Can you restart the httpd to get the server online again while you are under an DDoS attack?
The reason for asking is that I was told that when restarting the httpd it should start to work again instantly, and so it seems.
But why? doesnt the attack "continue" after the restart?
I believe that my site is being DDoSed against, and I'm wondering how I can prevent this from happening.
I'm running CentOS 5.3.
Are there any server side scripts of PHP scripts that could be used to dynamically block out IP's that are consuming too many resources on the VPS?
How can I prevent the httpd from timeout so much? the server recovers which is prefectly fine but there seems to be a problem some where.
httpd failed @ Sat Oct 31 17:47:53 2009. A restart was attempted automagically.
Service Check Method: [tcp connect]
Failure Reason: Timeout while trying to get data from service
Installing mod_evasive after serveral attacks on our server.
but when restarting httpd I get this error,
httpd: Syntax error on line 36 of /usr/local/apache/conf/httpd.conf: API module structure 'evasive20_module' in file /usr/lib/httpd/modules/mod_evasive20.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?
Running apache 2.2.8
I have a VPS that's on the awknet network and I'm receiving DNS DDoS and I don't think they have anything to stop these attacks, how can I prevent these?
View 4 Replies View Relatedone of my costumers server is getting ddos attacks. I solved syn and get attacks with litespeed web server but I have another problem. They started to do udp flood. I m losing connection to my server. I bought new server with 1 gbit port for solving it.
View 3 Replies View RelatedThis is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
I want to understand the mechanics of a DDOS attack. I have been doing a lot of reading about them this weekend.
The way I am understanding it, a DDOS attack is done at the network level. It may be requesting that pages from a given website, or websites, are served up, but it basically will effect the entire network. So if 'page display' requests are made to a website(s) that is hosted at ABC Hosting (example only), to the tune of 15GBs then I have to assume that the network will be terribly degraded. If that is so, wouldn't other servers also get taken out?
I believe the architecture of the internet is something like this (example only):
Gnax --> Planet, SoftLayer, RackSpace, etc.. --> Reseller --> Smaller Reseller --> Me
If that is true, is each level along that route using their own networking system or are they all dependent on ones that major Data Center uses?
My current site has been taken offline since it was being ddos attacked, been with my current hosters for 3years at least, but with recent events they gave me the option to shift my site to a dedicated server or me to move of bascially. (impression I get now, since they seem to be taking longer to reply to my messages) I was being ddos attacked since I refused to give a copy of me software to the visitor at my forums/site.
ive been looking round site after site and I cant make up my mind who to shift too, also if that same idiot who ddos attacked me does it again before I can take any action, I would be in the same situation again.
I have multiple domains and all my sites in total are about 5gig in size, cpu usage is avergae and queries roughly about 15/17 the most, I currently pay £130.00 a yr
I have had few bad experiences with hosting companies but learnt along the way, and assumed my current hosters would be a reliable place to stay at. My sites been offline since friday and I would like to get it back up again asap. Last thing I want to do is rush into a hosting package and be stuck in a dud situation.
I would also like to take action upon the person who has been ddos attacking me, I managed to get hold of his details and I also have confirmation that they are correct, what can be done legally?
My sites are getting heavy DDoS attacks.
What's the best firewall? I'm currently using ACH software firewall but the attacks are getting so bad my site's are going down (apache is shutting down/locking) and sometimes my server even crashes.
Anyone recommend a better software firewall or a really cheap but good hardware firewall?
Could my host just use a router or something as the firewall or would that not do? I'm looking for something really affordable as a solution.
Some of my websites have been under a DDOS attack for about a month now. Is there any way I can find who is behind this attack and what their motive is?
How much does it cost to launch a DDOS attack and how long do they usually last?
i have a shared host
my site under ddos attacks!
i want to upgrade to Dedicated Server
i needed to Dedicated Server contains DDOS protection!
btw: Site visitors 2500 in day!
how to prevent my web servers from DoS attacks?
View 12 Replies View RelatedI know there is no device can protect you from ddos attacks, but I wonder which one is the best to help you reduce the attacks? It might be intelligent to "feel" the attacks? Brand names from Cisco, Foundry, Nokia...?
View 2 Replies View RelatedAs many of you already know, not everyone has the money to spend on physical firewalls, for example a cisco firewall. I would like if everyone could share little tips and tricks towards securing a server they learned over time. Nothing in big detail. I thought if we all share our ideas, it would help quite alot of other people. For example, here is a good layout I believe. Please note this is towards a game server setup.
Shorewall Firewall - Block Unneeded Ports + Block Ping
Apache Web server - Installed with "mod_security"
SSH-Faker - Stop thoes bots from trying to gain access to SSH (Guessing Passwords)
DDoS Deflate - For me, does not really work. (I know, mainly for port 80 so webhosting) But still have it installed.
Bash Scripts Monitoring # of connections per ip with Netstat.
PSad - Monitoring and Reporting Port Scans (Optional automatic timed block)
VNStat - Monitor Current/Monthly/Yearly Bandwidth (Does not hog resources)
I'm guarenteed to of left alot out than just the above. If some of you could also share some simple things you do for securing a server, would be great.
Hosting providers and DDoS attacks!
Hello guys! I am looking for a reliable hosting provider! I mean the most important thing for me know is to be sure that my future hosting company will manage to protect my websites against DDoS attacks fully! What hosting company according to your opinion can be considered as the most stable hosting solution against DDoS attacs?
How does Hivelocity deal with DDos Attacks?
Do they have any similar protection to ThePlanet or Softlayer?
Let's say my site was getting DDOS'd. Let's say I suspected I knew the attacker's home IP address. Would there be anything I could do with this information to either end the attacks or penalize the attacker?
View 4 Replies View RelatedMy host tells me that they have security to stop DDoS attacks and stuff, however today my server load jumped to 17.12 and my site went down giving me a "Network Timeout" error.
My host tells me it's my fault that I am using too many resources. The MOST my site has been on load is 3.06 and that was around lunch time a few weeks back. It's 11:43 and the server load is 17.12? I think my host is pulling my leg. I have not added ANYTHING new to my site and have not changed anything in 3 days. The load has been fine till today.
I use In Motion Hosting.
I am about to get dedicated server with Gigenet.com.
Is this company good as they say they are?
How stable is it?
Can they really handle multi gig DDOS attacks?
One of the sites I run is a forum with a political component, and 4-5 times over the last week we've been seeing DoS attacks. They're not terribly sophisticated -- generally 1-3 compromised servers throwing packets my way -- but they're enough to clog my pipes and take my sites down.
What I'd like to do is put a new server up at a data center that's D(D)oS aware that can hopefully respond to these attacks automatically. My current provider has been giving solid support, but the best they can do is null route the affected IP, rather than filtering the incoming attack.
Can y'all name a few providers I should look into? Right now I'm just looking to move 1 box (or maybe a box and a firewall depending on the setup).
Can someone please recommend a hosting company that offers 24 hours toll free phone support with very good DDOS protection services?
Our server has been attacked for the past couple weeks and current host can just null route the IP being attacked but cannot offer anything beyond that...which does not help us. We are talking about large 3 GBPS attacks.
for the 2nd time now we've had php become corrupt or something and core dump all over user dirs filling them up with useless garbage ...
We did check the core dumps (atleast a couple) and they were just showing that php was seg faulting which a php recompile took care off (most likely a corrupt php binary)
anyway, what I'd like to know is can anyone recommend a reliable/safe way of disabling php or http from dumping core files and perhaps instead use a different method of notifying the admin of impending or current issues with either software eg. when they seg fault send an email to admin rather than dump a core in user's space
We're running cpanel servers, php4, rhel and phpsuexec is on (cgi)
from 2 days ago until now my server be ddos and i stay in my computer and block ip but it is not finish is a program to do block ip automatic?
View 2 Replies View RelatedMy site was recently under a DDoS attack and was down for a few days, the attack came from Russia i believe.
The people who did it asked for $800, but of course i didnt pay. My hosting company did the best they could in order to stop the attack but it still lasted a few days and badly hurt my rankings.
I moved my site to a dedicated server, but i dont know what kind of software/hardware i need to install on it in order to prevent more future attacks, the hosting company suggested a few things but i dont know if they are just trying to get more money out of me.
While working with different issues, I have seen that many clients complaining about ddos attack on their server. So, I am posting here some useful commands to check and prevent ddos attack.
First of all when you see that your site's or server speed is very slow even though there is not much load on your server, you can guess it might be ddos. Then run 'top' command and see which processes is more, if those are httpd then fire following command
which will show how many active connections your server is currently processing.
netstat -n | grep :80 | wc -l
netstat -n | grep :80 | grep SYN |wc -l
The first command will show the number of active connections that are open to your server. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems.If the second command is over 100 you are having trouble with a syn attack.
netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
That will list the IPs taking the most amounts of connections to a server.
use follwoing command to block a ip with iptables on server
iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT
service iptables restart
service iptables save
--------OR---------------
You can place ip's which you want to block in hosts.deny
vi /etc/hosts.deny
httpd: IP
write and quit
---------------------------
Then KILL all httpd connection and restarted httpd service by using following command
killall -KILL httpd
service httpd startssl
-----------------------------------
This are all the step to check and prevent ddos on your server.
I`am starting a irc company and i need help on some things:
1 - How can i prevent my clients to send DDOS on my server?
2 - How can i increase security ?
3 - Some one have a good firewall or iptables rule for ddos protection (software)
4 - Some one have the scripts like `getegg` `getpsybnc` ?
We will buy litespeed enterprise for our web server. I read from their features page at [url] LiteSpeed enterprise has a very good (D)DoS protection.
- After bought Litespeed, do we still need to purchase Gigenet Proxyshield (or BlackLotus)?
- What's the difference (in DDoS protection) between LiteSpeed and Gigenet/BlackLotus?
- Which one do most people need to protect their server from DDoS?
I have an issue here. httpd is slagging big time and my max clients is 300.
I see this when running netstat
Code:
root@server5 [~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 websitesforafrica.com:http 190.42.243.192:1916 SYN_RECV
tcp 0 0 websitesforafrica.com:http 200.121.167.193:11641 SYN_RECV
tcp 0 0 websitesforafrica.com:http client-201.230.113.17:14327 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.42.84.253:3244 SYN_RECV
tcp 0 0 websitesforafrica.com:http 201.230.98.64:15059 SYN_RECV
tcp 0 0 websitesforafrica.com:http 166.114.122.41:62881 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.42.151.252:17097 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.41.24.108:3421 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.43.1.42:1392 SYN_RECV
tcp 0 0 websitesforafrica.com:http 201.230.79.5:60836 SYN_RECV
tcp 0 0 websitesforafrica.com:http client-200.121.153.56:27208 SYN_RECV
Code:
root@server5 [~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
48 190.42.66.138
39 190.154.6.203
28 190.40.51.130
23 200.121.81.76
14 207.67.35.142
13 201.230.224.200
13
11 201.240.178.114
11 190.77.9.81
10 201.230.113.175
10 200.58.160.148
10 190.41.5.161
9 201.230.254.69
9 201.230.135.146
9 190.43.187.139
8 200.60.248.119
7 72.14.195.205
7 190.42.48.224
6 200.121.7.31
6 200.121.223.55
6 200.121.141.48
6 200.121.141.186
6 200.106.37.206
6 190.42.51.165
6 190.41.64.13
5 201.250.55.166
5 201.240.42.233
5 201.240.3.61
5 201.240.113.73
5 201.240.0.94
5 201.208.123.190
5 200.87.203.94
5 200.121.171.61
5 200.121.136.238
5 200.106.47.236
5 190.42.71.207
5 190.42.221.73
5 190.42.194.20
5 190.42.152.250
5 190.41.32.40
4 201.240.48.131
4 201.240.205.141
4 201.240.196.217
4 201.240.124.201
4 201.240.124.131
4 201.230.233.68
4 201.230.195.165
4 201.230.129.58
4 201.222.87.163
How do I find out the cause of this? I have no idea who websitesforafrica.com is anyway
root@server5 [~]# ps aux | grep -c httpd
502
Im having trouble restarting apache. I have a program which executes command lines and it runs as a system service (on windows). when i tell it to restart it loads apache up (i see another httpd.exe appear in task manager) but it doesnt restart it. the command line i used is "httpd.exe -k restart" i have added an environment variable but i have also tried the full path to the exe and still no luck.
If i run the exact same line from a batch file as local admin then it works fine. I also tried getting my program to run that batch file but again it didnt work.
Is there a reason why this would happen? Can only Admin restart it and not SYSTEM? Is there another command i should be using?
Ive had this problem numerous times (website failed to connect error) before and the web management team tell me that apache2 needs to be restarted, seeing as they are not replying to my emails im gona try and do it myself.
i open up putty, login as root user, then what?