The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

tcp connections tripping httpd

Discussion in 'Security' started by wise, Oct 16, 2009.

  1. wise

    wise Member

    Joined:
    Mar 3, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    httpd keeps failing on a VPS - netstat shows the below, hundreds of connections which is obviously the reason, how do I block these connections though as dsl093-070-058.sfo4.d isnt resolvable to an ip?!


    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34241 ESTABLISHED 5498/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34242 ESTABLISHED 5499/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34243 ESTABLISHED 5500/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:35011 ESTABLISHED 7280/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34244 ESTABLISHED 5502/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:35012 ESTABLISHED 7281/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34245 ESTABLISHED 5501/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:35013 ESTABLISHED 7278/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34246 ESTABLISHED 5503/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:34247 ESTABLISHED 5505/httpd
    tcp 0 0 ns2.xxxx.net:http dsl093-070-058.sfo4.d:35016 ESTABLISHED 7282/httpd
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Blocking the remote IP addresses from connecting must be done within a firewall, either a software firewall (iptables or ipfw) or a hardware firewall (such as what may be provided by your data center).

    To learn how to use iptables, I recommend checking its manual "man" page using the following command:
    Code:
    # man iptables
    For easier management of an iptables-based software firewall, I suggest also considering to try one of the third-party products listed here:
    http://forums.cpanel.net/f77/third-party-applications-available-cpanel-whm-106785.html
     
  3. wise

    wise Member

    Joined:
    Mar 3, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Im afraid this is a very poor response - the question was how to find out the ip address of the connections so we could block. Thankfully after a second coffee it dawned on me to change the netstat command to show the amount of connections to the box and the ips, we then blocked the ip in question.
     
Loading...

Share This Page