The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Site Down due to IP flood?

Discussion in 'Security' started by skegyuk, May 16, 2012.

  1. skegyuk

    skegyuk Registered

    Joined:
    Mar 7, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi,

    My site has been going down recently and I have checked NETSTAT (please see attached)

    Do you think this is what is causing the problem?

    Thanks,
    Danny
     

    Attached Files:

  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    387
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Hello,

    Seems like a SYN FLOOD attack. If you have CSF installed, enable SYN FLOOD protection.

    ============
    # Enable SYN Flood Protection. This option configures iptables to offer some
    # protection from tcp SYN packet DOS attempts. You should set the RATE so that
    # false-positives are kept to a minimum otherwise visitors may see connection
    # issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables
    # man page for the correct --limit rate syntax
    #
    # Note: This option should ONLY be enabled if you know you are under a SYN
    # flood attack as it will slow down all new connections from any IP address to
    # the server if triggered
    SYNFLOOD = "0"
    SYNFLOOD_RATE = "100/s"
    SYNFLOOD_BURST = "150"
    ==============

    Also set SYN COOKIES and increase the half open onnection queue size. Refer Hardening the TCP/IP stack to SYN attacks | Symantec Connect Community and Enable TCP SYN Cookie Protection

    Thank you,
    Nibin.
     
Loading...

Share This Page