Thread: Getting DDOSSED via Server IP - How to hide IP in notification email headers etc?
View Single Post
  #18  
Old 08-17-2014, 12:43 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by final kaoss View Post
A bit like this. Server ip and domain it was sent from is found.

Code:
Received: by 10.64.236.40 with SMTP id ur8csp270236iec;
        Sat, 16 Aug 2014 22:01:33 -0700 (PDT)
X-Received: by 10.236.129.3 with SMTP id g3mr42503511yhi.67.1408251693456;
        Sat, 16 Aug 2014 22:01:33 -0700 (PDT)
Return-Path: <bounce-md_30152195.53f036ff.v1-4a68e3a9c92a4da1abcc77bffb4b1933@mandrillapp.com>
Received: from cloudmail.curse.com (cloudmail.curse.com. [205.201.137.179])
        by mx.google.com with ESMTPS id k26si17311804yhh.188.2014.08.16.22.01.33
I obviously know the sending server ip can be found in the mail header. My question was not how it is done but how do you know it is being done? It seems a very unlikely way for a site to be attacked.

My first question still stands as well. What does the security log show that represents a ddos attack and what ports are being targeted? My servers and most if not all others are probed hundreds if not thousands of times daily. These do not represent attacks and I am curious if that is what is happening here. And how is email being tied to this? What is the evidence of it?
Reply With Quote
2 благодарности(ей) от:
CAG CheechDogg, Max Taxable
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01095 seconds
  • Memory Usage 1,770KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (2)post_thanks_box_bit
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete