service.

Catch 'em, skin 'em and hang 'em up as an example.



Ohhhhh yes!
We think the same :D
Just wait and see what happens if i ever run someone that sends me something as simple as spam :twisted: :twisted: :twisted:
...let alone the viruses