#1 (permalink)  
Old 01-25-2006, 07:54 AM
Registered User
 
Join Date: Mar 2004
Posts: 193
Tagor
Ddos?

I've got a lot of HTTPD processes running:
Quote:
nobody 21387 0.1 2.6 105268 11524 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21389 0.0 2.6 105260 11364 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21390 0.0 2.5 105260 10988 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21402 0.1 2.6 105268 11524 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21403 0.2 2.5 105260 10988 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21412 0.0 2.5 105292 11004 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21417 0.0 2.5 105260 10992 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21424 0.0 2.5 105288 11008 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21533 0.0 2.5 105288 11000 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21545 0.0 2.5 105280 11004 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21662 0.0 2.5 105260 10988 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21664 0.0 2.5 105260 10988 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21665 0.0 2.5 105260 10980 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21667 0.0 2.5 105292 10996 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21668 0.6 3.2 107608 14044 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21669 0.0 2.5 105260 10992 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21670 0.0 2.6 105260 11360 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21671 0.0 0.0 0 0 ? Z 13:50 0:00 [httpd] <defunct>
nobody 21672 0.0 2.5 105260 11004 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21673 0.0 2.5 105260 10964 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21675 0.0 2.5 105260 10980 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
They are from various ip's:
my.server:http->94.Red-88-6-176.staticIP.rima-tde.net:3449 (ESTABLISHED)

Is there a way to stop this? Or is there a way to find out for what website this DDOS attack is?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-25-2006, 10:49 AM
chirpy's Avatar
Moderator
 
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
Are you sue they're not genuine accesses to the server? You're better off looking at the Apache Status page within WHM.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 01-25-2006, 11:20 AM
Registered User
 
Join Date: Mar 2004
Posts: 193
Tagor
Strange, you are right. They are normal accesses. Can you tell me then why the load is so high? I didn't have that problem on a older 32 bit CPU.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 01-25-2006, 12:00 PM
chirpy's Avatar
Moderator
 
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
Difficult to say. You may need to look into apache tuning in httpd.conf which can often bring down httpd loads to more manageable levels. In particular you could turn off KeepAlives.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 01-25-2006, 03:55 PM
Registered User
 
Join Date: Mar 2004
Posts: 193
Tagor
Quote:
Originally Posted by chirpy
Difficult to say. You may need to look into apache tuning in httpd.conf which can often bring down httpd loads to more manageable levels. In particular you could turn off KeepAlives.
I read KeepAlives will cause slow speeds, is that correct?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 01-25-2006, 04:17 PM
chirpy's Avatar
Moderator
 
Join Date: Jun 2002
Location: Go on, have a guess
Posts: 13,495
chirpy will become famous soon enough
Not necessarily. It's a trade off between server performance and perceived performance. If you're finding that server performance is being degraded because of high web usage, then switching off keepalives can help bring the server performance under control to the level where it provides a perceived perfmance gain to the end user. If, however, there are no performance problems on the server, then there's no point in disabling keepalives as then it would give a perceived performance hit.
__________________
Jonathan Michaelson
cPanel Forum Moderator

Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 06:13 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc