Servers under attack
Managing servers online and offering Internet services to others isn't without its problems. Within hours of bringing a new server online you will invariably find that someone, somewhere in the world will try to find out what it is, what it's being used for and worse, if it has any vulnerabilities.
In the ten years that we have been offering Internet services for businesses we have come under attack many times. Thankfully none of those attacks have been fatal, although on a couple of occasions they have possibly been a contributing factor in hardware failing sooner than it ought to.
Most of the attacks we have suffered have been Denial-of-Service attacks, where the attacker attempts to lock out innocent users by flooding the server with web requests, e-mail or other traffic.
Recently we have been the target of attacks on our POP3 servers. So far, I'm pleased to say that all attempts have failed. One recent attacker seemed intent on flooding the server with connections in an attempt to bring it down. A few years ago we suffered an SMTP denial of service attack with 45,000+ messages coming through the server in a matter of hours. This killed the mail software we were running at that time (I won't name and shame here).
Having had many servers over the years I never found a server that could cope with such issues. For this very reason we built our own mail server software in order to add our own security measures based on years of experience of these kinds of activities. It may sound perverse but I actually enjoy attacks like these; they test our software in ways that we perhaps wouldn't normally test it and they allow us to just get stronger and stronger. In the latest attempt to bring one of our mail servers down, Agua successfully batted off over 750 attempts per minute.
With no degradation to the service and no major resource issues on the server I consider this a great success. There were quite a few log files generated (22,000+ by the time I woke up and logged in to check the server in question) but apart from that there was no real issue. Checking the logs indicated that the attempts all came from the same IP address. So, a one line modification in the configuration file for Agua and the problem goes away.
It's that easy with Agua, no restarting of services, no rebooting – just change the configuration and the software automatically reconfigures and protects you from attack. It certainly makes my life a lot easier knowing that I can make changes so quickly in order to block any unwanted intruders.
Similar security mechanisms have also been built into our other software. After all if something works and makes life easier it makes sense to reuse it wherever possible.