I need help to access cpanels logging options.

[darklord1]

I have what seems to be a pretty good idea, I want to create a scenario where if the cpu usage is high(ussually happens during a DDos attack) then the site will die and display an html page.


I hope you can follow the attempts I've already made.It would be a mile long to display each step so please trust that I have reached my limit of knowledge and time.
Coding parts easy.
Its the getting it to read from the server loggs to tell either how many connections are made to the current site OR how high the cpu usage is, now I need to throw one of these into a variable, but I cant figure out how to call it from cpanel, Ive managed to make a script using mysql database, threads allowed verses threads connected. This is not accurate enough as not ALL sites use a database but all nuke sites do and nuke sites are what seem to be a Primary target.

Ive also developed a flood blocker using cookies but apparently DDos bots do not use cookies and therefore cookies cannot be whats used to stop them, so that leaves me with one option, Let the server tell me how many connections are made.

It runs on php_safe_mode and therefore the schell command `top` will not work either.
As I've spent 3 days searching. every part of the net I could find.
Any ideas?

 

[Echelon17]

With all due respect, what you're trying to create is both pointless and a waste of time.

Picture the scenario;

Your server is getting DDoS'ed and your CPU(s) are hitting 100%. What is the use of saying that site is dead and attempting to display a HTML page, when in all likelihood it won't actually be able to SERVE the page in the first place, due to being flooded?

Secondly you're looking at the technicalities of this the wrong way. Reading logfiles would be an excessive waste of resources. The best port of information would be a netstat or hitting the apache-status page to get a more accurate real time representation of what's going on in Apache.

 

[darklord1]

I'll agree with that statement of if resources where at 100% it wouldnt display anything.

Perhaps I needed to be a bit more clear on what I was intending this for.

I want to make it so that lets say its at 20% cpu usage, which on my server is actually pretty high.

Now because I run a php-nuke site, this cpu usage will increase severly by them attacking mysite, and not my server directly, changing it from php w/database to html will not stop the attack but lower the attacks ability to hit the server. I cant think of how to block the ips unless I am able to access the server to tell me how many connections are made to it and what ips they are, this would act more like a site level firewall and I have no intention of developing this as I do not believe its possible. What I would like is to slow it down and set the cpu usage limit low.

I just want to make it so that in the event that my server becomes attacked, my site will not contribute to it. the rest is upto the servers security.