A multi-domain attack involves a single public IP address targeting multiple domains hosted on a single server within a multi-tenant environment. The goal of this attack is typically to exhaust the server's memory resources. This is particularly effective against servers utilizing persistent PHP handlers like FastCGI or lsphp (which uses LSAPI). This post will talk about the little approach to defend against Multiple-Domain Attack.

It's been a while since I last posted. Today, I want to discuss a prevalent malware in the web hosting industry known as Kinsing malware.

What is Kinsing Malware?

Before diving into the specifics of Kinsing malware, let's first understand what it generally entails.

Since its initial appeara...

Random String Alphabetic and Alphanumeric PHP Malware are a shellcode or malicious script with 8 characters random alphabetic name used for executing malicious activity and a shellcode or malicious script with 8 characters random alphanumeric name used for executing malicious activity and uploading other malicious script. At least, this is the definition based on the observation on the real incident. Before we delve deeply about this malicious script, I will discuss about the history how I know this kind of malicious script.

I want to share about the step of troubleshooting ZipScanner:isZip() error in aibolit-resident service. The error that i found is like this:

    Fatal error: Uncaught TypeError: Argument 1 passed to ZipScanner::isZip() must be of the type string, null given, called in /opt/ai-bolit/ai-bolit-hoster...

What is SYN flood ?

A SYN flood (half-open attack) is a denyal-of-service (DDoS) attack which exploits the way of TCP 3-Way Handshake by repeteadly sending initial connection request (SYN) packets then overhelm all available ports on the targeted server. It can also cause SYN backlog at Linux to b...