| Question: |
Good afternoon.Our website http://ukraine-elections.com.ua/не open, it says \"Web page unavailable\" |
| Answer: |
yesterday we were otpravlyali message about the strongest Dose on Your website. You receive it? /home/cpmove-storm.tar.gz
strong DDoS attack
list the ip of the attacker
~snike/ukraine-elections.txt
grep storm /var/log/exim_mainlog | wc-l
4499
2012-10-09 09:06:23 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:06:25 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:06:47 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:09:41 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:17:07 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:19:32 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:20:42 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:30:02 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:31:36 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL
2012-10-09 09:33:05 cwd=/home2/storm/public_html 5 args: /usr/sbin/sendmail -t - i-f EMAIL |
| Question: |
Yes, I see soobseniem it`s common to send emails.6 letters in half an hour is the \"strongest DDOS\"? |
| Question: |
10 letters in half an hour, you kind of had a resolution of up to 100 per hour |
| Answer: |
what does sending emails DDOS on kanaal was kotoorye scored ego |
| Question: |
\"/usr/sbin/sendmail\" is not mail?could you please switch on the website, we disable the sending of messages |
| Question: |
please Orient, when can we expect the inclusion of the site?we do not have access to any tool |
| Answer: |
again povtryayu Your mail is not being, was tselenapravlenno DDOS to Your site, we can do it in DC USA, but my recommendation is that he also stayed in the unit, because DDOS can vozobnovit and then closed down. |
| Question: |
tell me please, do you have access log for yesterday our account, so we analyzed it? |
| Answer: |
please Wait. |
| Answer: |
the whole log like this IP - - [20/Aug/2014:16:30:34 +0400] \"POST /vybory/online/1 HTTP/1.1\" 401 590 \"http://ukraine-elections.com.ua/\" \"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.307762; .NET CLR 3.5.307762; .NET CLR 3.0.307762\"
IP - - [20/Aug/2014:16:30:34 +0400] \"POST /vybory/online/1 HTTP/1.1\" 401 188 \"http://ukraine-elections.com.ua |
| Question: |
the DNS update has occurred, error 404 is left http://ukraine-elections.com.ua/ I Write to you, as governed by this paragraph: \"It is also possible that you have inadvertently deleted your document root or the your account may need to be event log. Either way, please contact your web host immediately.\" In htaccess problems like no |
| Answer: |
please Do a trace to Your domain: start - run - enter cmd - in the black window enter tracert YOUR DOMAIN - after click to highlight - making enter - skopirovat here in the ticket
If You are experiencing zatrudina, view instructional videos http://ded07.net/helphost/tracert.htm |
| Question: |
Tracing route to ukraine-elections.com.ua [IP]with the maximum number of jumps 30: 1 1 ms 1 ms 1 ms IP 2 2 ms 1 ms 1 ms host-27-1.soho.net.ua [IP] 3 1 ms 1 ms 1 ms blade1.SoHo.NET.ua [IP] 4 1 ms 2 ms 2 ms nat1.soho.net.ua [IP] 5 160 ms 7 ms 239 ms core.soho.net.ua [IP] 6 9 ms 10 ms 39 ms IP 7 17 ms 18 ms 17 ms IP 8 39 ms 40 ms 39 ms ae8-3950.fra61.ip4.gtt.net [IP] 9 165 ms 165 ms 164 ms xe-9-2-0.dal33.ip4.gtt.net [IP] 10 165 ms 165 ms 164 ms gtt-gw.ip4.gtt.net [IP] 11 170 ms 171 ms 172 ms xe-5-3-3.cr1.iah1.us.nlayer.net [IP] 12 170 ms 170 ms 170 ms as20013.ae0.cr1.iah1.us.nlayer.net [IP] 13 173 ms 179 ms 172 ms IP 14 172 ms 171 ms 171 ms IP 15 171 ms 173 ms 170 ms ukraine-elections.com.ua [IP]Trace complete. |
| Answer: |
as you so? the ip should be the IP something you made in hosts? |
| Answer: |
well, actually what I see all the http://tools.pingdom.com/fpt/#!/bVaUPs/ukraine-elections.com.ua |
| Question: |
yeah, messed with hostsспасибо, now it works |
| Answer: |
OK
|
| Question: |
tell me, therefore now is the site? |
| Answer: |
you again DDoS attack. |
| Answer: |
a full backup of your account blogway.ru/cpmove-storm.tar.gz the question of the return of unused funds, you can solve it in the Department of Finance . your future host will warn about the attack. |
| Question: |
tell me, can we now move to a VPS, in order to have the possibility to independently control the website and the attack on him? |
| Answer: |
the air force is much weaker servers shared hosting. He Yong is suitable for attacks. You can try vospolzovatya services the filtering services or thereafter specializing in the attacks. |
| Question: |
tell me, we can get access today?in became it is not |
| Answer: |
the request sent to the administrator. |
| Answer: |
we opened the access panel |
