The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is this a DDOS attack??

Discussion in 'General Discussion' started by kistler, Jan 17, 2007.

  1. kistler

    kistler Well-Known Member

    Joined:
    Jan 27, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Code:
          
               1 68.38.76.23
          1 68.40.252.247
          1 68.41.234.2
          1 68.43.79.10
          1 68.45.63.150
          1 68.48.85.21
          1 68.49.229.146
          1 68.53.222.88
          1 68.57.30.162
          1 68.60.136.243
          1 68.63.108.96
          1 68.63.129.129
          1 68.80.71.129
          1 68.84.10.46
          1 68.89.137.64
          1 68.95.120.62
          1 69.112.83.68
          1 69.116.231.205
          1 69.121.88.70
          1 69.124.75.183
          1 69.135.212.30
          1 69.136.141.189
          1 69.14.101.158
          1 69.142.151.34
          1 69.14.27.12
          1 69.143.33.26
          1 69.14.54.165
          1 69.153.76.8
          1 69.154.65.87
          1 69.176.34.219
          1 69.180.5.134
          1 69.19.14.43
          1 69.201.153.207
          1 69.202.135.190
          1 69.210.29.240
          1 69.223.82.213
          1 69.224.122.240
          1 69.232.75.174
          1 69.242.129.198
          1 69.243.42.25
          1 69.248.207.91
          1 69.250.171.137
          1 69.251.141.147
          1 69.47.122.92
          1 69.47.232.76
          1 69.50.48.32
          1 69.6.173.230
          1 69.86.64.81
          1 69.92.186.171
          1 70.104.31.34
          1 70.128.1.209
          1 70.133.197.37
          1 70.142.209.189
          1 70.157.110.155
          1 70.157.53.13
          1 70.16.219.220
          1 70.176.177.32
          1 70.21.28.131
          1 70.22.199.83
          1 70.224.65.36
          1 70.228.244.66
          1 70.234.154.232
          1 70.234.160.190
          1 70.247.111.6
          1 70.247.231.127
          1 70.253.170.254
          1 70.57.116.98
          1 71.0.64.193
          1 71.104.50.152
          1 71.106.239.37
          1 71.112.199.218
          1 71.112.84.8
          1 71.115.43.153
          1 71.118.86.171
          1 71.121.170.185
          1 71.123.7.86
          1 71.129.174.185
          1 71.135.50.196
          1 71.163.227.26
          1 71.164.237.213
          1 71.164.96.168
          1 71.169.20.204
          1 71.178.18.246
          1 71.193.90.212
          1 71.194.82.202
          1 71.195.94.102
          1 71.202.239.193
          1 71.205.7.102
          1 71.207.112.14
          1 71.212.239.175
          1 71.2.140.203
          1 71.221.57.85
          1 71.222.85.63
          1 71.228.117.167
          1 71.232.173.121
          1 71.233.182.215
          1 71.233.5.189
          1 71.235.26.14
          1 71.236.242.163
          1 71.241.40.68
          1 71.249.102.43
          1 71.252.207.162
          1 71.255.51.34
          1 71.28.33.200
          1 71.29.121.216
          1 71.55.193.252
          1 71.60.125.102
          1 71.64.130.224
          1 71.67.143.157
          1 71.71.237.46
          1 71.72.101.9
          1 71.79.208.36
          1 72.147.86.182
          1 72.150.28.57
          1 72.184.187.77
          1 72.186.125.209
          1 72.188.62.48
          1 72.197.62.53
          1 72.215.3.131
          1 72.235.200.240
          1 72.241.118.47
          1 72.24.129.95
          1 72.24.241.75
          1 72.245.4.16
          1 72.26.135.147
          1 72.28.21.236
          1 72.51.163.219
          1 72.80.194.66
          1 72.84.44.60
          1 72.91.4.216
          1 74.129.208.30
          1 74.134.155.169
          1 74.134.231.156
          1 74.135.179.69
          1 74.135.44.226
          1 74.140.168.130
          1 74.193.67.66
          1 74.229.133.2
          1 74.229.96.145
          1 74.234.175.96
          1 74.237.104.169
          1 74.32.195.98
          1 74.36.221.92
          1 74.61.126.147
          1 74.65.177.156
          1 74.72.37.27
          1 75.109.97.129
          1 75.117.206.212
          1 75.117.207.207
          1 75.117.236.153
          1 75.16.109.171
          1 75.22.236.234
          1 75.2.24.172
          1 75.45.164.32
          1 75.45.69.253
          1 75.46.151.79
          1 75.68.188.90
          1 75.89.153.30
          1 76.17.127.61
          1 76.177.9.239
          1 76.179.135.22
          1 76.18.151.121
          1 76.18.186.32
          1 76.185.133.38
          1 76.185.196.79
          1 76.188.119.15
          1 76.19.114.60
          1 76.210.72.31
          1 76.21.171.207
          1 76.215.203.162
          1 80.88.140.73
          1 85.234.144.215
          1 87.232.42.6
          1 Address
          1 servers)
          2 141.157.41.37
          2 203.112.235.2
          2 206.135.253.46
          2 207.255.103.118
          2 24.18.58.97
          2 24.3.170.177
          2 24.34.61.234
          2 66.174.93.104
          2 67.191.144.9
          2 68.240.191.125
          2 68.60.128.139
          2 70.246.133.202
          2 70.252.102.73
          2 71.52.137.187
          2 71.52.95.142
          2 72.129.191.68
          2 72.193.150.164
          2 74.130.45.15
          2 75.117.207.220
          2 75.196.108.215
          2 75.22.20.28
          2 76.184.3.188
          3 71.115.142.229
          3 72.181.213.173
          3 72.95.11.37
          3 74.32.172.254
          4 68.83.247.131
          7 68.35.101.222
          7 76.166.201.85
          7 76.170.80.221
          8 141.156.49.159
          8 68.197.228.123
          8 70.116.98.17
          9 65.197.80.135
          9 67.167.39.66
          9 68.17.231.197
          9 68.214.6.71
          9 69.143.71.9
          9 71.105.220.15
          9 72.65.173.69
          9 75.43.77.91
         10 24.25.137.157
         10 24.47.224.153
         22 24.25.238.16
         23 24.11.171.144
         30 71.238.77.125
         44 72.235.200.176
         71 66.108.244.76
    
    I am trying to find what make the load of this server spike to 100-200 at random times what else can I look at, any help would be great. This server holds a few my space image hosting people. Could it just be that alone?
     
    #1 kistler, Jan 17, 2007
    Last edited: Jan 17, 2007
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    How did you arrive at those numbers? Are those active simultaneous connections?

    My guess is that you're more likely to be having an email dictionary attack against a domain or two, but not sure that could account for a load of 100-200, so you probably have other things going on as well.
     
  3. kistler

    kistler Well-Known Member

    Joined:
    Jan 27, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    I ran: - to get the list of IPs

    Code:
    
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    
    

    It seemed to help when I tried to kill the http server, again this is a mass image site so maybe it just getting really big. I am just shocked at how many of these IPs are so close to one another.
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    "Seemed to help when you tried to shut down the http server"? What does that mean??? :) Does it mean you couldn't shut down the http server? or that you weren't sure if it helped or not? Either the http server was shut down or it wasn't, and you should notice a difference in load within a few minutes with it fully shutdown. That actually is a good experiment to help isolate the source of the load, but don't bother with it if you're going to be that vague about it :rolleyes:

    I'd also shut down email for a few minutes and see what happens to the load - leave http running and see what happens.
     
Loading...

Share This Page