Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DDoS attack

Discussion in 'Security' started by Zion Ahead, Oct 28, 2009.

  1. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    166
    Two nights in a row I had to reboot the server.

    I checked /var/log/messages and found this right before reboot, where the server was pinging on/off and load was high.

    Is this a ddos attack?


    **

    Oct 28 02:52:22 server kernel: Firewall:
     
    #1 Zion Ahead, Oct 28, 2009
  2. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    166
    Anyone please?
     
    #2 Zion Ahead, Nov 2, 2009
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,160
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I don't want to make light of this, someone else will comment hopefully with better advice too, I'm sure, but I see this sort of thing often in my logs. If you suspect it's an attack that's causing huge loads on the server, contact your provider for assistance, or hire an expert. Don't go it alone wondering what if...

    Some reading here:
    WWW Security FAQ: Securing Against Denial of Service Attacks

    Do you have CSF installed and configured to block permanantly, attacking IPs?

    Checking var/log/messages isn't the best way to go I don't think.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Infopro, Nov 2, 2009
  4. EricGregory

    EricGregory Accounts Manager
    Staff Member

    Joined:
    Nov 27, 2002
    Messages:
    123
    Likes Received:
    1
    Trophy Points:
    243
    Location:
    Pennsylvania
    cPanel Access Level:
    DataCenter Provider
    I second what InfoPro stated. If you believe your server is getting DoS'd you should contact the datacenter that houses it to ask them to evaluate the situation. It's not something that you should mess around with and wonder about :)
     
    #4 EricGregory, Nov 4, 2009
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    Yes does look like an attack ...

    You should take a deeper look at that and given that someone is interested in your server, you may want to also do a full review of your current security and make sure you are properly secured and hardened.

    I certainly would be glad to give you a hand with that :)

    "Death to Hackers" comes only slightly after "Death to Stupidity"
     
    #5 Spiral, Nov 11, 2009
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    Your data center may be able to filter out the false traffic at their routers before it reaches your server and this might help you get better grips on this thing.

    Beyond that you probably want to thoroughly review the security on your server and make sure you are up to par where you should be.
     
    #6 Spiral, Nov 16, 2009
(You must log in or sign up to post here.)
Loading...
Similar Threads - DDoS attack
  1. Mehrdad Tari

    Solutions for handling ddos attacks?

    Mehrdad Tari, Jul 9, 2017, in forum: Security
    Replies:
    3
    Views:
    1,111
    postcd
    Aug 19, 2017
  2. 007basaran

    EA4 - Mod_evasive - Nginx Proxy - Layer 7 DDOS Attacks

    007basaran, Feb 28, 2017, in forum: Security
    Replies:
    19
    Views:
    2,114
    cPanelMichael
    Apr 7, 2017
  3. daemoncesar

    DDoS apache flood

    daemoncesar, Feb 1, 2018, in forum: Security
    Replies:
    3
    Views:
    428
    cPanelMichael
    Feb 2, 2018
  4. postcd

    How do you mitigate Apache DDoS on one domain index page?

    postcd, Oct 29, 2016, in forum: Security
    Replies:
    1
    Views:
    799
    cPanelMichael
    Oct 31, 2016
  5. David_spm

    Persistent bot/brute-force attack, iptables not working

    David_spm, Jun 12, 2018 at 10:31 PM, in forum: Security
    Replies:
    13
    Views:
    124
    cPanelLauren
    Jun 18, 2018 at 9:02 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice