Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
Many have businesses in both adult and mainstream. Come here to discuss your mainstream business, find new traffic opportunities, new programs to promote, and more! Whether you are in the FOREX, dating, gambling, gaming, herbal products, blogging, or any other mainstream business this forum will take your business to the next level! |
|
Thread Tools |
09-10-2020, 07:08 PM | #1 |
Confirmed User
Industry Role:
Join Date: Oct 2014
Posts: 9,870
|
Server security. ALERT
I run 6 virtual servers + 1 I use for a 'honey pot' in testing/recording security for use in the others. They are not in the same racks or cities or cloud company's. But all have increased hack attempts.
Lately the amount of hack traffic is very high. Now, my security is tight and systems have been configured non-standard for many years. I would suggest most of you do that, but, since I look at my log files often, twice a day, I see the type of attempts that are being perpetrated which sometimes takes a while to figure out the intent. And I may not always have that correct, and because I find methods to stop the attempts, I will never really know. So, I don't mind not knowing for sure. But to give you a idea of how heavy this attempted hack traffic is... My log files exploded on one server and ran out of disk space (using up just under 300MB free space in 2 days/36 hours) It is deliberate for me to keep a small amount of space on my servers as there is not growing input except for logs. But that was not that small. You might also note that I have 1/3 of all WW IP's permanently blocked. Many of you may not be able to do that I understand as it might cut your customer base. But this coming despite my large blocks. The hacks seem to have a unlimited supply of 'compromised IP's' from hosting company's (hope you are not one of them) so, I am not seeing the same ip in the same day. Normally that would stop things like LFD from even issuing a temporary block automatically. These are large scale coordinated attacks. One hacker working through hundreds of compromised systems to multiple targets, all day and night via a scripted hack. The main targets seem to be sql db injections and wordpress hacks. But I would guess any open port if you have them. So, I present you with the idea that any of you managing your own servers need to spend a little more time in your logs and more often. If you can chart your cpu/net/disk activity, it can lead you to unusual events if you look for them. But these are slower and very persistent. About 3-6 per hack type per minute. About 20 per min overall. They seem to try not to alert admin by soaking up cpu cycles. So, it's a gradual increase that I suppose will increase even more if no action is taken. Just a heads up for those who mange their own. If you have managed hosting, let's hope your operators are on top of things. |