The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DDoS Attack

Discussion in 'Security' started by pdclinks, Sep 25, 2011.

  1. pdclinks

    pdclinks Registered

    Joined:
    Sep 25, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm being attacked for three days.
    My server is very slow, the "500 Internal Server Error" is happening very often and I can't do anything.
    When I stop htppd and start again everything is fine for a while. Then everything is freezed again.
    When I use the command #netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n# I have always the IP 127.0.0.1 with 50 or more connections. Any other has always less connections then 127.0.0.1.
    I don't know if this is normal.
    I have the CSF installed at maximum level of security.
    Can you help me clarify the situation?

    Best regards
     
  2. tquang

    tquang Member

    Joined:
    Sep 22, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, if your server not running proxy/cache by itself, you can apply rule
    iptables -A INPUT -p all -s 127.0.0.1 -d 127.0.0.1 -j DROP
    iptables -A OUTPUT -p all -s 127.0.0.1 -d 127.0.0.1 -j DROP
     
  3. pdclinks

    pdclinks Registered

    Joined:
    Sep 25, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    How can I check the IP's that are connected for longer?

    The result of the command #netstat -a | wc -l# is 754.
    Is this a high value? (I have around 200 people online)
    Can I limit this number?
     
  4. pdclinks

    pdclinks Registered

    Joined:
    Sep 25, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    My website is so overloading that I can't access to WHM or cPanel :/
    I can't do anything.
     
  5. tquang

    tquang Member

    Joined:
    Sep 22, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Post your output of command netstat -nat
    We are next go :)
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    201
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If your server is being DDoS attacked you should be contacting your server provider, not posting on a forum. There is nothing anyone can do for you here in this case. Your host can help though. Pick up a phone and call them.
     
  7. makememoo

    makememoo Registered

    Joined:
    Sep 26, 2011
    Messages:
    0
    Likes Received:
    0
    Trophy Points:
    0
    cPanel Access Level:
    Website Owner
    Had a similar problem not a long while back. Went to several proxy shield providers. If you suffer DDoS you have to go with professional cloud services, no need to change your server - they work as proxy and some of them even offer a free test - you can see for yourself it they're any good. If you Google "ddos protection free test" you'll see who they are. Sorry for not giving you links - I do not endorse anyone.

    Hope this helps!
     
  8. DDoS Buster

    DDoS Buster Registered

    Joined:
    Sep 30, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    We can help. Please send me some contact information to through our website Corero.com
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This person only has one post; I'd check them out very carefully before giving them any access to your server.
     
Loading...

Share This Page