Blockland Forums > General Discussion
HamHost Dedicated Blockland servers | New poll: More free-user features?
Pecon:
Hammer.
Run Rkill for a temporary fix.
hammereditor²:
--- Quote from: Pecon on October 21, 2013, 04:37:00 PM ---Hammer.
Run Rkill for a temporary fix.
--- End quote ---
This program found no issues at all.
Also, I unzipped all the back-up files, and scanned them with Norton 360 on my computer.
There were no viruses found.
So I'm beginning to think this is not a malicious attack, and it's some other error.
DDoS fixed!
I have blocked incoming UDP port 19 with the firewall, and the DDoS attack magically stopped!
EDIT:
There was never a computer virus!
After researching some stuff about how UDP port 19 can be exploited for DoS attacks, I reasoned out that a hacker is using the Chargen service on my VPS to send spammy data to the victim.
During server set-up 2 months ago, I think I installed 'Complex network services' or something like that. And I think the role configurator enabled the service.
The Chargen service is where a client connects to a server on UDP port 19, and the server sends a stream of random numbers or characters back to the client.
Connection logs on my VPS have shown that Skial.com has frequently been using the Chargen service. And they are the victim.
The VPS will not be reset!
hammereditor²:
At least this reminded me to make a complete back-up of the whole system.
Nal:
Thank god
Lugnut:
--- Quote from: hammereditor² on October 21, 2013, 04:45:58 PM ---After researching some stuff about how UDP port 19 can be exploited for DoS attacks, I reasoned out that a hacker is using the Chargen service on my VPS to send spammy data to the victim.
During server set-up 2 months ago, I think I installed 'Complex network services' or something like that. And I think the role configurator enabled the service.
The Chargen service is where a client connects to a server on UDP port 19, and the server sends a stream of random numbers or characters back to the client.
Connection logs on my VPS have shown that Skial.com has frequently been using the Chargen service. And they are the victim.[/size]
--- End quote ---
why exactly are you telling us this? don't do that, we don't give a stuff and it's too complicated for us mundane forgets. dealing with this is your job, and you handled it - we just want the meat:
win vvvvvvvv
--- Quote from: hammereditor² on October 21, 2013, 04:45:58 PM ---After doing extensive research, I have determined with X% certainty that the issues are caused by an unused service I enabled a few months ago. This service was being exploited to send a bunch of data to a remote victim, causing lag on our end.
User data has not been compromised, and the error has been fixed.
The VPS will not be reset!
If you want more specific details, PM me.
--- End quote ---
win ^^^^^^^^
that last bit is optional, and you should be 100% sure you've actually closed the hole - someone might try to exploit it again.
buisness 101