Community Forums
Connect with us on LinkedIn
Community Notice
  
+ Reply to Thread
Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Mar 2004
    Posts
    193

    Default Ddos?

    I've got a lot of HTTPD processes running:
    nobody 21387 0.1 2.6 105268 11524 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21389 0.0 2.6 105260 11364 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21390 0.0 2.5 105260 10988 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21402 0.1 2.6 105268 11524 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21403 0.2 2.5 105260 10988 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21412 0.0 2.5 105292 11004 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21417 0.0 2.5 105260 10992 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21424 0.0 2.5 105288 11008 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21533 0.0 2.5 105288 11000 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21545 0.0 2.5 105280 11004 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21662 0.0 2.5 105260 10988 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21664 0.0 2.5 105260 10988 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21665 0.0 2.5 105260 10980 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21667 0.0 2.5 105292 10996 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21668 0.6 3.2 107608 14044 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21669 0.0 2.5 105260 10992 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21670 0.0 2.6 105260 11360 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21671 0.0 0.0 0 0 ? Z 13:50 0:00 [httpd] <defunct>
    nobody 21672 0.0 2.5 105260 11004 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21673 0.0 2.5 105260 10964 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 21675 0.0 2.5 105260 10980 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
    They are from various ip's:
    my.server:http->94.Red-88-6-176.staticIP.rima-tde.net:3449 (ESTABLISHED)

    Is there a way to stop this? Or is there a way to find out for what website this DDOS attack is?

  2. #2
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    Are you sue they're not genuine accesses to the server? You're better off looking at the Apache Status page within WHM.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com

  3. #3
    Member
    Join Date
    Mar 2004
    Posts
    193

    Default

    Strange, you are right. They are normal accesses. Can you tell me then why the load is so high? I didn't have that problem on a older 32 bit CPU.

  4. #4
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    Difficult to say. You may need to look into apache tuning in httpd.conf which can often bring down httpd loads to more manageable levels. In particular you could turn off KeepAlives.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com

  5. #5
    Member
    Join Date
    Mar 2004
    Posts
    193

    Default

    Quote Originally Posted by chirpy
    Difficult to say. You may need to look into apache tuning in httpd.conf which can often bring down httpd loads to more manageable levels. In particular you could turn off KeepAlives.
    I read KeepAlives will cause slow speeds, is that correct?

  6. #6
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    Not necessarily. It's a trade off between server performance and perceived performance. If you're finding that server performance is being degraded because of high web usage, then switching off keepalives can help bring the server performance under control to the level where it provides a perceived perfmance gain to the end user. If, however, there are no performance problems on the server, then there's no point in disabling keepalives as then it would give a perceived performance hit.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com

Similar Threads & Tags
Similar threads

  1. Being or not Being DDoS'ed?
    By josesan311 in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 04-12-2009, 07:31 PM
  2. Apache DDoS
    By Cristi4n in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 04-21-2007, 03:20 AM
  3. DDOS Attact Please Help Me
    By winteruk in forum cPanel and WHM Discussions
    Replies: 15
    Last Post: 03-23-2007, 08:37 PM
  4. DDos
    By allenhui in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 05-03-2004, 10:35 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube