[Hidden-tech] Linux Security Troubleshooting

Tad Puckett tadpuck at gmail.com
Fri Jun 27 12:12:34 EDT 2014
Previous message: [Hidden-tech] Linux Security Troubleshooting
Next message: [Hidden-tech] Linux Security Troubleshooting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just to clarify exactly what is going on with the mem usage. The server is
allocated for 2GB of physical mem and 4GB swap (virtual mem for Windows
users). The other hosts are all on the same RAID of HDDs. The server is
spiking on mem usage and then tapping into the swap. The I/O usage of
accessing that swap mem is obviously affecting the other servers being
hosted on the RAID. They have no direct access to the server, so they are
under the assumption that there is something malicious running on the
server. I hope that helps somewhat.


On Thu, Jun 26, 2014 at 2:54 PM, Robert Heller <heller at deepsoft.com> wrote:

>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
>
>
>
> There is (at least) one 'legit' spider bot that has known problems: it over
> spiders some sites (seems to go after Joomla for no partitularly good
> reason).
> This can cause various problems both for the Joomla site itself and the
> webserver in general.
>
> And yes, programs like fail2ban can be very useful in dealing with these
> issues.  And it is not always the case that there is an actual
> vulnerability.
> Sometimes the bots are just probing for the vulnerability and sometimes
> they
> will keep probing over and over again and sometimes excessively
> agressively.
> And this can become an effective DDoS.  And yes, the 'legit' spider bot can
> effectivly become a DDoS, probably not intentionally: "Never attribute to
> malice that which is adequately explained by stupidity."
>
>
>
> At Thu, 26 Jun 2014 10:57:25 -0400 Charlie Heath <townwebsites at gmail.com>
> wrote:
>
> >
> > MIME-Version: 1.0
> >
> >    ** Be sure to fill out the survey/skills inventory in the member's
> area.
> >    ** If you did, we all thank you.
> >
> >
> >
> >
> >
> > Usually significant and ongoing attacks mean either that your server is
> > high profile in some way, or that it has some vulnerability which bots
> > detect and as long as the vulnerability is not addressed, you'll get
> added
> > to more and more bot lists.   If it is the latter and assuming you've
> > installed basic server hardening, it is likely that the prevention
> solution
> > is to secure the website in order to discourage the bots interest in your
> > website.  That might take a few months but just getting some IP blocking
> > capabilities both on your server (linux) and your website administration
> > (Joomla, if like your incommn website, or whatever other platform this
> > website uses) should be enough to satisfy Rackspace and improve your
> > website's performance until the bots lose interest, unless it is a high
> > profile site that will require more serious resources to resolve.
> >
> > If you're still in need after the 4th, and it is a Joomla or Drupal
> site, I
> > can take a look-
> >
> > Charlie Heath
> > Town Websites
> >
> >
> > On Wed, Jun 25, 2014 at 3:18 PM, Daniel Lieberman <daniell at incommn.com>
> > wrote:
> >
> > >    ** Be sure to fill out the survey/skills inventory in the member's
> area.
> > >    ** If you did, we all thank you.
> > >
> > >
> > >
> > > We’re having a problem with excessive memory use on a cloud server at
> > > Rackspace which hosts a website of ours. The tech support people at
> > > Rackspace suggest that there’s some kind of attack going on, and we
> need
> > > someone to help us identify and cure the problem(s).
> > >
> > > Anyone with Linux expertise out there interested in taking this on?
> > >
> > > Sincerely yours,
> > >
> > > Daniel Lieberman
> > > InCommN, LLC
> > > 413 489 1818
> > > http://incommn.com
> > >
> > > _______________________________________________
> > > Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> > > Hidden-discuss at lists.hidden-tech.net
> > >
> > > You are receiving this because you are on the Hidden-Tech Discussion
> list.
> > > If you would like to change your list preferences, Go to the Members
> > > page on the Hidden Tech Web site.
> > > http://www.hidden-tech.net/members
> > >
> > MIME-Version: 1.0
> >
> > _______________________________________________
> > Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> > Hidden-discuss at lists.hidden-tech.net
> >
> > You are receiving this because you are on the Hidden-Tech Discussion
> list.
> > If you would like to change your list preferences, Go to the Members
> > page on the Hidden Tech Web site.
> > http://www.hidden-tech.net/members
> >
> >
>
> --
> Robert Heller             -- 978-544-6933 / heller at deepsoft.com
> Deepwoods Software        -- http://www.deepsoft.com/
> ()  ascii ribbon campaign -- against html e-mail
> /\  www.asciiribbon.org   -- against proprietary attachments
>
>
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20140627/0c68bfab/attachment.html
Previous message: [Hidden-tech] Linux Security Troubleshooting
Next message: [Hidden-tech] Linux Security Troubleshooting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Hidden-discuss mailing list