> Does not seem to be the kernel. I mean not the Cobalt kernel. From > what I have read, the fix to the kernel from Apache.org stopped the > people from taking control of your server. It does not stop what you > are getting. The Cobalt kernel has incorporated the changes to the > current kernel. If you did the update you have the latest fix by > Apache.org. > Read this > http://www.extremetech.com/article2/0,3973,302776,00.asp > It appears the fix to apache just keeps the person from getting root > access, not from doing the DOS.
Sorry I missed this part in my first email: Yes I�m colocated and the colo company asked me to handle them the IP address of the attacker in order to block them. Man.. I can do that with ipchains.. in fact I�ve done that just that after a few hours or days the attacker moves to a different IP and problem is restarted. I �ll ask them to consider passing only valid syns suggested in this list. Well.. apache itself is not the problem.. I don�t think it�s. For these reasons: 1- I�ve been logged in the server when attacks comes, attacks are mostly on port 21 and sometimes on port 80 (anyway I�ll take care of port 81 as suggested here too, thanks) 2- After the system reboots, I check /var/log/kernel.log and I get lots of: Possible syn flooding on port 21, sending cookies, after 10 or more lines like this, no more messages. That�s why I think it�s the old kernel... BTW, the colo told us they have had a very busy week rebooting cobalts all around the facility, because of the same reason. Well.. actually I don�t think what else to do to stay macho man and not to ask for a reboot every X time. Waiting for more suggestions Ernesto _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
