The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DDOS / FLood

Discussion in 'Security' started by fpr, Dec 16, 2009.

  1. fpr

    fpr Active Member

    Joined:
    Oct 15, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    I have problen with a attack and i cant block it, this attack make cpanel and whm go to down.

    root@svr [/usr/local/apache/htdocs]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
    458 187.69.19.253
    27
    12 189.52.1.6
    7 189.31.49.79
    6 201.22.166.68
    6 200.96.151.16
    6 189.59.197.59
    6 189.24.41.96
    5 200.141.184.15
    5 200.103.28.43
    5 189.75.168.8
    4 83.36.190.184
    4 189.114.44.11
    4 127.0.0.1
    3 201.0.132.249
    3 189.19.144.38
    3 189.127.161.37


    I use server:
    Core2Quad
    4GB DDR2 RAM
    2x500GB
    uplink 100mbps


    the traffic that is causing this attack is less than 1mb, but the dropping of the services WHM / cPanel.

    Every time i recevied msg:
    Internal Server Error
    The server is too busy to handle your request. Please wait a few minutes and try again.
     
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    The main problem is just from this IP:
    187.69.19.253

    Why dont you block that one IP?

    If you have APF:
    apf -d 187.69.19.253
     
  3. fpr

    fpr Active Member

    Joined:
    Oct 15, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    i make it and:
    iptables -I INPUT -p tcp -s 187.69.19.253 -j DROP

    and not work.
     
  4. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
  5. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Did you restart Apache after that to break the current connections. You may install a custom firewall which would help you block ips easier. CSF and APF are two obvious choices on cPanel servers.
     
Loading...

Share This Page