Check Server For Dos Attack
May 17, 2009How can check server for dos/ddos/syn attack?
Because my server load is high, perfromance is low, but i dont have any high process.
ADVERTISEMENT
Check And Prevent Ddos Attack
May 25, 2009While working with different issues, I have seen that many clients complaining about ddos attack on their server. So, I am posting here some useful commands to check and prevent ddos attack.
First of all when you see that your site's or server speed is very slow even though there is not much load on your server, you can guess it might be ddos. Then run 'top' command and see which processes is more, if those are httpd then fire following command
which will show how many active connections your server is currently processing.
netstat -n | grep :80 | wc -l
netstat -n | grep :80 | grep SYN |wc -l
The first command will show the number of active connections that are open to your server. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems.If the second command is over 100 you are having trouble with a syn attack.
netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
That will list the IPs taking the most amounts of connections to a server.
use follwoing command to block a ip with iptables on server
iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT
service iptables restart
service iptables save
--------OR---------------
You can place ip's which you want to block in hosts.deny
vi /etc/hosts.deny
httpd: IP
write and quit
---------------------------
Then KILL all httpd connection and restarted httpd service by using following command
killall -KILL httpd
service httpd startssl
-----------------------------------
This are all the step to check and prevent ddos on your server.
Check And Verify DDOS Attack?
Jan 4, 2008in the last couple of days we really have problem accessing web service, while ftp, ssh, work fine. While we getting connection time out, the load on the server is really load around .2 and get numerous e-mail from Cpanel that httpd is failling and try to restart.
How can i do to check and verify that there a DDOS attack?
What step can i do to possibly minimize DDOS attack?
My Server Is Currently Under Attack
Jul 2, 2009My server is currently underattack, I have been able to keep it up but after I ban 500 IPs, I get a lot of different IPs again.
Any idea or suggestion to do mass-ban to those attacking IPs?
tcp 0 0 xxx.xx.xxx.xxx:80 190.87.128.59:3965 SYN_RECV
tcp 0 0 xxx.xx.xxx.xxx:80 82.115.52.10:2323 SYN_RECV
tcp 0 0 xxx.xx.xxx.xxx:80 90.148.137.56:21094 SYN_RECV
tcp 0 0 xxx.xx.xxx.xxx:80 189.237.35.155:57605 ...
How To Check IP If It Can See My Server
Apr 10, 2009I have one client who cannot see my server and all domains on it. I;ve checked if his IP is block or not and I didn't see his IP on the apf deny host file. How to you check IP if it can see my server? I just want to make sure before calling the ISP.
View 3 Replies View RelatedDDOS :: Someone Is Trying To Attack Our Server
Jul 4, 2006Someone is trying to attack our server (I think so). When running apache status there are a LOT of connections from one network, all requesting the same page. But running: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n does show any of these IP's. So script blocking ddos attacks wont work. Anyone know what can I do about this?
View 14 Replies View RelatedHow Many Attack Attempts Do You Get To Your Server Per Day?
Aug 22, 2007I went today to my apache error log, and noticed that those scum lowlifes hackers trying to hack my server every day for at least 100 times!!!
What a disaster!
Examples of urls they trying to use:
- http://usuarios.arnet.com.ar/larry123/safe.txt?
- http://uploaded.justfree.com/id.txt?
- http://nukedclx.info/php/base
Is there anything that can be done to prevent this mor*** from even trying to hack (except putting a bullet in his/their head)?
My Server Attack By Hackers
Nov 7, 2009two of my website on the server was changed by the hackers.How did they do it?
View 7 Replies View RelatedBotnet Attack My Server
Nov 3, 2009i got botnet attack my web server...is there anything i can do to block thse attack? my host isnt help much?
View 4 Replies View RelatedBot Attack, How To Protect Server
Oct 22, 2009how to protect an linux dedicated server from bot attack. Im using linux server with cPanel, using CSF firewall + DOS Deflate.
View 5 Replies View RelatedIs My Server Under DDOs Attack
Feb 2, 2008is this DDOs attack : .....
View 5 Replies View RelatedNew Type Of Server Attack
Jan 31, 2008I think I'm experiencing some type of alternative to a DDoS attack. My server is being killed by thousands of emails being sent to fake accounts on my server.
I'm not a server administrator, so please bear with me.
My load average is skyrocking to 800.xx at times. I look at "top" and see "exim" for one specific user on my server. I own all the websites on my server, by the way.
When I look at my email queue, I see thousands of emails coming in to accounts that don't exist for that specific user. Let's say the domain name is salcollaziano.com. Somebody is sending spam to various salcollaziano.com aliases that don't exist. Like webmaster -at- salcollaziano.com and suzy -at- salcollaziano.com.
How can I prevent these spam emails from having any interaction with my server? It's causing me a lot of downtime on all the sites I have running on that particular server.
Threatened With An Attack On My Server
Nov 27, 2008Not sure if it's a valid threat, but I would like to do the best I can to identify one as early as possible.
Can someone maybe give me an idea of what to look for? They were not specific on there type of attack, but I was hoping that there was maybe a log file I could tail and keep an eye out for irregularities.
My Server Got Phisihing Attack
Aug 8, 2007my server got phisihing attack with bankamerica/paypal etc. i wounder because we have tight firewall/security etc. but any way this is teribel. i have found ip when look in to /var/log/messages -
its looks like (?@85.201.19.xxx). is it used anonymos ftp? i found same ip used to log in to another ftp host as well.
Slow Server - DoS Attack
Nov 17, 2007My server (Xeon 3.0Ghz) went down for no reason yesterday and ever since it was rebooted (and I've rebooted a couple of times since then), pages load extremely slowly or just timeout. Server load is constantly hovering around 1 and top stats indicate that the server's resources are not under heavy load, which is contrary to the usual pattern during peak times.
I've checked netstat and I notice a lot of SYN_RECV. Could this be a DoS attack? If so, what steps do I take to stop it?
How To Check Connections To My Server
Jun 24, 2009There use to be a thread on here but because of the wht hack, it didn't get saved...so now I can't go back to it.
It was a command in ssh that printed out a number of connections. Like 12,000 or something.
HDD Check On Dedicated Server
Apr 1, 2009What is the best way to check the HDD on new Dedicated server?
I would like to see if there is a bad sectors, etc.
fsck? or ? what is the full command that would do the job the best.
OS is Centos.
Check Domains With Different IPs On Same Server
Jun 17, 2009I'm not sure where to ask this but probably this section is the closest. I'm sorry if I use the wrong section.
Anyway I was wondering about checking using a reverse ip address tool which is available for free on the internet.
It seems that anyone can just check other domains which share the same IP address on a server.
However, I have a question.
Is it possible for anyone to check other domains which have different and unique IP addresses (for each domain) BUT all reside on a same server?
(meaning the person who is searching this only checks using one IP address/domain name to find out other domain names that reside on the SAME server)
Is there a 'free tool' out there that is capable of checking this?
How Can I Check Out Server Stability?
Sep 15, 2009How can I check out server stability of the hosting company?
I mean hostingsource company, their servers seem nice for me and I'd like to know more of their reliability and scalability.
How To Check Ports In Server
May 16, 2008i have problem with ports in server
how may i check ports?
for example 37549,53377,17235 and ...
i want know this ports are AVAILABLE or no
How Can I Check Uptime On My Server
Aug 31, 2007How can I check uptime or how to check downtime on my server?My members told me that they can not login to my site and it shows: Page can not found or Sever not found.
View 14 Replies View RelatedBatch Name Server Check
Dec 31, 2007i want to check in a batch if my client's domain changed name server or not. Are there are tools / script available for that?
View 5 Replies View RelatedCheck My Server Speed
Jul 3, 2007I have two servers one from hostmysite and other one is from 15minute server, I would like to know which one is faster, I have a dedicated server from 15minuteserver, but sometime I get slow speed I am not really sure which one is faster.
test two Ips and let me know.
76.12.21.39
216.118.117.165
How To Check My Server Security
Sep 1, 2007i have a dedicated server , some one else made the security for me, how could to be sure of its security? how could to be sure of all php functions contain risk are closed or disabled? how could to be sure of there are not any security gap?
way to understand and implement the steps.
What To Check When Server Hang
Sep 3, 2007One of my server hang w/o obvious reason. What is the checklist to adhere when troubleshooting? It is running on FreeBSD
View 5 Replies View RelatedCheck If IP Is Blacklisted On Server
Jan 4, 2007One of our customers has reporting not being able to access any sites hosted on our server. He is using a cable connection with a static IP number . He is able to access all other web sites on the Internet, he just can't access the ones hosted on our network.
Do you have any ideas on why this could be occuring, or if there is something on the server which could have blacklisted his static IP, preventing him access.
How To Check The Type Of HD In Your Server
Mar 13, 2007I recently purchased a new server. It is supposed to have a 250G SATA II HD.
However, I have my suspicion that it could be a SCSI HD (not that it's bad, but I just want to check).
Is there a SSH command that tells you the type of HD on your server?
I tried fdisk -| , but it doesn't really say whether it's a SATA2 or SCSI
Softlayer, My Server Is Under Ddos Attack
Jun 18, 2008my server is being ddosed and the network utilisation is at 40% of 1gpbs
i asked to softlayer to check and they said my programs/services is taking that much bandwidth
any1 can help me?
if my server is under dos attack wat can i do?
because the bandwidth used is about 50gb/hr
Ddos / DoS Attack, Won't Stop. Server Is Down
Jul 7, 2009My server was hit with flood recently, to the point where I was unable to log in via SSH. Running 'netstat' command showed I was getting flooded with thousands of http requests from China/Saudi Arabia/Korea. I installed APF firewall and added those countries to deny list.
Next day I was hit from Russia and Romania and some others. By reading some posts on this site, on top of APF, I have also installed Dos Deflate. It was working for couple of hours, but then it stopped working. I could not even log in via SSH. My provider told me that APF was using all of the "conntrack" connections. I have increased conntrack connections to 130,000 (I have 4 Gigs of RAM on my server). Is that possible? (I have about 300 IP ranges in my APF deny list).
Next day, I was got hit by different attack: there was 11 Mbps of malicious traffic on average sent to my server. My provider put me behind firewall to mitigate against that kind of attack.
Currently, I am both behind the hardware firewall and I have APF and Dos Deflate running. However my server is not accessible.
When I request, I can log in for couple of minutes, but then I get kicked out.
Ddos Attack Still Dropping My Server
Feb 16, 2008I have been getting ddossed for the last month, my host has tried many things on my server that are commonly suggested around here, however we have over 40 000 connections hitting the server from this attack and it keeps rising.
I am on LiteSpeed.
I also have NetScreen 50 firewall which helped for a little while, however the server still keeps going down.
I am spending $420 a month on my hosting for my dedicated server
Now it is costing me an extra $400 a month to have Netscreen firewall running which is a waste of money as it can not effectively keep the server running and i'm not sure if I can even effectively afford that much money a month, however I might need to spend a little more if need to just get the server running finally.
basically I need some options as to what I can do. I would like to stay with my host, they have been good to me, however if my options are better suited to changing then let me know. I just really need to get my server running great asap and to keep it running great when i'm away from the internet.
Better Way To Protect My Server From DDos Attack?
Jun 25, 2008today i have DDos Attack in my server in port :80
what is the better way to secure my server from DDos Attack