Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How do you mitigate Apache DDoS on one domain index page?

Discussion in 'Security' started by postcd, Oct 29, 2016.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    692
    Likes Received:
    14
    Trophy Points:
    68
    Hello,

    many IPs visitting one hosted domain index page (/)
    So it is ddos to bring down Apache i think.

    It seems to be too many subnets from all around the world, from random ports. Without ipset i may block something. But what do you do when you have this kind of attack?

    When i suspended account, load went from 190.00 to 2.40 which is 1.00 above average. There was still around 5000 connections on port 80.

    So which steps to do to unsuspend target cpanel and be able to handle attack?
    suspend: /scripts/suspendacct cpanelusername
    unsuspend: /scripts/unsuspendacct cpanelusername

    To get possible bad IPs, i did:
    cat /usr/local/apache/domlogs/TARGETCPUSER/TARGETDOMAIN.TLD|awk '{print $1}' | sort -nk1 | uniq -c | sort -nk1 > /home/MYCPANEL/www/ips.txt
    (first row are number of occurrences in access log, second is IP)

    PS: is there any command or tool that i can use to gather undeniable proof of the DDoS needed for IP owners to suspend services on that IP/s?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 postcd, Oct 29, 2016
    Last edited: Oct 29, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,378
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice