DDoS attack

[Zion Ahead]

Two nights in a row I had to reboot the server.

I checked /var/log/messages and found this right before reboot, where the server was pinging on/off and load was high.

Is this a ddos attack?


**

Oct 28 02:52:22 server kernel: Firewall:

[Zion Ahead]

Anyone please?

[Infopro]

I don't want to make light of this, someone else will comment hopefully with better advice too, I'm sure, but I see this sort of thing often in my logs. If you suspect it's an attack that's causing huge loads on the server, contact your provider for assistance, or hire an expert. Don't go it alone wondering what if...

Some reading here:
WWW Security FAQ: Securing Against Denial of Service Attacks

Do you have CSF installed and configured to block permanantly, attacking IPs?

Checking var/log/messages isn't the best way to go I don't think.

[ericgregory]

I second what InfoPro stated. If you believe your server is getting DoS'd you should contact the datacenter that houses it to ask them to evaluate the situation. It's not something that you should mess around with and wonder about

[Spiral]

Two nights in a row I had to reboot the server.

I checked /var/log/messages and found this right before reboot, where the server was pinging on/off and load was high.

Is this a ddos attack?


**

Oct 28 02:52:22 server kernel: Firewall:

Yes does look like an attack ...

You should take a deeper look at that and given that someone is interested in your server, you may want to also do a full review of your current security and make sure you are properly secured and hardened.

I certainly would be glad to give you a hand with that

"Death to Hackers" comes only slightly after "Death to Stupidity"

[Spiral]

Your data center may be able to filter out the false traffic at their routers before it reaches your server and this might help you get better grips on this thing.

Beyond that you probably want to thoroughly review the security on your server and make sure you are up to par where you should be.