Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DDOS / FLood

Discussion in 'Security' started by fpr, Dec 16, 2009.

  1. fpr

    fpr Active Member

    Joined:
    Oct 15, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    I have problen with a attack and i cant block it, this attack make cpanel and whm go to down.

    root@svr [/usr/local/apache/htdocs]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
    458 187.69.19.253
    27
    12 189.52.1.6
    7 189.31.49.79
    6 201.22.166.68
    6 200.96.151.16
    6 189.59.197.59
    6 189.24.41.96
    5 200.141.184.15
    5 200.103.28.43
    5 189.75.168.8
    4 83.36.190.184
    4 189.114.44.11
    4 127.0.0.1
    3 201.0.132.249
    3 189.19.144.38
    3 189.127.161.37


    I use server:
    Core2Quad
    4GB DDR2 RAM
    2x500GB
    uplink 100mbps


    the traffic that is causing this attack is less than 1mb, but the dropping of the services WHM / cPanel.

    Every time i recevied msg:
    Internal Server Error
    The server is too busy to handle your request. Please wait a few minutes and try again.
     
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    166
    The main problem is just from this IP:
    187.69.19.253

    Why dont you block that one IP?

    If you have APF:
    apf -d 187.69.19.253
     
  3. fpr

    fpr Active Member

    Joined:
    Oct 15, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    i make it and:
    iptables -I INPUT -p tcp -s 187.69.19.253 -j DROP

    and not work.
     
  4. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    166
  5. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    459
    Likes Received:
    6
    Trophy Points:
    68
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Did you restart Apache after that to break the current connections. You may install a custom firewall which would help you block ips easier. CSF and APF are two obvious choices on cPanel servers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice