Knowledgebase

Portal Home > Knowledgebase > Articles Database > Server sending out DoS attacks?


Server sending out DoS attacks?




Posted by LanceTan, 02-16-2011, 08:52 AM
Hello, So my current server administrator told me that my server is actually SENDING OUT DoS attacks. So my server is actually the one attacking other computers. I am just wondering what are some possibilities to how some could have maliciously done this. Also it was told that the server side is not compromised, but that it was most likely a malicious script that did the damage. I'm thinking an old wordpress install might have done it, but I'm not sure if that's possible. Any ideas?
Posted by razzezz, 02-16-2011, 09:02 AM
Older versions of Wordpress do have vulnerabilties that can be exploited by DoS scripts. (V2 I believe) - http://www.securiteam.com/exploits/5NP062KI0C.html If the management team are particular that the server itself has not been compromised, were they able to see what processes were causing the DoS flood as this would help narrow down your search.
Posted by LanceTan, 02-16-2011, 09:07 AM
Well its been several hours, apparently they've told me that the server went down too fast for them to log any data.
Posted by razzezz, 02-16-2011, 09:09 AM
Then you're looking for a preverbial needle. If its a data injection, it could be anywhere. Update all system packages, and all CMS modules to the latest versions.
Posted by LanceTan, 02-16-2011, 09:13 AM
Seems very scary to me, especially since I have custom made scripts that I made myself that might not be the most secure. What other things should I be looking at? Any types of scripts in certain?
Posted by razzezz, 02-16-2011, 09:15 AM
They're likely to be SQL injection strings as that very common. Check your DB's content for programming syntax. Check you use security measures in your scripts like mysql_escape_string and stripslashes etc.
Posted by LanceTan, 02-16-2011, 09:17 AM
So SQL injection strings can cause my server to start sending out DDoS attacks? Interesting. So I should now check my mysql databases right?
Posted by razzezz, 02-16-2011, 09:20 AM
If for instance, if the injection was done on a blog comment, whenever that page is loaded, it could execute the commands that were inserted into the DB. This could be any language supported on the server. i.e. Perl, C etc. So yes, they could run anything, and it would be running as your web user, i.e. apache.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Multi site automation (Views: 599)
cluster cpus? (Views: 575)
RAID1 - Failed drive? (Views: 588)
Alternate Secure Server (Views: 604)
CloudLinux vs BetterLinux Security (Default Settings) (Views: 636)