[Hidden-tech] Linux Security Troubleshooting

[Robert Heller]

There is (at least) one 'legit' spider bot that has known problems: it over 
spiders some sites (seems to go after Joomla for no partitularly good reason). 
This can cause various problems both for the Joomla site itself and the 
webserver in general.

And yes, programs like fail2ban can be very useful in dealing with these 
issues.  And it is not always the case that there is an actual vulnerability. 
Sometimes the bots are just probing for the vulnerability and sometimes they 
will keep probing over and over again and sometimes excessively agressively. 
And this can become an effective DDoS.  And yes, the 'legit' spider bot can 
effectivly become a DDoS, probably not intentionally: "Never attribute to 
malice that which is adequately explained by stupidity."



At Thu, 26 Jun 2014 10:57:25 -0400 Charlie Heath <townwebsites at gmail.com> wrote:

> 
> MIME-Version: 1.0
> 
>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
> 
> 
> 
> 
> 
> Usually significant and ongoing attacks mean either that your server is
> high profile in some way, or that it has some vulnerability which bots
> detect and as long as the vulnerability is not addressed, you'll get added
> to more and more bot lists.   If it is the latter and assuming you've
> installed basic server hardening, it is likely that the prevention solution
> is to secure the website in order to discourage the bots interest in your
> website.  That might take a few months but just getting some IP blocking
> capabilities both on your server (linux) and your website administration
> (Joomla, if like your incommn website, or whatever other platform this
> website uses) should be enough to satisfy Rackspace and improve your
> website's performance until the bots lose interest, unless it is a high
> profile site that will require more serious resources to resolve.
> 
> If you're still in need after the 4th, and it is a Joomla or Drupal site, I
> can take a look-
> 
> Charlie Heath
> Town Websites
> 
> 
> On Wed, Jun 25, 2014 at 3:18 PM, Daniel Lieberman <daniell at incommn.com>
> wrote:
> 
> >    ** Be sure to fill out the survey/skills inventory in the member's area.
> >    ** If you did, we all thank you.
> >
> >
> >
> > We’re having a problem with excessive memory use on a cloud server at
> > Rackspace which hosts a website of ours. The tech support people at
> > Rackspace suggest that there’s some kind of attack going on, and we need
> > someone to help us identify and cure the problem(s).
> >
> > Anyone with Linux expertise out there interested in taking this on?
> >
> > Sincerely yours,
> >
> > Daniel Lieberman
> > InCommN, LLC
> > 413 489 1818
> > http://incommn.com
> >
> > _______________________________________________
> > Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> > Hidden-discuss at lists.hidden-tech.net
> >
> > You are receiving this because you are on the Hidden-Tech Discussion list.
> > If you would like to change your list preferences, Go to the Members
> > page on the Hidden Tech Web site.
> > http://www.hidden-tech.net/members
> >
> MIME-Version: 1.0
> 
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
> 
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members   
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
> 
>                 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments