The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lame Server Flood - Suggestions?

Discussion in 'General Discussion' started by niatech, Feb 19, 2006.

  1. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hello all,

    Since about 3am this morning, one of my CPanel boxes has been getting hammered from a variety of IPs causing tones of 'lame server' entries in the logs. Now, if it was just the logs, I wouldn't care, but its driving my bandwidth up for about 15-20 minute portions, then subsiding, then starting again.

    Does anyone have any suggestions on how I can minimize or stop these?

    I have APF/AD/BFD running as well.

    Thanks!

    Ciao
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  3. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hmm,

    read through the document and ended up only allowing recursion to occur from my own IPs and the attacks are back.. There are hundreds of them already in the first few minutes.

    Is there a way I can tell where the request is originating (IP?)

    Ciao
     
  4. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Seems as though they are a bunch of reverse lookups from (most likely) spoofed IPs:

    here is an example

    Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
    Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:55 tin named[17893]: lame server resolving '188.88.50.200.in-addr.arpa' (in '88.50.200.in-addr.arpa'?): 205.214.192.201#53
    Feb 19 19:39:56 tin named[17893]: lame server resolving '188.88.50.200.in-addr.arpa' (in '88.50.200.in-addr.arpa'?): 205.214.192.202#53
     
Loading...

Share This Page