The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

attacks on apache!

Discussion in 'EasyApache' started by wheimeng, Jan 15, 2004.

  1. wheimeng

    wheimeng Active Member

    Joined:
    Mar 4, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Good day,

    http://ultraunix.net/endless-destruction.com.gz

    Check that out, is that considered as a DoS or plainly an attack on apache?

    #wc -l endless-destruction.com
    2372541 endless-destruction.com

    # wc -l jan11
    5874 jan11

    # awk '{print $1}' jan11 |sort -nu |wc -l
    282

    As you can see, our apache is badly hit by all the IPs (282 uniques) and each IP is making a return within secs or instantly which has lagged our apache badly (slow response although load is only at 3 on a dual xeon, not sure why though) and massive bandwidth outflow. However, once account has been suspended, everything is back to normal immediately, loading is fast, instant effect. I have searched around in this forum and found the most similar thread would be nimba attacks, however, this is different as the URL is valid, therefore I cannot drop the connection with --string.

    Anyone has any idea how to deal with this? Does APF helps in this matter?

    I'm looking at a script that can perform the following:

    X IP going to Y (listed in conf file) URL for more than Z times in T period will be automatically added to iptables / blocked and echo the abuser's IP to a txt (path in conf)
     
  2. Budwron

    Budwron Member

    Joined:
    Aug 25, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I think APF will help you till a certain point, if you want more secure firewall you got to get a hardware firewalll...

    There are some ISP that offer than for a mo. fee

    You cold also check it abuse@your-isp if they can deal it the hack/spammer (contact the ISP and make they pull the plug on the boy our something like that)


    Any way good luck
     
Loading...

Share This Page