Massive DDoS

Sep 16, 2007

I have a problem with a customer. For the last 48 hours he has been receiving a massive DDoS at his server. I tried blocking the darn IPs but they keep coming and with several hundreds of connections each:

104 78.157.168.98
125 83.226.157.91
126 89.103.109.65
131 89.12.150.23
135 84.251.196.78
135 86.122.0.135
135 91.127.235.86
154 84.24.14.41
160 193.216.140.101
331 89.151.8.78
419 78.0.103.64

Apache has over 14000 connections. I tried using mod_evasive but didn't do anything and the server has been out without httpd for hours now. Any advices? This is a Hsphere server (I hate it personally) with 4GB RAM and a dual optero 246. I have the mexclients setting at 550.

View 14 Replies


ADVERTISEMENT

Massive I/O Spikes...

Jul 9, 2009

How can I better monitor and trace down I/O spikes? I've noticed the wait hit 60% every now and again... could someone be running a rapidleech script and if so, how can i find it?

View 2 Replies View Related

Mirroring For MASSIVE Traffic

Jul 14, 2006

I want to prepare myself for getting dugg and whatnot, so I want to mirror my site ahead of tiem. The problem is that it's very db-intensive so there's a db that all mirrors would have to query. What's the best way to deal with multiple dedicated servers in order to spread traffic load and not crash my site?

View 3 Replies View Related

Massive Amounts Of Bandwidth Used.

Jun 7, 2007

I have a dedicated windows server. I have it protected to the best of my ability (disabling administrative shares, anti-virus, anti-spyware, disabled remoted desktop, firewall, etc.). The purpose for the server is to host game servers. Over the past month, ive noticed massive amounts of bandwidth being used. For example Windows reports the bandwidth usage at a little over 2 GB in 1 day, yet on my control panel which reads the traffic from the switch, it shows that 9 GB have been transferred. I asked the colo what's happening and they said that traffic that is blocked by the firewall is still counted toward my monthly limit. But how can there be 7 GB of blocked traffic, keeping in mind i never had this problem months ago. As a test, last night i disabled all game servers and applications that use bandwidth. In the past day over 9GB has been transferred, despite the fact that i have nothing running that takes more then 50KB of bandwidth.

Aside from these bandwidth issues, everything is running fine, my passwords are still the same, etc. Is there anyway detect security holes, so that i may patch them when i reinstall the OS? I asked my colo for a security audit.

My question is, do you think my server has been compromised?

View 8 Replies View Related

Massive VBulletin And Directory Attacks

Nov 4, 2009

I've noticed that vBulletin and one of my directories is getting hit hard for the same file by sites in the Netherlands, Russia, Vietnam and China.

The lines typically state the same, trying to hit a file that isn't there, which may be in a forum/ or forums/ directory instead of the root.

'/home/mysite/public_html/forumdisplay.php' not found or unable to stat
'/home/mysite/public_html/newthread.php' not found or unable to stat

What have you guys done for this? I'm assuming an .htaccess edit may be in order. I'm also hoping to track IP addresses so that I can keep adding them easily. I wish it was more simple to do it on the server level using whm since it's usually accessible everywhere.

View 3 Replies View Related

Massive Amount Of Failures From IP Address

Jun 4, 2008

I've gotten several messages from cpanel like this:

5 login failures attempts to account mysql (system) -- too many attempts from this ip

View 2 Replies View Related

Massive Photo / Picture Hosting

Oct 7, 2008

Can any suggestion a host, and incidently perhaps the best album script, to host as much as 100,000 photos? I'm not sure size yet, but 10-15 gigs is expected. Currently there's 40k photos, but I'm leaving room for expansion.

View 13 Replies View Related

Check Massive Mail Scripts

Feb 3, 2007

I have a server , and it look like have a litle problem by sending mails , becase IT IS SENDING A LOT OF MAILS ... this is the stats:

User - Domain - Messages Sent - Total Bytes Sent
nobody - - 3430 - 2407677

Anybody know some tool that could alert me in case some scripts send X mails ?? and say me the file of that script?

I know that nobody are sending a lot of mails , but where is the scripts that produce it?

View 3 Replies View Related

What File System For A Massive Disk Array

Jun 2, 2009

I am trying to figure out what file system to use for my server. It has 24 hard drives, 2 run the OS in RAID 1, and the other 22 are in RAID 10. When I was installing the OS (Ubuntu 8), I kept on getting problems when I tried to partition and format the second drive (the one with the 22 disks in RAID 10) and it keeps failing on me. I then changed the file system type from ext3 to XFS and it worked fine. I also gave it another try and did not partition/format the second drive and decided to do it manually once the OS was installed. When I did it it told me that the file system was too large for ext3. So my guess is that ext3 has a limit on the size of the file system it is being installed on.

Anyway, so I am wondering, is there any other file system that will get me the best performance, mainly I/O performance, that I can install? I would like to stick with Ubuntu OS. This server will mainly serve large files for download over HTTP.

View 14 Replies View Related

How To Manage Massive File Storage Needs For Youtube Clone

Nov 18, 2007

how to handle the file storage of a youtube clone?

Is it just a matter of getting more servers with a few hdds or are there specialized companies that one can upload files over a distributed file streaming network?

The reason I ask is because I have thousands of gigabytes of videos and it appears to be impossible to upload it on 1 dedicated server or even a few.

View 6 Replies View Related

How To Organize Massive Passwords Change On Cpanel Server

Jun 20, 2007

to change all passwords for user account on cpanel server. Is it possible to do it automatically by using some cpanel script? Also I need this information stored in one file in order to know new passwords.

View 4 Replies View Related

Being Ddos'd By A U.K Ddos Protection Company - Dragonara.net

Nov 7, 2008

it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229

What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.

View 14 Replies View Related

Exim Log Massive "failed" Errors

May 19, 2009

Getting massive amounts (thousands) of these lines in exim mainlogs and gz exim rotated logs too

Quote:

2009-04-21 09:20:45 [11305] 1LwGq4-0002wL-I3 <= <> R=1LwGq3-0002vw-Fa U=mailnull P=local S=1639 T="Mail delivery failed: returning message to sender" from <> for root@server.domain.com

Of course, the time is different (several days)

How can trace who / where this is coming from?

Its a cpanel box with suphp enabled, and all the exim tweaks you can imagine (ie, prevent nobody sender, max 50 mails per domain per hour, send callouts disabled, etc)

View 5 Replies View Related

DDoS Protection Providers Vs DDoS Protection Scripts

Oct 8, 2009

I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.

Please tell me some ddos protection providers what could help me.(gige is too expensive btw).

And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?

View 12 Replies View Related

DDoS?

Apr 9, 2009

I've been getting VERY high packet loss to my VPS for around 10-15 minute periods over the past month or so (No patterns or specific times, totally random when it occurs) with my provider's Parallels Business Automation control panel reporting "Server is down" along with the VZCP on the node being inaccessible. I opened a ticket with my provider and they told me that they experienced a DDoS attack on the node my VPS was hosted on.

However, I get the feeling that they are giving me some crap to stop my pestering them about the packet loss all the time (I mainly use my VPS for providing VoIP services which use UDP so the packet loss is devastating).

Anyone got any views on this?

Also they keep offering to move me to a diffrent node but they say they can only do that by giving me a new IP address and I would have to backup all the data and restore it manually, myself. Any views on this as well?

View 5 Replies View Related

UDP DDoS

Jun 6, 2009

I'm experiencing a significant UDP DDoS at the moment which is aimed at port 80 on my server, it's currently crippling Apache, but only on port 80, https (443) is fine. I've told iptables it drop UDP packets sent to port 80 and have also completely blocked most of the attacking IPs, this has helped, but the webserver is still periodically unresponsive.

View 11 Replies View Related

Getting Ddos ...

Jun 9, 2008

We are getting ddosed badly.. Last night httpd reached max clients and httpd wasnt able to start up.

View 3 Replies View Related

Bad DDos

Feb 4, 2008

we had a bad ddos to on of the sites we were hosting, the ip of the ddos was blocked in apf and iptables, but for some reason it still got through we had to have it blocked in the router, we installed CSF into our server hoping for a better firewall does anybody know why apf could not hold back the ip im open to suggestions,

View 2 Replies View Related

VPS Being DDoS'd

Dec 9, 2008

I have got pretty big problems with my VPS, some of my sites getting DDoS'd a log. I have no idea why and who DDoSing them

I have csf, apf and DDoS Delfate installed but it seems they can't take those attacks down. I know for mod_evasive but it works only on small attacks, I getting pretty strong attacks

I need some way to configure csf better, what I need to edit in /etc/csf.conf to block IPs if the same IP trying to connect to server more that 10 times. I need everything what I could edit for csf to block IPs faster

About DDoS Deflate, he is configured to works with apf, can I configure it to works with csf and how? How to configure DDoS Deflate better, to block IPs faster

Also, another problem with csf is that when I restart csf(service csf restart) he unblock all blocked IPs and I have to block them again

How to see blocked IPs by iptables?

I running lighttpd at the moment but I thinking to change it with Litespeed(free edition), what do you think about it?

I hope I will get some help here. Aslo,would be interesting to hear how do you guys protecting your servers from DDoS(if you getting DDoSed

View 10 Replies View Related

It's A Ddos

May 27, 2007

we have a 100mbut connection and with a normal traffic we use about 40-50mbit but from friday seem that we are under attack this is the stats from the fastethernet

inbound 20427 ucast pkts/s

outbound 5547.5 ucast pkts/s

inbound 85793.9 Kbit/s

outbound 8211.98 Kbit/s

we have reach also for 4 hours 100mbit and all the server was offline, we have contact the datacenter and they say that not is a ddos attack because the traffic come fom our server and not from outside the net, so look as we have a hacked server that is making all this traffic, how can w found the problem? we have about 130 server on this connection

View 2 Replies View Related

DDos

Aug 18, 2007

If you were under a DDos attack, what commands would you execute to confirm this?

Is it normal for high traffic sites with 3,000 concurrent apache connections from running this command?

netstat -n | grep :80 |wc -l

View 13 Replies View Related

DDoS

Dec 28, 2007

what would happen if you changed the server IP to 127.0.0.1?

View 4 Replies View Related

DDOS Attack

May 29, 2009

My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..

netstat -an | grep :80 | sort
and the result is this

tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK
tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK
tcp ....

View 14 Replies View Related

Getting DDoS, Can Squid Help?

May 29, 2008

The DC installed Squid. It manages the load fine but the php code on my page is cached and doesn't work.

Is there a way to get squid to not cache php? in that httpd can directly call php while squid does everything else?

View 1 Replies View Related

Ddos Protection/ Different Ip's

Apr 16, 2009

Hey guys If there was a way to have the ips of the dedi change constantly would this help prevent ddos attacks or would there be no difference if the domain was being attacked.

View 2 Replies View Related

Being Attacked - DDOS?

Nov 6, 2007

OK well today I found out my server was being DDOS'ed

And I know which domain is being attacked with hundreds of IP's. I am running Cpanel / WHM but I have no idea how I can stop this?

Any ideas or suggestions? Maybe redirect the DNS? to a invalid ip? But I'm not sure how i can go about doing that?

View 9 Replies View Related

Is This A DDoS Attack?

Aug 4, 2009

I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,

Do you have any idea about this?

What should I do now?

View 8 Replies View Related

DDOS Attack Help

Mar 19, 2008

Our server is in attack since 4 days. Http port busy all the time.

When I type :

netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n| uniq -c | sort -n | tail -5

It shows :

[root@ ~]# netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut
-d: -f1 | sort -n| uniq -c | sort -n | tail -5
2 65.19.130.24
2 83.149.120.9
4 204.15.73.243
35 222.254.103.142
5128
[root@ ~]#

I wonder the hidden IP of 5128 ??? How to know it?

View 8 Replies View Related

DDOS Threats

Jul 28, 2009

A user joined our live chat and said if we didn't cancel a domain on our server, he will send us a DDOS attack, and he did so and also did this morning.

Is there anything I can do to prevent this or possibly punish him?

View 12 Replies View Related

Am I Under DDOS Attack?

Jun 21, 2007

The server getting slow with high I/O diskwait then normal, although load is not high.

here is the output of: netstat -anp |grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n .................

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved