My server attacked?

persianwhois

persianwhois

Well-Known Member
Apr 18, 2007
117
1
166
Mahallat
cPanel Access Level
Root Administrator
Hello,
my cpu load up to 586% and server crashed.
I run following command in ssh:
Code: 
netstat -autpn | grep :80 | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n | uniq -c | sort -n
and i see:
Code: 
      1 0.0.0.0
      1 208.64.230.220
      1 212.180.4.150
      1 217.219.185.164
      1 217.219.225.98
      1 217.219.230.74
      1 217.219.56.214
      1 38.99.13.121
      1 66.36.228.42
      1 72.30.177.83
      1 72.30.177.98
      1 72.55.133.154
      1 74.6.69.213
      1 77.237.171.219
      1 80.191.211.131
      1 82.115.25.193
      1 82.99.248.74
      1 84.11.72.57
      1 84.47.210.5
      1 84.47.210.6
      1 84.47.210.7
      1 84.47.210.8
      3 85.185.3.22
      3 91.98.25.37
      4 217.218.183.3
      4 82.99.195.14
      6 195.146.33.250
    106 208.53.138.2
    162 67.15.211.15
    190 62.68.207.138
IS MY SERVER DDOS ATTACKED?
How can resolve this problem. i block attacker ip but he back and start attack again by new ip address.
on my server mod_evasive and apf firewall installed.
Help me please.
 
Last edited:
brianoz

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
This looks more like a standard DOS rather than a DDOS. You'd be better off uninstalling APF and installing CSF which will detect and block these attacks effortlessly - you won't even know they are going on, apart from a notification email. APF isn't as good, or as stable, at detecting these sorts of attacks.
 
persianwhois

persianwhois

Well-Known Member
Apr 18, 2007
117
1
166
Mahallat
cPanel Access Level
Root Administrator
brianoz said:
This looks more like a standard DOS rather than a DDOS. You'd be better off uninstalling APF and installing CSF which will detect and block these attacks effortlessly - you won't even know they are going on, apart from a notification email. APF isn't as good, or as stable, at detecting these sorts of attacks.
Click to expand...
Thank you.
i have two question:
1- how can disable apf?
2- how can remove apf?
 
mctDarren

mctDarren

Well-Known Member
Jan 6, 2004
665
8
168
New Jersey
cPanel Access Level
Root Administrator
CSF has a script that will remove it for you. Download the script at configserver.com and when you untar it you will see disable_apf_bfd.sh - the shell script to do it. :D
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C My server got attacked on the "smtp", is it dangerous? Security 10
D server attacked Security 7
S Is my server getting attacked or is this normal behaviour? Security 5
N Server attacked by phishers Security 3
4 How can i know that my server was attacked bye another or not? Security 2
Similar threads
My server got attacked on the "smtp", is it dangerous?
server attacked
Is my server getting attacked or is this normal behaviour?
Server attacked by phishers
How can i know that my server was attacked bye another or not?
Top Bottom