The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server attacked?

Discussion in 'General Discussion' started by persianwhois, Jun 14, 2007.

  1. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Hello,
    my cpu load up to 586% and server crashed.
    I run following command in ssh:
    Code:
    netstat -autpn | grep :80 | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n | uniq -c | sort -n
    and i see:
    Code:
       
      1 0.0.0.0
      1 208.64.230.220
      1 212.180.4.150
      1 217.219.185.164
      1 217.219.225.98
      1 217.219.230.74
      1 217.219.56.214
      1 38.99.13.121
      1 66.36.228.42
      1 72.30.177.83
      1 72.30.177.98
      1 72.55.133.154
      1 74.6.69.213
      1 77.237.171.219
      1 80.191.211.131
      1 82.115.25.193
      1 82.99.248.74
      1 84.11.72.57
      1 84.47.210.5
      1 84.47.210.6
      1 84.47.210.7
      1 84.47.210.8
      3 85.185.3.22
      3 91.98.25.37
      4 217.218.183.3
      4 82.99.195.14
      6 195.146.33.250
    106 208.53.138.2
    162 67.15.211.15
    190 62.68.207.138
    IS MY SERVER DDOS ATTACKED?
    How can resolve this problem. i block attacker ip but he back and start attack again by new ip address.
    on my server mod_evasive and apf firewall installed.
    Help me please.
     
    #1 persianwhois, Jun 14, 2007
    Last edited: Jun 14, 2007
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This looks more like a standard DOS rather than a DDOS. You'd be better off uninstalling APF and installing CSF which will detect and block these attacks effortlessly - you won't even know they are going on, apart from a notification email. APF isn't as good, or as stable, at detecting these sorts of attacks.
     
    #2 brianoz, Jun 14, 2007
  3. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    i have two question:
    1- how can disable apf?
    2- how can remove apf?
     
    #3 persianwhois, Jun 14, 2007
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    CSF has a script that will remove it for you. Download the script at configserver.com and when you untar it you will see disable_apf_bfd.sh - the shell script to do it. :D
     
    #4 mctDarren, Jun 14, 2007
  5. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    If i install csf, how can disable csf and back to apf if need?
     
    #5 persianwhois, Jun 14, 2007
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Run the unintsall in the CSF directory, then simply reintall APF...
     
    #6 mctDarren, Jun 14, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - server attacked
  1. DennisMidjord

    We're shutting down nameservers - what about active domains?

    DennisMidjord, Jun 22, 2017 at 6:06 AM, in forum: Bind / DNS / Nameserver Issues
    Replies:
    4
    Views:
    46
    cPanelMichael
    Jun 22, 2017 at 9:38 AM
  2. Souther

    MySQL Profiles: user app migration to using remote server

    Souther, Jun 21, 2017 at 11:30 PM, in forum: Database Discussions
    Replies:
    6
    Views:
    48
    Souther
    Jun 22, 2017 at 12:43 PM
  3. crismarques silva

    Dedicated server overloading because of mysql

    crismarques silva, Jun 21, 2017 at 6:33 AM, in forum: Database Discussions
    Replies:
    3
    Views:
    33
    cPanelMichael
    Jun 21, 2017 at 9:46 AM
  4. 000

    Delete ALL attachments from server with 50 or more accounts?

    000, Jun 21, 2017 at 5:37 AM, in forum: E-mail Discussions
    Replies:
    1
    Views:
    26
    cPanelMichael
    Jun 21, 2017 at 9:34 AM
  5. elderf

    Prevent IP browsing as it does with the server's primary IP address

    elderf, Jun 21, 2017 at 1:39 AM, in forum: General Discussion
    Replies:
    1
    Views:
    33
    cPanelMichael
    Jun 21, 2017 at 9:43 AM

Share This Page