Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
To disable IPv6, we must prevent the loading of the module by adding the following two lines to /etc/modprobe.conf (& reboot system):
alias net-pf-10 off
alias ipv6 off
I'd also check your webpages; if you are getting that much traffic, they've prob been hacked to supply other info... Turn off Apache first, then figure out the problem.
Edit: This on today's slashdot.org: help from google for webmasters who (may) have been compromised:
"In an effort to promote the 'general health of the Web,' Google will send Webmasters snippets of malicious code (http://googleonlinesecurity.blogspot...e-malware.html) in the hopes of getting infected Web sites cleaned up faster. The new information will appear as part of Google's Webmaster Tools, a suite of tools that provide data about a Web site, such as site visits. 'We understand the frustration of Webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged,' wrote Lucas Ballard on Google's online security blog. To Webmasters who are registered with Google, the company will send them an email notifying them of suspicious content along with a list of the affected pages. They'll also be able to see part of the malicious code." Another of the new Webmaster Tools is Fetch as Googlebot ( http://searchengineland.com/see-what...our-site-27623) , which shows you a page as Google's crawler sees it. This should allow Webmasters to see malicious code that bad guys have hidden on their sites via "cloaking," among other benefits.
You should prob look into those.
Last edited by chrism01; 10-15-2009 at 01:42 AM.
Reason: Added info about google tools
SYN is the first TCP pkt sent when trying to connect to a system. Unless you've got some serious info eg, winning lottery nums for next week, why would you suddenly get massive floods like that. There's also a TCP SYN Flood DOS (Denial Of Service) attack: http://en.wikipedia.org/wiki/SYN_flood.
Note I only said 'If it's some kind of break-in attempt', 'if' being the key word there.
From your own logs, the kernel says it suspects the SYN Flood attack; that's why it says its 'sending cookies' as mentioned/recommended in the Wiki article.