The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server attacked?

Discussion in 'General Discussion' started by persianwhois, Jun 14, 2007.

  1. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Hello,
    my cpu load up to 586% and server crashed.
    I run following command in ssh:
    Code:
    netstat -autpn | grep :80 | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n | uniq -c | sort -n
    and i see:
    Code:
       
      1 0.0.0.0
      1 208.64.230.220
      1 212.180.4.150
      1 217.219.185.164
      1 217.219.225.98
      1 217.219.230.74
      1 217.219.56.214
      1 38.99.13.121
      1 66.36.228.42
      1 72.30.177.83
      1 72.30.177.98
      1 72.55.133.154
      1 74.6.69.213
      1 77.237.171.219
      1 80.191.211.131
      1 82.115.25.193
      1 82.99.248.74
      1 84.11.72.57
      1 84.47.210.5
      1 84.47.210.6
      1 84.47.210.7
      1 84.47.210.8
      3 85.185.3.22
      3 91.98.25.37
      4 217.218.183.3
      4 82.99.195.14
      6 195.146.33.250
    106 208.53.138.2
    162 67.15.211.15
    190 62.68.207.138
    IS MY SERVER DDOS ATTACKED?
    How can resolve this problem. i block attacker ip but he back and start attack again by new ip address.
    on my server mod_evasive and apf firewall installed.
    Help me please.
     
    #1 persianwhois, Jun 14, 2007
    Last edited: Jun 14, 2007
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This looks more like a standard DOS rather than a DDOS. You'd be better off uninstalling APF and installing CSF which will detect and block these attacks effortlessly - you won't even know they are going on, apart from a notification email. APF isn't as good, or as stable, at detecting these sorts of attacks.
     
    #2 brianoz, Jun 14, 2007
  3. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    i have two question:
    1- how can disable apf?
    2- how can remove apf?
     
    #3 persianwhois, Jun 14, 2007
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    CSF has a script that will remove it for you. Download the script at configserver.com and when you untar it you will see disable_apf_bfd.sh - the shell script to do it. :D
     
    #4 mctDarren, Jun 14, 2007
  5. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    If i install csf, how can disable csf and back to apf if need?
     
    #5 persianwhois, Jun 14, 2007
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Run the unintsall in the CSF directory, then simply reintall APF...
     
    #6 mctDarren, Jun 14, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - server attacked
  1. Rodel

    Enabe GIT on cPanel server?

    Rodel, Aug 21, 2017 at 5:03 AM, in forum: General Discussion
    Replies:
    1
    Views:
    32
    Infopro
    Aug 21, 2017 at 5:33 AM
  2. SteveS99

    Adding server /nfs/xxxx mounted folder to public_html/

    SteveS99, Aug 20, 2017 at 4:52 PM, in forum: General Discussion
    Replies:
    2
    Views:
    42
    cPanelMichael
    Aug 21, 2017 at 12:45 PM
  3. electric

    Steps to add new DNS-Only server to existing cluster?

    electric, Aug 19, 2017 at 3:13 PM, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    40
    electric
    Aug 21, 2017 at 1:15 PM
  4. lukapaunovic

    New Thread Securing server without CloudLinux question

    lukapaunovic, Aug 19, 2017 at 11:17 AM, in forum: Security
    Replies:
    5
    Views:
    78
    sparek-3
    Aug 19, 2017 at 7:55 PM
  5. rpvw

    OWASP ModSecurity Core Rule Set V3.0 whm-server-status

    rpvw, Aug 18, 2017 at 1:53 PM, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    39
    cPanelMichael
    Aug 18, 2017 at 2:07 PM

Share This Page