The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this DDOS attack?

Discussion in 'Security' started by Bahram0110, Jan 5, 2011.

  1. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    First of all, I apologize if thread location is not correct. Please move to related place.

    I think my server is under DDOS attacks.
    I installed PRM (rfxn.com) to limit resources.
    sometimes prm send many emails about max process usage.. i.e. EVENT: HARD FAIL MAX_PROC use:70/max:30 (limit is 30 process pre user)

    unfortunately all of this emails is send at same time and at least 95% of this alerts are for unused sites. So I'm sure that this is an attack.
    But I can not find any suspicious connection in netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -n or suspicious process in top or process manager.

    How can I find more about this and how can I conflict with it?

    thank you
     
  2. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    In addition, Server load goes very high when this occur.
    latest Centos 5.x, latest cpanel/whm, apache, mysql, cpu xeon 3220
     
  3. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    and attacks are for different users accounts at same time. WONDROUS!
     
  4. Bahram0110

    Bahram0110 Well-Known Member

    Joined:
    Dec 12, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    any idea?
     
  5. dyelton

    dyelton Active Member

    Joined:
    Jan 13, 2006
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    I'm having the same thing happen on my server...did you figure anything out?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds like false positives to me:

    You might want to adjust your config a bit.
     
  7. a legacy reborn

    a legacy reborn Registered

    Joined:
    Aug 7, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
  8. mayaboys

    mayaboys Member

    Joined:
    Jan 22, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    DDOS attacks are difficult to control, a good firewall as a first step and must be a hardware firewall that blocks 99% of attacks but is relatively expensive and is not offered by every provider.

    Cordially
     
  9. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    I wanted to provide a link to a prior post that I did about a possible DDoS attack:

    how to restart apache trough cpanel command line?

    The tips in this post might be helpful for anyone reading this topic and needs assistance for a low-level denial of service attack to Apache.

    Thanks.
     
Loading...

Share This Page