Kendime saldırı yapıyor gibi görünüyorum + doss ile saldırıyorlar

greystone · 6 Şubat 2009

Kendime saldırı yapıyor gibi görünüyorum + doss ile saldırıyorlar lütfen yardım edin apf ddos initbase ve iptables komutlarını kullandım fayda etmedi ne yapabilirim bu ip 212.95.50.167 benim serverimin ana ip adresi

[root@main ~]# ddos
34
24 212.95.50.167
1 servers)
1 Address
1 88.227.61.122
1 127.0.0.1

[root@main ~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 212.95.50.167.interne:34256 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34265 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34253 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34255 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34254 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34283 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34205 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34209 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34208 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34398 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34396 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34397 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34394 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34395 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34393 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34405 212.95.50.167.internet:http ESTABLISHED
tcp 0 0 212.95.50.167.interne:34401 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34414 212.95.50.167.internet:http ESTABLISHED
tcp 0 0 212.95.50.167.interne:34412 212.95.50.167.internet:http ESTABLISHED
tcp 0 0 212.95.50.167.interne:34413 212.95.50.167.internet:http ESTABLISHED
tcp 0 0 212.95.50.167.interne:34411 212.95.50.167.internet:http ESTABLISHED
tcp 0 0 212.95.50.167.interne:34325 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34328 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.interne:34359 212.95.50.167.internet:http FIN_WAIT2
tcp 0 0 212.95.50.167.internets:ftp 88.227.61.122:1892 ESTABLISHED
tcp 0 0 212.95.50.167.internet:http adsl-99-140-176-84.dsl:1621 ESTABLISHED
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34325 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34328 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34359 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http ::ffff:88.227.61.122:2520 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34393 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34394 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34395 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34396 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34397 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34398 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34401 CLOSE_WAIT
tcp 0 0 212.95.50.167.internet:http 212.95.50.167.interne:34405 ESTABLISHED
tcp 0 0 212.95.50.167.internet:http 212.95.50.167.interne:34411 ESTABLISHED
tcp 0 0 212.95.50.167.internet:http 212.95.50.167.interne:34412 ESTABLISHED
tcp 0 0 212.95.50.167.internet:http 212.95.50.167.interne:34413 ESTABLISHED
tcp 0 0 212.95.50.167.internet:http 212.95.50.167.interne:34414 ESTABLISHED
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34205 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34208 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34209 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http ::ffff:88.227.:discp-client CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http crawl-66-249-65-6.goo:61233 CLOSE_WAIT
tcp 0 0 212.95.50.167.internet:http ::ffff:88.243.162.188:53658 FIN_WAIT2
tcp 0 1236 212.95.50.167.internets:ssh ::ffff:88.227.61.122:1627 ESTABLISHED
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34253 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34254 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34255 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34256 CLOSE_WAIT
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34265 CLOSE_WAIT
tcp 0 0 212.95.50.167.internet:http ::ffff:88.227.61.122:2895 ESTABLISHED
tcp 0 4514 212.95.50.167.internet:http dsl78.186-34077.ttnet:57328 FIN_WAIT1
tcp 1 0 212.95.50.167.internet:http 212.95.50.167.interne:34283 CLOSE_WAIT
tcp 0 0 212.95.50.167.internet:http crawl-66-249-65-6.goo:59517 ESTABLISHED
udp 0 0 main.baskent.in:32770 main.baskent.in:32770 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 12611 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 3449 @udevd
unix 16 [ ] DGRAM 5862 /dev/log
unix 2 [ ] DGRAM 28933
unix 3 [ ] STREAM CONNECTED 28783 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28782
unix 3 [ ] STREAM CONNECTED 28761 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28760
unix 3 [ ] STREAM CONNECTED 28736 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28735
unix 3 [ ] STREAM CONNECTED 28725 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28724
unix 3 [ ] STREAM CONNECTED 28609 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28608
unix 3 [ ] STREAM CONNECTED 28594 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28593
unix 3 [ ] STREAM CONNECTED 28590 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28589
unix 3 [ ] STREAM CONNECTED 28582 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28581
unix 3 [ ] STREAM CONNECTED 28176 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28175
unix 3 [ ] STREAM CONNECTED 28009 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28008
unix 3 [ ] STREAM CONNECTED 28001 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 28000
unix 3 [ ] STREAM CONNECTED 27993 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27992
unix 3 [ ] STREAM CONNECTED 27984 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27983
unix 3 [ ] STREAM CONNECTED 27977 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27976
unix 3 [ ] STREAM CONNECTED 27969 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27968
unix 3 [ ] STREAM CONNECTED 27959 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27958
unix 3 [ ] STREAM CONNECTED 27760 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27759
unix 3 [ ] STREAM CONNECTED 27489 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27488
unix 3 [ ] STREAM CONNECTED 27473 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27472
unix 3 [ ] STREAM CONNECTED 27068 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27067
unix 3 [ ] STREAM CONNECTED 27007 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27006
unix 3 [ ] STREAM CONNECTED 27001 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 27000
unix 3 [ ] STREAM CONNECTED 26741 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26740
unix 3 [ ] STREAM CONNECTED 26713 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26712
unix 3 [ ] STREAM CONNECTED 26704 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26703
unix 3 [ ] STREAM CONNECTED 26701 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26700
unix 3 [ ] STREAM CONNECTED 26690 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26689
unix 3 [ ] STREAM CONNECTED 26203 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26202
unix 3 [ ] STREAM CONNECTED 26184 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26183
unix 3 [ ] STREAM CONNECTED 26165 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 26164
unix 2 [ ] DGRAM 19087
unix 3 [ ] STREAM CONNECTED 12610 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12609
unix 3 [ ] STREAM CONNECTED 12476
unix 3 [ ] STREAM CONNECTED 12475
unix 2 [ ] DGRAM 12412
unix 2 [ ] DGRAM 12363
unix 3 [ ] STREAM CONNECTED 9057
unix 3 [ ] STREAM CONNECTED 9056
unix 3 [ ] STREAM CONNECTED 9055
unix 3 [ ] STREAM CONNECTED 9054
unix 2 [ ] DGRAM 9042
unix 2 [ ] DGRAM 8824
unix 2 [ ] DGRAM 8769
unix 2 [ ] DGRAM 8659
unix 2 [ ] DGRAM 8639
unix 2 [ ] DGRAM 8622
unix 2 [ ] DGRAM 8604
unix 2 [ ] DGRAM 8572
unix 2 [ ] DGRAM 7656
unix 3 [ ] STREAM CONNECTED 6051
unix 3 [ ] STREAM CONNECTED 6050
unix 2 [ ] DGRAM 5935
unix 2 [ ] DGRAM 5870

top - 16:23:45 up 47 min, 1 user, load average: 14.68, 17.91, 14.11
Tasks: 129 total, 1 running, 118 sleeping, 10 stopped, 0 zombie
Cpu(s): 6.1% us, 92.7% sy, 0.0% ni, 0.0% id, 0.0% wa, 1.1% hi, 0.0% si
Mem: 514332k total, 465372k used, 48960k free, 9472k buffers
Swap: 1048568k total, 30324k used, 1018244k free, 201888k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6692 mysql 16 0 122m 25m 4292 S 54.9 5.0 28:51.91 mysqld
7234 apache 15 0 70356 52m 4472 S 35.8 10.4 0:12.42 httpd
8607 root 17 0 3416 1024 764 R 5.0 0.2 0:00.82 top
4833 root 15 0 9316 2488 1884 S 4.2 0.5 0:20.58 sshd
37 root 15 0 0 0 0 S 0.3 0.0 0:00.95 pdflush
4760 root 16 0 29988 6652 2024 S 0.3 1.3 0:06.97 spamd
5250 drweb 16 0 29420 20m 496 S 0.3 4.1 0:00.18 drwebd
5337 root 16 0 5448 2280 984 S 0.3 0.4 0:05.85 hald
1 root 16 0 2336 512 460 S 0.0 0.1 0:02.17 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
4 root 5 -10 0 0 0 S 0.0 0.0 0:00.59 events/0
5 root 5 -10 0 0 0 S 0.0 0.0 0:00.02 khelper
6 root 15 -10 0 0 0 S 0.0 0.0 0:00.00 kacpid
19 root 5 -10 0 0 0 S 0.0 0.0 0:01.14 kblockd/0
20 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khubd
38 root 15 0 0 0 0 S 0.0 0.0 0:00.18 pdflush
39 root 16 0 0 0 0 S 0.0 0.0 0:11.08 kswapd0
40 root 14 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0
186 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kseriod
424 root 9 -10 0 0 0 S 0.0 0.0 0:00.00 ata/0
425 root 9 -10 0 0 0 S 0.0 0.0 0:00.00 ata_aux
447 root 15 0 0 0 0 S 0.0 0.0 0:14.22 kjournald
1105 root 6 -10 0 0 0 S 0.0 0.0 0:00.00 kauditd
1648 root 6 -10 3492 424 368 S 0.0 0.1 0:00.15 udevd
2076 root 19 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
2844 root 16 0 3360 480 432 S 0.0 0.1 0:03.50 syslogd
2848 root 16 0 2100 296 292 S 0.0 0.1 0:00.06 klogd
2875 rpc 15 0 1936 392 388 S 0.0 0.1 0:00.00 portmap
2894 rpcuser 18 0 3508 524 520 S 0.0 0.1 0:00.02 rpc.statd
2922 root 16 0 5572 212 180 S 0.0 0.0 0:00.09 rpc.idmapd
2997 root 19 0 2864 348 344 S 0.0 0.1 0:00.00 acpid
4404 root 17 0 9128 1296 1132 S 0.0 0.3 0:00.11 cupsd
4483 root 16 0 6088 828 788 S 0.0 0.2 0:00.05 sshd
4496 root 18 0 3404 724 616 S 0.0 0.1 0:00.14 xinetd
4522 root 19 0 5460 668 664 S 0.0 0.1 0:00.00 couriertcpd
4524 root 23 0 3316 324 320 S 0.0 0.1 0:00.00 courierlogger
4534 root 24 0 6156 668 664 S 0.0 0.1 0:00.00 couriertcpd
4540 root 24 0 4168 324 320 S 0.0 0.1 0:00.00 courierlogger
4544 root 25 0 4732 668 664 S 0.0 0.1 0:00.00 couriertcpd
4546 root 25 0 3812 324 320 S 0.0 0.1 0:00.00 courierlogger
4555 root 25 0 4476 668 664 S 0.0 0.1 0:00.00 couriertcpd
4557 root 25 0 4428 324 320 S 0.0 0.1 0:00.00 courierlogger
4568 qmails 16 0 2508 452 372 S 0.0 0.1 0:00.83 qmail-send
4570 qmaill 16 0 2548 424 372 S 0.0 0.1 0:00.10 splogger
4571 root 21 0 3308 236 232 S 0.0 0.0 0:00.00 qmail-lspawn
4572 qmailr 16 0 2248 332 268 S 0.0 0.1 0:00.04 qmail-rspawn
4573 qmailq 16 0 2632 288 264 S 0.0 0.1 0:00.04 qmail-clean
4587 root 16 0 3288 228 224 S 0.0 0.0 0:00.00 gpm
4616 named 19 0 37356 1544 1216 S 0.0 0.3 0:00.34 named
4742 postgres 16 0 20356 1444 1324 S 0.0 0.3 0:00.32 postmaster
4744 postgres 19 0 11156 220 180 S 0.0 0.0 0:00.01 postmaster

murdock · 9 Şubat 2009

Kullandığın scriptten dolayı ard arda database sorgu yolluyor sanırım.. kullandığın scripti bir kontrol et. eğer senin kullandığın internetin ipsinden oluyorsa böyle birşey..tek nedeni budur.. kullandığın bir sayfada (bu admin paneli gibi bişeyde olabilir.üyeleri ayrıntılarıyla listeletmek gibi..) olabilir sorun.

PhpMania · 9 Mart 2009

cron jobs ile çalışan sayfanız varsa olabilir.

Kendime saldırı yapıyor gibi görünüyorum + doss ile saldırıyorlar

greystone

0

murdock

0

PhpMania

0

Backlink ve Tanıtım Yazısı için iletişime geçmek için Skype Adresimiz: .cid.1580508955483fe5