I have just saw on leaseweb noc site that there has been a public release of a Apache DoS tool and all All versions of Apache are vulnerable.
So can anyone confirm this and give some possible solution or advices? ....
my server there it one site
but this site His alexa ranking of 7.000
i need Apache Global Configuration
StartServers = ?
and this
MinSpareServers = ?
and this
MaxSpareServers = ?
and this
MaxClients = ?
and this
MaxRequestsPerChild = ?
browsing heavily on the site, which lead to stoppage of the Apache
Server Information
Intel Core 2 Quad Q9550 2.83GHz
8GB Ram
I've a dedicated with 1 site hosted on, but its a big forum that have a numerous apache attack like :
entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmorehehe
190218806268
[Thu Sep 27 08:59:12 2007] [error] [client 41.221.18.199] Invalid URI in request entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmorehehe
707671880723
[Thu Sep 27 08:59:12 2007] [error] [client 60.54.153.233] mod_security: Access denied with code 403. Pattern match "!HTTP\/(0\.9|1\.0|1\.1)$" at THE_REQUEST [id "340000"][rev "1"] [msg "Bad HTTP Protocol"] [severity "1"] [uri ""]
mod_security: Access denied with code 403. Pattern match "!HTTP\/(0\.9|1\.0|1\.1)$" at THE_REQUEST [id "340000"][rev "1"] [msg "Bad HTTP Protocol"] [severity "1"] [uri ""]
[Thu Sep 27 08:59:49 2007] [error] [client 80.78.48.132] File does not exist: /usr/local/apache/htdocs/403.shtml
[Thu Sep 27 08:59:49 2007] [error] [client 87.110.121.99] Invalid URI in request entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmorehehe
607938289643
[Thu Sep 27 08:59:50 2007] [error] [client 220.116.89.243] Invalid URI in request entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmorehehe
309682726861
---
Mod_security, mod_evasive are installed of course but they cant block this from happening which stops the apache from working.
I've even asked LT to install Cicso ASA 5505 as they told me it will help much, but seems like they don't know how to manage it, so that the server went down every few min for 24 hour till I asked them to uninstall it.
Does the Cicso firewall really helps in that case or what ? if so, what provider should I move to that have experienced staff and can get it work in right way?
way to secure apache from ddos attack's on centos 5.3.
View 7 Replies View RelatedAs you can see my apache is full of Reading connections..... they are filling up my server dening legitimate users to browse trought the websites hosted there... I think this is what is happening to me:
http://mail-archives.apache.org/mod_...l.gmail.com%3E
Im using apache 1.3.3.7 on RHES 3 with latest patches and kernel.
930 requests currently being processed, 6 idle servers
RRRRRRRRWRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRR
RRRRRRRRRWRRRWRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR_RRRRRRRRRRRRR_RRRRRRR
RRRRRRRRRRRRRRRRRRRRRRWRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
R_WRRRRRRRRRRRRRRRRRRRRWWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRR
RRRRRRRRRRRRRWRR_RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR_
RRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRR_RRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRR
RRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRR.RRR.......................
1-044940/40/40R 0.33340.00.060.06 ??..reading..
2-044950/55/55R 0.47330.00.110.11 ??..reading..
3-044960/35/35R 0.31330.00.050.05 ??..reading..
4-044970/38/38R 0.13210.00.090.09 ??..reading..
5-045410/40/40R 0.16360.00.130.13 ??..reading..
6-046190/28/28R 0.12110.00.030.03 ??..reading..
7-046220/34/34R 0.35320.00.100.10 ??..reading..
8-051640/34/34R 0.135100.00.300.30 ??..reading..
Also, here is the top output of the top command:
top - 12:46:21 up 10 min, 1 user, load average: 1.40, 2.03, 1.06
Tasks: 1063 total, 2 running, 1060 sleeping, 0 stopped, 1 zombie
Cpu(s): 4.9% us, 1.6% sy, 0.0% ni, 93.1% id, 0.3% wa, 0.0% hi, 0.0% si
Mem: 2073516k total, 2001984k used, 71532k free, 42384k buffers
Swap: 2048276k total, 0k used, 2048276k free, 178096k cached
Server seems to be fine, but total tasks are always between 1060 and 1124... thats very rare too..
how to avoid this attack?
I have a question related DDOS attack. My hosting provider told me that my Server was DDos attacked few days ago. But in those days my server worked fine only apache server was down. The strange fact is that in the same day with this "DDOS attack" one of theyr admins worked something on SSL section of my server and during this operation the SSL hosts were down and httpd worked slow.
Inthe passed 3 months httpd worked very slow and after 2-3 restarts of httpd service the load droped down below 3.00 . I believe theyr httpd service was already with problems and that SSL configuration cause that apache failure in that day with "ddos attack"
I repeat in that day ONLY ssl hosts worked fine and non SSL hosts were down.
It's possibile on DDOS attack that load to be unde 0.5 , SSL hosts to work fine, FTP, Mail and other stuf to work like there is nobody on server (VERY FAST)?
My server was unstable at this month sometimes fork 700 process and apache 80 access per second and that's made server very slow . very bad browsing
when i checked log files /var/log/messages found that errors
Apr 20 04:06:28 suhosin[798]: ALERT - configured request variable value length limit exceeded - dropped variable 'message' (attacker '212.107.116.238', file '/usr/local/cpanel/cgi-sys/php4')
Apr 22 00:27:05 suhosin[15442]: ALERT - configured request variable name length limit exceeded - dropped ....
i have both PHP(php4 & php5) together
PHP4.........CSO (defoult)
PHP5.........CGI
i have already transfered a site from another server to my server !
this website using PHP5 and they asked me to enable register_global
but i don`t know how to active register_global when PHP5 set as CGI
value will not be accepted when PHP5 set as CGI : php_flag register_globals 1
* i think the last server used Suphp ( i found some files like : php.ini in FTP)
Looking for quick, easy global load balancing solution. This is actually for a temporary situation (we need to move to a new DC and need to make this seamless as possible). Linux solution preferred if possible. What can we use to get this achieved?
How exactly does it work? does it need VPN between locations or is client redirected to a different IP somehow?
We would consider dedicated hardware solutions provided that we can get 2 pieces for under $2,000 total (ebay i guess).
Is there a way to use DNS system (eg. Power DNS) so that based on geographical location Googlebot will locate a localized version of the site and hence will get a higher ranking for that country?
View 4 Replies View RelatedDoes anyone have an Global Crossing contact?
View 6 Replies View RelatedI don't know if this website exists but... is there a website that shows Global Bandwidth usage to the world?
View 3 Replies View RelatedWe currently take transit from Level3 and Tiscali in addition to peering at LINX in the UK. We reaching capacity on our 100Mbps connection to Level3 which we take through a Reseller. I plan to keep our Tiscali transit as we receive great routes to Europe.
I have received quotes for increasing our Level3 to 1Gbps with 100 Mbps CDR and also switching to Global Crossing direct which are I think are fairly competitive at ~ £12 per Mbps?
Does any one have direct experience with either of these two providers in the UK and can recommend who has the best support/routes etc? Additionally I see a number of other UK providers are using Telia and NTT. Having had no experience with Telia or NTT I am unsure if they are in the same league as Global Crossing and Level3. Also are there any other Tier 1's we should be looking at?
It seems the more places we can put servers, the more places boss-man wants them
We're setting up an external network to test back into our network from geographically/carrier diverse locations. We've got about 15 hosts up, but most are in the states, one in london, one in amsterdam, one in frankfurt and one in hong kong.
The current wish list of locations includes -
- Japan
- S. Korea
- Australia (holy cow bw is expensive in sydney! is anyone charging less than $500 per Mb?)
- Paris, France (we have one quote in, but it is pretty pricy)
- Italy
- Spain
- Sweden
I'm doing research and have submitted rfq's to companies in most of these locations, but was hoping for personal recommendations of hosts you have used.
Is anyone here running GFS? The responsibility of managing a small cluster of them is about to fall into my lap, and the only documentation I can find is on Wikipedia, which is troubling. I've got the man pages, but I was hoping for more of a document outlining how it works.
Why would lock_dlm2 or gfs_scand take up close to 100% CPU with minimal traffic on the machine, for example? What do those do? How can I tune it to not do that?
I'm not so much looking for specific answers here about tuning, but am more curious about where I should be looking for documentation. I find it hard to believe that there is none?
Some limit connection mods can limit max connections per vhost, any mod can limit connections to apache server per IP?
View 3 Replies View RelatedI need to setup a global FTP account so I can reach the root of C:inetpubvhosts.
View 2 Replies View RelatedI'm doing a bit of research into the market of Global Server Load Balancing and I'm wondering if anyone knows of any web hosting companies that offer this service. I'm looking for companies large and small that have this service.
View 10 Replies View RelatedI've recently upgraded from Shared hosting to a VPS. I'm currently getting my new VPS setup before migrating my site over. On my shared server, both the global and local safe_mode directives were reported as off by php_infO(). On ym new server, the global is reported as off, but local is reported as on.
On my old server, the PHP was version 4.4.9 running as a CGI. On my new server, PHP 5.1.6 is running as an Apache 2.0 Handler.
I have already set safe_mode to off in my global php.ini file (hence why global is reported by off). However, I have no local php.ini files, htaccess files, or php directive settings in place, so I cannot figure out why local is set to on!
I've tried editing httpd.conf to include "php_admin_flag safe_mode Off", though I'm not certain I put it in the right place. There is only one website on this server.
With the CGI php on my old server, I was able to create a local php.ini file to overwrite global directives, but that seems to have no effect with the Apache Handler on my new server.
I need to host a service that has to have best possible speed anywhere in the world.
I am unable to find anything comparable to Hurricane Electric.
They own 15+ transit nodes in America, 4 in europe, 1 in asia
And they provide dedicated hosting.
I am looking for the alternatives because HE's service is very rudimentary, they just provide servers and you're on your own.
Especially, there's no KVM-over-ip, to reinstall or upgrade you have to pay them $200 every time.
But the connection rates, network uptime are best you ever get.
So there's not possible to get both: level 1 connection and great dedicated hosting service?
There are either backbone providers or service providers.
Is Hurricane Electric the only one who does both?
I'm not sure how much people use InternetHealthReport.com, but Global Crossing consistently has the worst packet loss - [url]
I'm not sure what the cause is, but I wouldn't be surprised if it's because they are a primary peer for Hurricane Electric and other budget carries who don't have much other Tier 1 peers (i.e. Xeex).
Any comments from current Global Crossing customers?
At this moment, all mail (no matter what domain) goes out straight to its destination. We want to send the mail trough a antispam firewall before it enters the internet.
What setting to change?
Thought this might be of interest to folks on WHT. We put together a solution using Nginx ( Engine-X ) to do Global Server Load Balancing. This solution lets you do GSLB without having to fork over $26k per site to F5 or Foundry.
Thought it would be of interest to both end-users as well as dedicated hosting providers who might want to make it into a service (eg. sell a dedicated host in Europe and the US as a group, with the solution pre-installed).
The entire project, including relavent configs is available for download in the latest ( issue 6 ) FREE issue of o3 magazine (o3magazine.com)
Arbor Networks, Merit Network and U. Michigan to present a 2 year study of global internet traffic at NANOG 47. Sounds like it should be interesting to hear. Anyone going?
From the one page brief:
Arbor
"Evolution of the Internet Core: Over the last five years, Internet traffic has migrated away from the traditional Internet core of 10 to 12 Tier-1 international transit providers. Today, the majority of Internet traffic by volume flows directly between large content providers, datacenter / CDNs and consumer networks. Consequently, most Tier-1 networks have evolved their business models away from IP wholesale transit to focus on broader cloud / enterprise services, content hosting and VPNs."
I am just wondering if the Global financial crisis has any negative impacts on hosting providers and IT sector? Do the crisis consequences lead to hosting sales decrease? How does the World hosting industry experience financial crisis? How can hosting business owners comment the current situation in the World?
View 14 Replies View Relatedis there a way to set global php values settings for all Domains in Plesk 12. In the older version of Plesk I can do it by linux in /etc/php.ini and restart the apache and all Domains will be load this configuration. But from Plesk 11 the settings are not loading from /etc/php.ini, only by the own php.ini file.How can I do it for all domains?
View 1 Replies View Related
