Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Lame Server Flood - Suggestions?

Discussion in 'General Discussion' started by niatech, Feb 19, 2006.

  1. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    166
    Hello all,

    Since about 3am this morning, one of my CPanel boxes has been getting hammered from a variety of IPs causing tones of 'lame server' entries in the logs. Now, if it was just the logs, I wouldn't care, but its driving my bandwidth up for about 15-20 minute portions, then subsiding, then starting again.

    Does anyone have any suggestions on how I can minimize or stop these?

    I have APF/AD/BFD running as well.

    Thanks!

    Ciao
     
    #1 niatech, Feb 19, 2006
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,366
    Likes Received:
    6
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    #2 sawbuck, Feb 19, 2006
  3. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    166
    Hmm,

    read through the document and ended up only allowing recursion to occur from my own IPs and the attacks are back.. There are hundreds of them already in the first few minutes.

    Is there a way I can tell where the request is originating (IP?)

    Ciao
     
    #3 niatech, Feb 19, 2006
  4. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    166
    Seems as though they are a bunch of reverse lookups from (most likely) spoofed IPs:

    here is an example

    Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
    Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:47 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 204.116.57.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:48 tin named[17893]: lame server resolving '117.149.253.206.in-addr.arpa' (in '149.253.206.in-addr.arpa'?): 206.74.254.2#53
    Feb 19 19:39:55 tin named[17893]: lame server resolving '188.88.50.200.in-addr.arpa' (in '88.50.200.in-addr.arpa'?): 205.214.192.201#53
    Feb 19 19:39:56 tin named[17893]: lame server resolving '188.88.50.200.in-addr.arpa' (in '88.50.200.in-addr.arpa'?): 205.214.192.202#53
     
    #4 niatech, Feb 19, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Lame Server Flood
  1. mikemikeee

    Lame server resolving errors

    mikemikeee, May 24, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    277
    cPanelMichael
    May 25, 2018
  2. dzamanakos

    New Thread whm-server-status requests

    dzamanakos, Mar 25, 2019 at 11:02 AM, in forum: Security
    Replies:
    0
    Views:
    18
    dzamanakos
    Mar 25, 2019 at 11:02 AM
  3. ArthurPeabody

    New Thread What does it mean for buildapache application uses the MySQL libraries and headers on the server its

    ArthurPeabody, Mar 24, 2019 at 10:37 AM, in forum: Database Discussion
    Replies:
    0
    Views:
    5
    ArthurPeabody
    Mar 24, 2019 at 10:37 AM
  4. AndyB78

    How to fix server name in DNS Zones following a server name change

    AndyB78, Mar 21, 2019 at 6:26 AM, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    47
    cPanelLauren
    Mar 22, 2019 at 2:39 PM
  5. FM Kappungal

    AutoSSL for additional domains of host server

    FM Kappungal, Mar 21, 2019 at 5:39 AM, in forum: Security
    Replies:
    1
    Views:
    79
    cPanelLauren
    Mar 22, 2019 at 1:23 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice