Results 1 to 6 of 6

Thread: Possible Performance Hit

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 25-06-2019, 09:20 AM #1
    SilverWarior
    SilverWarior is offline
    PGD Staff
    Join Date
    Jun 2011
    Location
    Slovenia
    Posts
    1,326
    Quote Originally Posted by AthenaOfDelphi View Post
    but some were not and these seemed to be intent on keeping connections to the mail services alive for an indefinite period of time.
    Are we talking here about connections to mail services using mail protocols like POP3, IMAP and SMTP or are we talking about connection being made toward web mail interface.
    If we are talking about connections through mail protocols then you could easily set up conection limit in your firewall in such a way so that it doesn't interfere with webpage as you can go an impose a connection limit only to a specific ports that are being used by these protocols:
    POP3:

    • Port 110 - this is the default POP3 non-encrypted port
    • Port 995 - this is the port you need to use if you want to connect using POP3 securely

    IMAP:

    • Port 143 - this is the default IMAP non-encrypted port
    • Port 993 - this is the port you need to use if you want to connect using IMAP securely

    SMTP:

    • Port 25 - this is the default SMTP non-encrypted port
    • Port 2525 - this port is opened on all SiteGround servers in case port 25 is filtered (by your ISP for example) and you want to send non-encrypted emails with SMTP
    • Port 465 - this is the port used if you want to send messages using SMTP securely


    Only in case of possible attacks on web interface you would not be able to impose a connection limit without affecting PGD webpage as both work on port 80 for initial connection and then port 443 for maintaining a secure connection using HTTPS.
    Reply With Quote Reply With Quote
  2. 25-06-2019, 11:12 AM #2
    AthenaOfDelphi
    AthenaOfDelphi is offline
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    Location
    South Wales, UK
    Posts
    1,245
    Blog Entries
    2
    Send a message via ICQ to AthenaOfDelphi Send a message via MSN to AthenaOfDelphi
    It wasn't just mail these connections were appearing on which is why the connection limit is affecting everything.

    It appears to be some kind of TCP SYN attack as the connections are in the SYN state as though the server has responded to the SYN request with a SYN+ACK and is waiting for the client to return ACK.
    :: AthenaOfDelphi :: My Blog :: My Software ::
    Reply With Quote Reply With Quote
  3. 26-06-2019, 04:29 PM #3
    SilverWarior
    SilverWarior is offline
    PGD Staff
    Join Date
    Jun 2011
    Location
    Slovenia
    Posts
    1,326
    Quote Originally Posted by AthenaOfDelphi View Post
    It appears to be some kind of TCP SYN attack as the connections are in the SYN state as though the server has responded to the SYN request with a SYN+ACK and is waiting for the client to return ACK.
    Well this is a completely different matter then.
    Here is what I'm wondering. Who would want to launch a TCP SYN Flood attack against PGD? What would they gain by doing this?
    Now if you perhaps host some other sites from your servers it it possible that one of them might be the actual target for the TCP SYN Flood attack. Perhaps they might be even executing TCP SYN flood attack toward PGD in order to make it less obvious that they are attacking another site on your server since clogging the server would take down all of the sites hosted on it any way.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules