Secure a server used for a SYN attack
Hi everybody,
My server has been used against my will for a SYN flood attack. Code:
Attack detail : 20Kpps/6Mbps My server runs Debian, Apache, PHP and MySQL. Unfortunately, I don't know how the request have been sent. Can I forbid my server to send external request, knowing that none of my website needs to do such a thing? Thank you in advance for reading and maybe for answering! |
Compromised server stays offline. Investigate why it happened so you can secure your server better in the future.
|
Since this server is compromised you cannot trust anything on including the Data. Hopefully you have full backups and can wipe and reinstall. But before placing it on the Internet again you have to really know and understand how the system got compromised to begin with.
|
Agreed with Lazydog, you cannot trust the data. So really find out from which hosting account the attack is going on. It could be one of the account or all of them. So better to scan the accounts for malware. check the recent files changes, review all server logs. One by one if you find the account is clean, move it to new server.
|
All times are GMT -5. The time now is 04:30 AM. |