ArsRSS Server Issue

Posted by Myron Turner | Thu Aug 13th 2009 10:36 a.m.

ArsRSS runs off my small VPS (Virtual Private Server). In the last
while the server has been bombarded with hits from two bots with evil
intentions. Fortunately my server does not seem to be susceptible to
their attacks, and since becoming aware of the problem I've put some
further checks into place. But these bots are ceaselessly probing for
vulnerabilities and because our server has limited resources both of ram
and computing power, it is occasionally overwhelmed.

These bots can come from unsuspecting computers that have become hosts.
Our VPS has logged almost 300 IP addresses from which these bots
originate. And they account for over 15,000 probes, which can come in
rapid-fire sequence. When too many come too quickly, it's equivalent
to a DOS attack.

If you've ever checked out the ArsRSS site, you might want to know
whether one of your computers is playing host to either of these bots.
I've posted a page to ArsRSS which checks your IP address against the
IP's from which these bots originate. It simply tells you 'yes' or 'no'
and, if 'yes', which of the bots came from your machine and how to get
rid of it:

http://www.net18reaching.org/artrss/bots/chk_bots.php

It doesn't make anything public.

If one of your machines is involved and you get rid of the bot, it
would be a help to both of us.

Thanks very much.
Your Reply