The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Load Avarage High What to do? UDP/SYN might be the problem Firewall

Discussion in 'General Discussion' started by StefanNET, Mar 16, 2011.

  1. StefanNET

    StefanNET Member

    Joined:
    Jan 27, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    So I have cPanel and installed csf, but clearly someone's abuse my server and load avarage is high which slowdown my server.

    I have installed and started csf and firewall csf -s, and it doesnt help, cause in the first place I thought that someone's ddosing server, but it isnt, so I think its someone inside the hosting which do ddos syn/udp flood attack on other's.

    How can I check it and how to determinate it, and once i resolve who it is, where to report that IP?
     
  2. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello,

    With the help of proper configuration of CSF, we can limit ddos. Deflate/Evasive may also give good results.
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If it is not a DoS attack and you suspect it's a user on the system, then please check in WHM > Daily Process Logs for any high CPU, memory or MySQL usage users.

    Do you know how to use top in root SSH to check the processes running and determine what is going on at the time of high load? If not, then please try running the command "top" in root SSH and watch the processes for around 5-15 minutes time. The more you use top to get an idea of what processes are running and what is happening, the more familiar you will get with that command. The top command is a vital component to understanding and troubleshooting system load issues.
     
  4. StefanNET

    StefanNET Member

    Joined:
    Jan 27, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Yes I have been resolved this with top command, but 30 mins after that, someone's start's massive ddos attack on my 100mbps server, and now is down for 1 day and counting, I cant access neither ssh or http, I dont know what to do.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you cannot access SSH, then only your hosting provider, datacenter or NOC can assist at this time. Anyone who has physical access to your machine to reboot it or log into it to check what is happening. The datacenter or NOC should also be able to filter traffic to the machine so that the attack is mitigated.
     
Loading...

Share This Page