The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache attack?

Discussion in 'EasyApache' started by webicom, Jan 27, 2008.

  1. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Hello all,

    I think that Im experienceing attacks on one of my servers. I have open this hread becouse Im not shore if my problem is attack on my server or just some kind of a bug. When happening apache is going down and I can not start it again eaven some times it say as http started Ok but it is not and web pages are not working. I can not start or restart http through WHm or ssh. Then I discovered that whenever I experiance this problem I have strange lots of http on port 80 connection and always just form one IP. I use command to check and sort port 80 connection "netstat -plan | grep ":80 " | awk {'print $5'} |awk -F: {'print $1'}|sort" and as I said there is always just one IP with lots of connection. Then I ban that IP with lfd firewall (thanks chirpy) restart apache and everything is OK. This attack or bug (whatever it is) is not appearing in expected sequence it comes randomly, sometimes after a week sometimes the next day... and becouse of that random pattern I think it is an attack. Did anyone else experiance something similar? I would appreciate any comment on this issue so I can finally be shore what is going on.

    Regards, Erik
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Your server is under TCP SYN Flooding attack. This is NOT a bug. Read more about this attack at: http://servertune.com/kbase/entry/64/
     
  3. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Thanx for your reply Andyreed. I also think that this is an attach and not a bug, but I asked to be shore. I will try to prevent attacks with connection tracking sistem on all ports and blocking all IPs with more tha xxx connections.

    Thanks again, Erik
     
Loading...

Share This Page