The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DDoS Problem

Discussion in 'Security' started by JustAName, Jan 9, 2013.

  1. JustAName

    JustAName Registered

    Joined:
    Jan 9, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have a DDoS problem in the last days.
    It's not a HTTP flood because Apache acting as normal, no additional connection as in a usual situation.
    Server's CPU and MEM are OK, nothing high.
    The only problem is 100% network usage.
    I ran iftop and saw some unknown IP's connecting to my server through random ports. I have CSF Installed and NON of these ports are allowed, IN or OUT, TCP or UDP. I tried to manually block these IP's and nothing. CSF didn't block them. I am a total beginner to this world, and would like an explanation which kind of attack is it.
    I have added a screenshot to explain my problem.

    ddos.jpg

    Thank you.
     
    #1 JustAName, Jan 9, 2013
    Last edited: Jan 9, 2013
  2. srpurdy

    srpurdy Well-Known Member

    Joined:
    Jun 1, 2011
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    This is actually normal. those ports are ports assigned by apache. or the TCP/IP Protocol. Basically apache listens on port 80, but if only port 80 was usable then only 1 person could connect. So they're is a "sub" port that each user that connects is assigned base on what ports are available. This is so the correct data goes to the correct place.

    As for your network issues. It's hard to say what is causing that, but it could be your out of bandwidth. You might want to ask your data center about this. (but I'm not expert enough in network issues to give you good advice so I'll let someone else hopefully help you)
     
  3. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I doubt its a DDoS issue if the CPU usage and Apache are behaving correctly.
    Try looking at the process table and see if there arent any weird perl/php script running on background, although if you said TCP/UDP OUT ports are restricted on your firewall I doubt this is the cause.

    Try installing cacti so you can get a decent graph with better values and so you could determine whats going on with your IN or OUT traffic. A more native method would be to tcpdump the NIC and inspect the packets.
     
Loading...

Share This Page