Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do you mitigate Apache DDoS on one domain index page?

Discussion in 'Security' started by postcd, Oct 29, 2016.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    669
    Likes Received:
    11
    Trophy Points:
    68
    Hello,

    many IPs visitting one hosted domain index page (/)
    So it is ddos to bring down Apache i think.

    It seems to be too many subnets from all around the world, from random ports. Without ipset i may block something. But what do you do when you have this kind of attack?

    When i suspended account, load went from 190.00 to 2.40 which is 1.00 above average. There was still around 5000 connections on port 80.

    So which steps to do to unsuspend target cpanel and be able to handle attack?
    suspend: /scripts/suspendacct cpanelusername
    unsuspend: /scripts/unsuspendacct cpanelusername

    To get possible bad IPs, i did:
    cat /usr/local/apache/domlogs/TARGETCPUSER/TARGETDOMAIN.TLD|awk '{print $1}' | sort -nk1 | uniq -c | sort -nk1 > /home/MYCPANEL/www/ips.txt
    (first row are number of occurrences in access log, second is IP)

    PS: is there any command or tool that i can use to gather undeniable proof of the DDoS needed for IP owners to suspend services on that IP/s?
     
    #1 postcd, Oct 29, 2016
    Last edited: Oct 29, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page