Monthly Archives: May, 2016

Softinite.com under attack Part III

By Posted in - Blog on May 19th, 2016 0 Comments

Some South African IPs have been SYN flooding my website today.

The proposed solution was to enable SYN cookies in /etc/sysctl.conf:

net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_synack_retries=3

When one works over ssh, ‘sysctl -p /etc/sysctl.conf’ can be used to activate the changes.

Read More →

Softinite.com under attack Part II

By Posted in - Blog on May 18th, 2016 0 Comments

Short time after cleaning up the infection, the attacks renewed, bringing down the website on periodical basis.

After some digging, it looked like some Chinese based IPs were hitting xmlrpc.php on port 80 and brute forcing …

Read More →

Softinite website under attack

By Posted in - Blog on May 5th, 2016 0 Comments

Our website appears to have been the victim of an attack.

At first, it was difficult to assess what was happening.

The box on which it has been running kept going down.

It seemed like a problem with the …

Read More →