The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server Under Attack. DDOS Protection Tips / Detecting Entry?

Discussion in 'Security' started by cpaneln00b, May 27, 2010.

  1. cpaneln00b

    cpaneln00b Registered

    May 25, 2010
    Likes Received:
    Trophy Points:
    My server is currently being DOS'd / DDOS'd and the attack has lasted for around 48 hours now.

    When the attack first began my server went completely down / connection timeout issues on all my pages on my site. At this point I had no firewall installed, this type of thing has never happened to me before and SSH sounds more like a type of drug than anything else to me!!!

    I managed to install CSF onto my system and since then it has slowly filtered out 70 IP's (Over around the last 40 hours).

    Now I simply cannot find where the traffic is coming in from. There is nothing in my raw access logs, I have run the 2 queries below in SSH / Putty but they aren't showing many active connections:

    netstat -plan |grep :80 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n
    netstat -plan | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

    But still my server is spitting out 3.2MBPS constantly. This attack is eating away at my bandwidth badly and I'm not too sure what to do from here.

    Could anyone with experience in the matter help to lower this amount / completely stop the attack (Probably not possible but still a nice idea!).
  2. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    Yes, I'll help you --- Sending you my contact info now

Share This Page