Portal Home > Knowledgebase > Articles Database > how to trace inbound attack ?????

how to trace inbound attack ?????

Posted by gold2, 12-15-2013, 07:56 AM
Dear Member How you trace inbound attack ?

Posted by DominionHosting, 12-15-2013, 09:13 AM
If you have access to the server you can run tcpdump to see if its a few ip addresses or many hundreds. If its a lot then you will need to get the data center involved. It also depends on what kind of attack. Can you give more details?

Posted by gold2, 12-15-2013, 09:17 AM
what detail you want ?

Posted by Atlanical-Mike, 12-15-2013, 09:23 AM
Well is it a strong attack? PS: Why does your site re-direct to a adult content website (Advert) not sure after the url changed I closed the tab. You've got malware: http://sitecheck.sucuri.net/results/pkwebhost.com Last edited by Atlanical-Mike; 12-15-2013 at 09:27 AM.

Posted by gold2, 12-15-2013, 09:34 AM
there was some extra code no cpanel access but how this edit

Posted by Infinitnet, 12-15-2013, 09:34 AM
You indeed got malware in your website. About your question: There are a lot of different options, depending on what exactly you want to find out. There are tools like "iftop", if you just want to see the traffic. Then there's "iptraf", which shows you the traffic as well as a few more details. The most advanced and best tools to analyze network attacks would be "tcpdump". Now if you could provide a few more details, we can help you. Do you know which IP is under attack or do you want to find that out? Do you want to know the attack size/type? Do you want to block the attack on software level? What's your goal.

Posted by gold2, 12-15-2013, 09:41 AM
i want to trace who is attacking, i think any one of account are hacked and attacking but i am not able to trace it currently main ip of server are null

Posted by Infinitnet, 12-15-2013, 09:47 AM
So it's an outbound attack and not an inbound one if you say "i think any one of account are hacked and attacking"? For inbound attacks your chances are almost equal to zero to trace it back to someone. If it's an outgoing attack, first check the originating port with iptraf or tcpdump and then do "lsof -i -n -P | grep 123", where "123" is the originating port of the attack that you found out with iptraf. In the first line it should display the cPanel user the script generating the attack belongs to.

Posted by EvolutionCrazy, 12-15-2013, 12:02 PM
tcpdump will provide you all the infos you need to trace ongoing attacks

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
How safe Php file (Views: 237)
H-Sphere or CPanel? (Views: 259)