The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache DOS Attack using my server IP ?? very rare, look at this

Discussion in 'EasyApache' started by sh4ka, Jun 2, 2006.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Look at this..

    Is this an attack or what ? how can i have 779 connections form the primary server IP ??? i've never seen something like this...

    Just pasted the last lines from the output of the netstat command.. and got the number of connections per IP on 80 port:

    root@server [/tmp]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | more
    779 XX.XX.XX.XX ----------------> PRIMARY SERVER IP
    104 24.42.134.253
    90 201.247.190.136
    67 85.57.5.50
    65 217.216.144.66
    58 88.14.20.182
    58 85.54.231.126
    58 81.33.213.96
    58 81.231.92.63
    56 83.32.70.11
    54 83.103.128.166


    DC Techs told me it may be some syn flood, also told me connections are in TIME WAIT, they told me to put a firewall and try to put off the keepalives in httpd.conf.... and already did keepalives, already have APF well configured, with anti-dos working, also they told me to optimize the server, and i already have optimized for apache, mysql, and systcl, and still got the same issue...

    Also from netstat see lot of connections like this:
    --------------------------------------------------------------
    tcp 0 0 server.myserver:http 22.Red-83-59-187.dyna:10429 TIME_WAIT
    tcp 0 0 server.myserver:http 77.Red-83-52-236.dynam:2238 TIME_WAIT
    tcp 0 0 server.myserver:http cm16161.red.mundo-r.co:4441 TIME_WAIT
    tcp 0 0 server.myserver:http ti200720a080-0340.bb.:53028 TIME_WAIT
    tcp 0 0 server.myserver:http 77.Red-83-52-236.dynam:2233 TIME_WAIT
    tcp 0 0 server.myserver:http cm16161.red.mundo-r.co:4446 TIME_WAIT
    tcp 0 0 server.myserver:http host86-141-166-187.ran:1858 TIME_WAIT


    how can I detect who's causing the problem and fix it ? i need a solution
    This is a dual xeon 3.2, 2 GB RAM, RedHat ES 3 with cPanel.
     
Loading...

Share This Page