We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
I need help... Please :'(
I need help... Please :'(
I'm in a little bit of a pickle and I'm calling on the Vesta Community for help. I'm currently running a self-handled VPS with Cent OS 7.5 and the latest version of Vesta CP.
My website = a Wordpress blog.
(Note: I do not use anything to do with E-Mails on this server.)
My Issue:
Since September 15th 2018 I've been getting DDoSd and spammed with Brute Force attacks that aren't working for whoever is doing this. The DDoS attack is under control (thank God), but I'm still having issues with the brute force attack(s).
It seems to me that the reason SpamAssassin is working EXTRA hard, using approximately ~60-70% CPU and ~8gb of Memory, is because they're attacking the mail side of things (correct me if I'm wrong).
What I've done so far:
1) I stopped the following: Exim, Dovecot, Clamd, SpamAssassin.
2) I blocked the following ports in IP Tables: /SMTP, /POP3, /IMAP.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Here's the result:
1) Load Average went from ~40 -> ~6.
2) HTTPd went from running @ ~50 CPU -> ~29 CPU.
I'm not sure what else to do as I'm currently running out of ideas on how to block this attack. If ANYONE can offer any insight or suggestions please help me out! Thank you once again.
My website = a Wordpress blog.
(Note: I do not use anything to do with E-Mails on this server.)
My Issue:
Since September 15th 2018 I've been getting DDoSd and spammed with Brute Force attacks that aren't working for whoever is doing this. The DDoS attack is under control (thank God), but I'm still having issues with the brute force attack(s).
It seems to me that the reason SpamAssassin is working EXTRA hard, using approximately ~60-70% CPU and ~8gb of Memory, is because they're attacking the mail side of things (correct me if I'm wrong).
What I've done so far:
1) I stopped the following: Exim, Dovecot, Clamd, SpamAssassin.
2) I blocked the following ports in IP Tables: /SMTP, /POP3, /IMAP.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Here's the result:
1) Load Average went from ~40 -> ~6.
2) HTTPd went from running @ ~50 CPU -> ~29 CPU.
I'm not sure what else to do as I'm currently running out of ideas on how to block this attack. If ANYONE can offer any insight or suggestions please help me out! Thank you once again.
Last edited by zzz on Thu Oct 18, 2018 11:00 pm, edited 4 times in total.
Re: I need help... Please :'(
Hey zzz,
Well, things are kind of quiet around here, Vesta team is fixing problems.
I am new to Vesta, but have been a server admin for about 15 years.
Fail2ban never protected any of my servers properly, and I have always switched to CSF.
There is a post here:
viewtopic.php?f=20&t=10209
Suggestions... CSF must be setup properly. If it is, it'll ban 100% better than fail2ban.
Two things. If you want no conflicts, go to vestacp -> server, stop iptables and fail2ban. Edit the configuration file for Vesta (mentioned in post) and set he two variables to ''.
Then install.
Depending on your distro, be sure the log paths are correct, and SSH port and Vesta port is listed in allowable ip4 tcp ports.
Turn off testing. You will get a lot of alerts about processes, etc... add them to csf.pignore - take your time and set it up properly.
It can mitigate decent SYN attacks, (nothing software based can be 100% against a DoS attack). And it will slow your problems down quickly.
:-)
Well, things are kind of quiet around here, Vesta team is fixing problems.
I am new to Vesta, but have been a server admin for about 15 years.
Fail2ban never protected any of my servers properly, and I have always switched to CSF.
There is a post here:
viewtopic.php?f=20&t=10209
Suggestions... CSF must be setup properly. If it is, it'll ban 100% better than fail2ban.
Two things. If you want no conflicts, go to vestacp -> server, stop iptables and fail2ban. Edit the configuration file for Vesta (mentioned in post) and set he two variables to ''.
Then install.
Depending on your distro, be sure the log paths are correct, and SSH port and Vesta port is listed in allowable ip4 tcp ports.
Turn off testing. You will get a lot of alerts about processes, etc... add them to csf.pignore - take your time and set it up properly.
It can mitigate decent SYN attacks, (nothing software based can be 100% against a DoS attack). And it will slow your problems down quickly.
:-)