DDoS attack

Zion Ahead · Oct 28, 2009

Two nights in a row I had to reboot the server.

I checked /var/log/messages and found this right before reboot, where the server was pinging on/off and load was high.

Is this a ddos attack?

**

Oct 28 02:52:22 server kernel: Firewall:

Zion Ahead · Nov 2, 2009

Anyone please?

Infopro · Nov 2, 2009

I don't want to make light of this, someone else will comment hopefully with better advice too, I'm sure, but I see this sort of thing often in my logs. If you suspect it's an attack that's causing huge loads on the server, contact your provider for assistance, or hire an expert. Don't go it alone wondering what if...

Some reading here:
WWW Security FAQ: Securing Against Denial of Service Attacks

Do you have CSF installed and configured to block permanantly, attacking IPs?

Checking var/log/messages isn't the best way to go I don't think.

EricGregory · Nov 4, 2009

I second what InfoPro stated. If you believe your server is getting DoS'd you should contact the datacenter that houses it to ask them to evaluate the situation. It's not something that you should mess around with and wonder about

Spiral · Nov 11, 2009

Zion Ahead said: ↑

Two nights in a row I had to reboot the server.

I checked /var/log/messages and found this right before reboot, where the server was pinging on/off and load was high.

Is this a ddos attack?

**

Oct 28 02:52:22 server kernel: Firewall:
Click to expand...

Yes does look like an attack ...

You should take a deeper look at that and given that someone is interested in your server, you may want to also do a full review of your current security and make sure you are properly secured and hardened.

I certainly would be glad to give you a hand with that

"Death to Hackers" comes only slightly after "Death to Stupidity"

Spiral · Nov 16, 2009

Your data center may be able to filter out the false traffic at their routers before it reaches your server and this might help you get better grips on this thing.

Beyond that you probably want to thoroughly review the security on your server and make sure you are up to par where you should be.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

DDoS attack

Zion Ahead Well-Known Member

Zion Ahead Well-Known Member

Infopro cPanel Sr. Product Evangelist
Staff Member

EricGregory Accounts Manager
Staff Member

Spiral BANNED

Spiral BANNED

Solutions for handling ddos attacks?

EA4 - Mod_evasive - Nginx Proxy - Layer 7 DDOS Attacks

DDoS apache flood

How do you mitigate Apache DDoS on one domain index page?

Increase in perl script attacks

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

DDoS attack

Zion Ahead Well-Known Member

Zion Ahead Well-Known Member

Infopro cPanel Sr. Product Evangelist Staff Member

EricGregory Accounts Manager Staff Member

Spiral BANNED

Spiral BANNED

Solutions for handling ddos attacks?

EA4 - Mod_evasive - Nginx Proxy - Layer 7 DDOS Attacks

DDoS apache flood

How do you mitigate Apache DDoS on one domain index page?

Increase in perl script attacks

Share This Page

Infopro cPanel Sr. Product Evangelist
Staff Member

EricGregory Accounts Manager
Staff Member