DDOS / FLood

[fpr]

I have problen with a attack and i cant block it, this attack make cpanel and whm go to down.

root@svr [/usr/local/apache/htdocs]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
458 187.69.19.253
27
12 189.52.1.6
7 189.31.49.79
6 201.22.166.68
6 200.96.151.16
6 189.59.197.59
6 189.24.41.96
5 200.141.184.15
5 200.103.28.43
5 189.75.168.8
4 83.36.190.184
4 189.114.44.11
4 127.0.0.1
3 201.0.132.249
3 189.19.144.38
3 189.127.161.37


I use server:
Core2Quad
4GB DDR2 RAM
2x500GB
uplink 100mbps


the traffic that is causing this attack is less than 1mb, but the dropping of the services WHM / cPanel.

Every time i recevied msg:
Internal Server Error
The server is too busy to handle your request. Please wait a few minutes and try again.

[BianchiDude]

I have problen with a attack and i cant block it, this attack make cpanel and whm go to down.

root@svr [/usr/local/apache/htdocs]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
458 187.69.19.253
27
12 189.52.1.6
7 189.31.49.79
6 201.22.166.68
6 200.96.151.16
6 189.59.197.59
6 189.24.41.96
5 200.141.184.15
5 200.103.28.43
5 189.75.168.8
4 83.36.190.184
4 189.114.44.11
4 127.0.0.1
3 201.0.132.249
3 189.19.144.38
3 189.127.161.37


I use server:
Core2Quad
4GB DDR2 RAM
2x500GB
uplink 100mbps


the traffic that is causing this attack is less than 1mb, but the dropping of the services WHM / cPanel.

Every time i recevied msg:
Internal Server Error
The server is too busy to handle your request. Please wait a few minutes and try again.

The main problem is just from this IP:
187.69.19.253

Why dont you block that one IP?

If you have APF:
apf -d 187.69.19.253

[fpr]

i make it and:
iptables -I INPUT -p tcp -s 187.69.19.253 -j DROP

and not work.

[BianchiDude]

i make it and:
iptables -I INPUT -p tcp -s 187.69.19.253 -j DROP

and not work.

This was a cross post, and it appears the OP is no longer monitoring this one.

You can view the more active thread here:
DDOS / FLood : Hosting Security and Technology : Web Hosting Talk

[JawadArshad]

i make it and:
iptables -I INPUT -p tcp -s 187.69.19.253 -j DROP

and not work.

Did you restart Apache after that to break the current connections. You may install a custom firewall which would help you block ips easier. CSF and APF are two obvious choices on cPanel servers.