Where do the Chinese, Russian and etc. random attackers find their targets?

I recently started running a personal site on a dedicated server that i’ve had for some time, but have never actually used. I have never checked it’s logs, but now when i do, auth.log is full with random ssh connection attempts from Chinese, Russian, Ukrainian, Azerbeijanian and etc. IPs. I got curious and checked the … Read more

ModSecurity error on wordpress wp-login rules [closed]

Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it’s on-topic for Server Fault. Closed 5 years ago. Improve this question I have made i ModSecurity rule for apache to protect wordpress, but it have some error, so please suggest me some modification to … Read more

Multiple attacks – what can I do

I experience multiple attacks on my server recently (for past several days). Types of these attacks are e.g.: Several SQL Injection methods (select/union/where/null, etc.) Brute force attacks (e.g. for root access via SSH, multiple authentication failures to different services) Scanning for commonly known vulnerable files etc. Scanning for not removed install.php install/ files/folders, etc. SSH … Read more

Automicly report brute forcing ip’s [closed]

Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it’s on-topic for Server Fault. Closed 7 years ago. Improve this question Hosting is awesome. But hackers and bots trying to break into your server are not. I actually hate them. So, today i launched … Read more

Brute force ssh login attacks has slowed down my servers

Brute force ssh login attacks has slowed down my servers. I have already blocked ssh of foreign ips except mine internal network (iptables -A INPUT -p tcp –dport 22 -j DROP) but load has gone upto 20. what should i do. Answer You have not demonstrated that an attack on sshd is causing the problem. … Read more

How can I defend against malicious GET requests? [duplicate]

This question already has answers here: Methods to ban bots, force attacks on my server (2 answers) Closed 6 years ago. My server is getting hit with a variety if requests like the following: Started GET “/key/values” ActionController::RoutingError (No route matches [GET] “/key/values”) Started GET “/loaded” ActionController::RoutingError (No route matches [GET] “/loaded”) Started GET “/top/left” … Read more

Automatically block IPs which are making large number of requests to server in given time period

I have deployed WP project on a CentOS based Linux server. I am experiencing unusual traffic (crawling) from random IP addresses hence causing very high server load (as high as average load 200). Is there any possibility to automatically detect such requests at server and temporarily block that IP ? I mean if server founds … Read more

How to null route a dns zone [closed]

Closed. This question needs details or clarity. It is not currently accepting answers. Want to improve this question? Add details and clarify the problem by editing this post. Closed 7 years ago. Improve this question I have a domain that was attacked and flooding the server apache system. The only way to detour the attack … Read more

uninstall / deactivate ssh client only on linux server [closed]

Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it’s on-topic for Server Fault. Closed 1 year ago. Improve this question How can I uninstall or completely deactivate ssh client only. I still need server to log in. I just wonna pretend ssh brute … Read more