Almost every day I get an e-mail from KH informing me that DOS or some other kind of attack happened on my primary domain.
I get messages with content like this:
Mar 10 09:14:42 host kernel: Firewall: *SYNFLOOD Blocked* IN=venet0 OUT= MAC= SRC=80.239.242.174 DST=204.197.242.141 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=9132 DF PROTO=TCP SPT=38044 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
or more often I get something like this:
Connections: 54
Blocked: Temporary Block
tcp: 110.55.244.84:49608 -> 204.197.242.141:80 (ESTABLISHED)
tcp: 110.55.244.84:49610 -> 204.197.242.141:80 (ESTABLISHED)
...
ESTABLISHED ... CLOSE_WAIT ...
I was wondering, is it normal/usual to get this so frequently? My website gets approx 20k unique visitors per day.
Actually, is there anything I could do to prevent this? (guess not)
Thanks
I get messages with content like this:
Mar 10 09:14:42 host kernel: Firewall: *SYNFLOOD Blocked* IN=venet0 OUT= MAC= SRC=80.239.242.174 DST=204.197.242.141 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=9132 DF PROTO=TCP SPT=38044 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
or more often I get something like this:
Connections: 54
Blocked: Temporary Block
tcp: 110.55.244.84:49608 -> 204.197.242.141:80 (ESTABLISHED)
tcp: 110.55.244.84:49610 -> 204.197.242.141:80 (ESTABLISHED)
...
ESTABLISHED ... CLOSE_WAIT ...
I was wondering, is it normal/usual to get this so frequently? My website gets approx 20k unique visitors per day.
Actually, is there anything I could do to prevent this? (guess not)
Thanks