The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server attacked?

Discussion in 'General Discussion' started by persianwhois, Jun 14, 2007.

  1. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Hello,
    my cpu load up to 586% and server crashed.
    I run following command in ssh:
    Code:
    netstat -autpn | grep :80 | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n | uniq -c | sort -n
    and i see:
    Code:
       
          1 0.0.0.0
          1 208.64.230.220
          1 212.180.4.150
          1 217.219.185.164
          1 217.219.225.98
          1 217.219.230.74
          1 217.219.56.214
          1 38.99.13.121
          1 66.36.228.42
          1 72.30.177.83
          1 72.30.177.98
          1 72.55.133.154
          1 74.6.69.213
          1 77.237.171.219
          1 80.191.211.131
          1 82.115.25.193
          1 82.99.248.74
          1 84.11.72.57
          1 84.47.210.5
          1 84.47.210.6
          1 84.47.210.7
          1 84.47.210.8
          3 85.185.3.22
          3 91.98.25.37
          4 217.218.183.3
          4 82.99.195.14
          6 195.146.33.250
        106 208.53.138.2
        162 67.15.211.15
        190 62.68.207.138
    IS MY SERVER DDOS ATTACKED?
    How can resolve this problem. i block attacker ip but he back and start attack again by new ip address.
    on my server mod_evasive and apf firewall installed.
    Help me please.
     
    #1 persianwhois, Jun 14, 2007
    Last edited: Jun 14, 2007
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This looks more like a standard DOS rather than a DDOS. You'd be better off uninstalling APF and installing CSF which will detect and block these attacks effortlessly - you won't even know they are going on, apart from a notification email. APF isn't as good, or as stable, at detecting these sorts of attacks.
     
  3. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    i have two question:
    1- how can disable apf?
    2- how can remove apf?
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    CSF has a script that will remove it for you. Download the script at configserver.com and when you untar it you will see disable_apf_bfd.sh - the shell script to do it. :D
     
  5. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    If i install csf, how can disable csf and back to apf if need?
     
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Run the unintsall in the CSF directory, then simply reintall APF...
     
Loading...

Share This Page