Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Has Superhub a WPS button that can blink red&blue?

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Virgin Media Services > Virgin Media Internet Service

dos attack on my server
Reply
 
Thread Tools
Old 17-01-2013, 14:14   #1
TheWoodster
Inactive
 
Join Date: Aug 2009
Location: Sheffield
Services: Tivo x 2 60mb Virgin 1 x bel
Posts: 58
TheWoodster is an unknown quantity at this point
dos attack on my server

Hello guys (not forgetting girls)

I need some expert advice and having used cable forum for a while I know there are some knowledgable people on here.

I have a superhub, 50 meg broadband, I run a personal web server running windows server 2008, iis6, wordpress sites.

I have comodo firewall installed, recently it is blocking attack attempts on the server, however the level of attacks have increased so much that in one hour it had registered 3000 attempts, the number is like a ticking clock in the count upwards.

I appreciate that the attacks are being blocked however, the level of traffic thats coming in is now impacting on the functionality of the server.

My thinking is, 1. its an attack via my ip address or 2. via one of the several domain names i have setup.

I considered changing the ip address, but ive learnt that this isnt achieved very easily with the superhub on its own.
One option is to put the hub i modem mode with a router attached.
The problem there is, i dont want to go out and pay x amount for a router on the chance that it might not be an attack via the ip address.

Can anyone think of a solution i may have missed or am i stuck with this problem.

thanks in advance

---------- Post added at 13:14 ---------- Previous post was at 13:12 ----------

btw the port they are now attacking is 53 - dns. hence the affect on the websites.
TheWoodster is offline   Reply With Quote
Advertisement
Old 17-01-2013, 15:03   #2
qasdfdsaq
cf.mega poster
 
Join Date: Aug 2004
Posts: 11,207
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
Re: dos attack on my server

Why would an attack on port 53 affect websites? You shouldn't be using or needing port 53 anywhere near your network.
qasdfdsaq is offline   Reply With Quote
Old 17-01-2013, 15:09   #3
TheWoodster
Inactive
 
Join Date: Aug 2009
Location: Sheffield
Services: Tivo x 2 60mb Virgin 1 x bel
Posts: 58
TheWoodster is an unknown quantity at this point
Re: dos attack on my server

53 is for dns.
TheWoodster is offline   Reply With Quote
Old 17-01-2013, 15:24   #4
ferretuk
Inactive
 
Join Date: Dec 2006
Services: Plusnet Unlimited FTTC
Posts: 501
ferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpack
Re: dos attack on my server

Are you running your own DNS server for your domains then? If so, why? If not then why is the attempt access to port 53 on your IP address causing problems for your webserver?

If you haven't set a port forward rule for port 53 then the SH won't do anything with the packet.

There's nothing you can do about external hosts attempting to contact a particular port at your address...
ferretuk is offline   Reply With Quote
Old 17-01-2013, 15:26   #5
TheWoodster
Inactive
 
Join Date: Aug 2009
Location: Sheffield
Services: Tivo x 2 60mb Virgin 1 x bel
Posts: 58
TheWoodster is an unknown quantity at this point
Re: dos attack on my server

im not running a dns server, i was informed that i would need to open port 53 for dns in order for the domain names to resolve to this server. is this not the case?
port forwarding was set up for this particular port. i will take it out of the firewall exceptions and see what impact that has.

the affect on the server was such that the attacks/request were so frequent that all traffic was affected.
TheWoodster is offline   Reply With Quote
Old 17-01-2013, 15:29   #6
qasdfdsaq
cf.mega poster
 
Join Date: Aug 2004
Posts: 11,207
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
Re: dos attack on my server

Quote:
Originally Posted by TheWoodster View Post
53 is for dns.
Webserver does not use DNS

Quote:
Originally Posted by ferretuk View Post
Are you running your own DNS server for your domains then? If so, why? If not then why is the attempt access to port 53 on your IP address causing problems for your webserver?
What he said

---------- Post added at 14:29 ---------- Previous post was at 14:28 ----------

Quote:
Originally Posted by TheWoodster View Post
im not running a dns server, i was informed that i would need to open port 53 for dns in order for the domain names to resolve to this server. is this not the case?
No.

You pay someone else to do that, with much faster servers that are heavily defended against DOS attacks.
qasdfdsaq is offline   Reply With Quote
Old 17-01-2013, 15:35   #7
TheWoodster
Inactive
 
Join Date: Aug 2009
Location: Sheffield
Services: Tivo x 2 60mb Virgin 1 x bel
Posts: 58
TheWoodster is an unknown quantity at this point
Re: dos attack on my server

ah i see what you mean.

well ive removed port 53 from the firewall exceptions, so far seems to be working ok and no attacks registered.
im still fairly new to servers, mainly a hobby im learning, so unfortunately I do have gaps in my knowledge.
TheWoodster is offline   Reply With Quote
Old 17-01-2013, 15:52   #8
ferretuk
Inactive
 
Join Date: Dec 2006
Services: Plusnet Unlimited FTTC
Posts: 501
ferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpackferretuk has a very nice sixpack
Re: dos attack on my server

Have you removed the port forwarding rule in the SH as well? Or is this what you have done by 'removing the firewall exception'?
ferretuk is offline   Reply With Quote
Old 17-01-2013, 16:06   #9
TheWoodster
Inactive
 
Join Date: Aug 2009
Location: Sheffield
Services: Tivo x 2 60mb Virgin 1 x bel
Posts: 58
TheWoodster is an unknown quantity at this point
Re: dos attack on my server

apologies, sh?

---------- Post added at 15:04 ---------- Previous post was at 15:04 ----------

o superhub, yeah thats where the firewall exceptions are

---------- Post added at 15:06 ---------- Previous post was at 15:04 ----------

well so far all seems good. no attacks and the server is running smoothly.
TheWoodster is offline   Reply With Quote
Old 17-01-2013, 18:34   #10
TheWoodster
Inactive
 
Join Date: Aug 2009
Location: Sheffield
Services: Tivo x 2 60mb Virgin 1 x bel
Posts: 58
TheWoodster is an unknown quantity at this point
Re: dos attack on my server

that seems to have sorted the problem.

thanks for your assistance.
TheWoodster is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 16:33.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.