Portal Home > Knowledgebase > Articles Database > how to trace inbound attack ?????
how to trace inbound attack ?????
|Posted by gold2, 12-15-2013, 07:56 AM|
How you trace inbound attack ?
|Posted by DominionHosting, 12-15-2013, 09:13 AM|
|If you have access to the server you can run tcpdump to see if its a few ip addresses or many hundreds. If its a lot then you will need to get the data center involved.
It also depends on what kind of attack. Can you give more details?
|Posted by gold2, 12-15-2013, 09:17 AM|
|what detail you want ?
|Posted by Atlanical-Mike, 12-15-2013, 09:23 AM|
|Well is it a strong attack?
PS: Why does your site re-direct to a adult content website (Advert) not sure after the url changed I closed the tab.
You've got malware: http://sitecheck.sucuri.net/results/pkwebhost.com
Last edited by Atlanical-Mike; 12-15-2013 at 09:27 AM.
|Posted by gold2, 12-15-2013, 09:34 AM|
|there was some extra code
no cpanel access but how this edit
|Posted by Infinitnet, 12-15-2013, 09:34 AM|
|You indeed got malware in your website.
About your question: There are a lot of different options, depending on what exactly you want to find out. There are tools like "iftop", if you just want to see the traffic. Then there's "iptraf", which shows you the traffic as well as a few more details. The most advanced and best tools to analyze network attacks would be "tcpdump". Now if you could provide a few more details, we can help you. Do you know which IP is under attack or do you want to find that out? Do you want to know the attack size/type? Do you want to block the attack on software level? What's your goal.
|Posted by gold2, 12-15-2013, 09:41 AM|
|i want to trace who is attacking, i think any one of account are hacked and attacking but i am not able to trace it
currently main ip of server are null
|Posted by Infinitnet, 12-15-2013, 09:47 AM|
|So it's an outbound attack and not an inbound one if you say "i think any one of account are hacked and attacking"? For inbound attacks your chances are almost equal to zero to trace it back to someone. If it's an outgoing attack, first check the originating port with iptraf or tcpdump and then do "lsof -i -n -P | grep 123", where "123" is the originating port of the attack that you found out with iptraf. In the first line it should display the cPanel user the script generating the attack belongs to.
|Posted by EvolutionCrazy, 12-15-2013, 12:02 PM|
|tcpdump will provide you all the infos you need to trace ongoing attacks
Add to Favourites Print this Article