Is This DDOS? 100 Connection From On IP Address

Jan 25, 2008

one user trying to send GET command to our server , when I viewing Apache Status in WHM I found about 100 connection from one IP (requestet none page only show GET / HTTP/1.0) , is this DDOS attack?

View 14 Replies


ADVERTISEMENT

Ddos Without An IP Address

Mar 7, 2008

i have been receiving email logs stating that i have massive amounts of traffic being directed at my web server. these logs come in intervals of 1 minute (due to my settings) and they have between 150 - 300 connections each time. strange thing is, these attacks never have an ip, so nothing is blocked.

heres a sample of a log:

Banned the following ip addresses on Fri Mar 7 18:09:03 SGT 2008

170 with 170 connections

and another:

Banned the following ip addresses on Fri Mar 7 18:07:01 SGT 2008

171 with 171 connections

i'm quite sick of my server being put under such heavy stress. btw, this isnt brute forcing just to make sure right? its just heavy access on port 80?

View 3 Replies View Related

How Do You Detect And Block Ddos Or Large Number Of Connection

Nov 7, 2008

sometimes, some people may try to guess the password of ssh,whm,ftp,...etc,

or any ddos attack,

do you only use iptables to place this problem?

or do you install any other scripts to secure your server?

my serve is centso.

View 6 Replies View Related

DDoS The IP Address But Not Domain

May 29, 2008

I checked on /server-status and it has tons of

ClientVHostRequest
{serverip } defaultGET / HTTP/1.0

However, the default web page is blank. Now my site has been DDoSed for the last 3 days. Does this mean they are attacking the site from the IP, because I do see many genuine access to the correct Vhost but no body should access the site via the IP.

Especially... why is the client, my on server ip that accesses?

View 2 Replies View Related

Iptables No More Than One Connection Per Ip Address?

Apr 25, 2007

I would like to setup a rule through iptables or something that will let me so, only one ip can have XX connections per minute/hour or whatever time is set.

or something that will ban ips that are opening massive connections kinda like this ...

View 14 Replies View Related

I Want To Block IP Address Of Ddos Like Behavior

Oct 18, 2009

Like exceeding 60 connections per minute same IP = automatically blocked.
How do I set it up?

View 4 Replies View Related

Pure-ftp :: 425 Could Not Open Data Connection To Port 2535: Connection Timed Out

Apr 7, 2008

I have ftp server (pure-ftp). with firewall.

i allowed 20 and 21 port in "CSF" firewall

now when i or our client connect to the server connection done.

and the they fire dir or ls command they will receive error

"425 Could not open data connection to port 2535: Connection timed out"

what is the problem.i have already allowed passive port 2500:3500 then why i received this types of error

View 3 Replies View Related

Being Ddos'd By A U.K Ddos Protection Company - Dragonara.net

Nov 7, 2008

it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229

What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.

View 14 Replies View Related

Apache :: How To Use Virtual Host IP Address In Request To Remote Address

Feb 6, 2015

My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:

- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.

I have configured a virtual host in httpd.conf for each ip, i.e.

Code:

<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>

and

Code:

<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>

This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.

Is it possible to send requests using the ip address from the relevant VirtualHost?

Windows server 2008
Apache 2.2

View 1 Replies View Related

Virtuozzo Firewall :: Is It Possible To Enter Two Different Ip Address In Source Address?

Aug 4, 2008

I am using virtuozzo firewall to secure access.

I enter 58.27.175.211/255.255.255.0 for Source Address and Netmask for port 22.

But still I can connect using 58.181.103.217 or 58.27.151.120.

Second is it possible to enter two different ip address in source address?

View 4 Replies View Related

How Do I Setup A New Ip Address As My Server's Main Ip Address

Jul 26, 2007

I just bought a new ip address and want to setup this new ip as my server's main ip, making the 'existing main ip' as the secondary ip.

Which means, this new ip will be the server's default ip address for all services, including when connecting to other server.

I'm using CentOs 4.5 and swsoft's panels: HSPcomplete & Virtuozzo Power Panel, and Webmin.

View 1 Replies View Related

URL Redirection Without Changing The Address In The Address Bar

Nov 8, 2007

I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]

How can it be possible using URL Rewrite method in .htaccess file?

View 2 Replies View Related

98)Address Already In Use: Make_sock: Could Not Bind To Address [::]:443

Aug 4, 2007

The problem usually goes like this:

- I can't access the webserver
- I'll try to restart httpd, and I'll get

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443

To fix this, I run

[root@www1 ~]# lsof -i tcp:443
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)

There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.

Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?

View 5 Replies View Related

DDoS Protection Providers Vs DDoS Protection Scripts

Oct 8, 2009

I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.

Please tell me some ddos protection providers what could help me.(gige is too expensive btw).

And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?

View 12 Replies View Related

DDoS?

Apr 9, 2009

I've been getting VERY high packet loss to my VPS for around 10-15 minute periods over the past month or so (No patterns or specific times, totally random when it occurs) with my provider's Parallels Business Automation control panel reporting "Server is down" along with the VZCP on the node being inaccessible. I opened a ticket with my provider and they told me that they experienced a DDoS attack on the node my VPS was hosted on.

However, I get the feeling that they are giving me some crap to stop my pestering them about the packet loss all the time (I mainly use my VPS for providing VoIP services which use UDP so the packet loss is devastating).

Anyone got any views on this?

Also they keep offering to move me to a diffrent node but they say they can only do that by giving me a new IP address and I would have to backup all the data and restore it manually, myself. Any views on this as well?

View 5 Replies View Related

UDP DDoS

Jun 6, 2009

I'm experiencing a significant UDP DDoS at the moment which is aimed at port 80 on my server, it's currently crippling Apache, but only on port 80, https (443) is fine. I've told iptables it drop UDP packets sent to port 80 and have also completely blocked most of the attacking IPs, this has helped, but the webserver is still periodically unresponsive.

View 11 Replies View Related

Getting Ddos ...

Jun 9, 2008

We are getting ddosed badly.. Last night httpd reached max clients and httpd wasnt able to start up.

View 3 Replies View Related

Bad DDos

Feb 4, 2008

we had a bad ddos to on of the sites we were hosting, the ip of the ddos was blocked in apf and iptables, but for some reason it still got through we had to have it blocked in the router, we installed CSF into our server hoping for a better firewall does anybody know why apf could not hold back the ip im open to suggestions,

View 2 Replies View Related

VPS Being DDoS'd

Dec 9, 2008

I have got pretty big problems with my VPS, some of my sites getting DDoS'd a log. I have no idea why and who DDoSing them

I have csf, apf and DDoS Delfate installed but it seems they can't take those attacks down. I know for mod_evasive but it works only on small attacks, I getting pretty strong attacks

I need some way to configure csf better, what I need to edit in /etc/csf.conf to block IPs if the same IP trying to connect to server more that 10 times. I need everything what I could edit for csf to block IPs faster

About DDoS Deflate, he is configured to works with apf, can I configure it to works with csf and how? How to configure DDoS Deflate better, to block IPs faster

Also, another problem with csf is that when I restart csf(service csf restart) he unblock all blocked IPs and I have to block them again

How to see blocked IPs by iptables?

I running lighttpd at the moment but I thinking to change it with Litespeed(free edition), what do you think about it?

I hope I will get some help here. Aslo,would be interesting to hear how do you guys protecting your servers from DDoS(if you getting DDoSed

View 10 Replies View Related

It's A Ddos

May 27, 2007

we have a 100mbut connection and with a normal traffic we use about 40-50mbit but from friday seem that we are under attack this is the stats from the fastethernet

inbound 20427 ucast pkts/s

outbound 5547.5 ucast pkts/s

inbound 85793.9 Kbit/s

outbound 8211.98 Kbit/s

we have reach also for 4 hours 100mbit and all the server was offline, we have contact the datacenter and they say that not is a ddos attack because the traffic come fom our server and not from outside the net, so look as we have a hacked server that is making all this traffic, how can w found the problem? we have about 130 server on this connection

View 2 Replies View Related

DDos

Aug 18, 2007

If you were under a DDos attack, what commands would you execute to confirm this?

Is it normal for high traffic sites with 3,000 concurrent apache connections from running this command?

netstat -n | grep :80 |wc -l

View 13 Replies View Related

DDoS

Dec 28, 2007

what would happen if you changed the server IP to 127.0.0.1?

View 4 Replies View Related

Connection- VPS

May 14, 2008

i do a tracert on my VPS and get the attached results. My location is South Africa. Lately it just seems a bit sluggish. Can somebody please do a tracert from USA and EU for me please to do a comparisons or advice me on this VPS

View 13 Replies View Related

How Many Connection Per IP

Jan 6, 2007

I am on a VPS server and want to know in high traffic conditions how many connections per IP address can come... because on my site connections per IP going to 300 and mostly around 100.

But these are fluctuating and from different locations... everytime.. so dont think as a Dos but so many connections per IP makes my server down for few minutes until connections dont go down.

how many maximum connections per IP will be fine... for a little popular site.

View 5 Replies View Related

One Connection Per IP

Dec 11, 2007

I have a directory, named downloads/

I have some huge files for download in this directory.

now, when our users trying to download files from this folder with flashget (or dap or ...) this programs create 5 connection to that files! so If a user trying to download 5 files , he have 25 connection to my server!

How can I limit connection per Ip on file in this folder ?

View 5 Replies View Related

Too Many Connection From Yum

Dec 18, 2007

Today i get alert from server provider saying my server is under attack, i check netstat and found too many connections.

Quote:

This ticket was automatically generated by the Softlayer Network Protection System. Due to the large amount of traffic targeted to your IP address 74.86.157.184, SoftLayer has automatically injected the IP address into our Cisco Guard Protection system. This system diverts traffic destined to the IP address 74.86.157.184 through hardware devices that will try to identify and block the specific packets and flows responsible for the attack while allowing legitimate transactions to pass. The injection of 74.86.157.184 will remain in place until this attack subsides and then be automatically removed once traffic levels reach a normal level.

Details of the event follow:
Exceeded Bits In: 782.7 M (Threshold: 500 M)

[url]

The connections are from my server to port 80 of "140.211.166.134".

lsof -i :port gives

PHP Code:

# lsof -i :47837
COMMAND     PID USER   FD   TYPE   DEVICE SIZE NODE NAME
crond     16004 root  269u  IPv4 48880489       TCP server20.hosthat.com:47837->ftp-osl.osuosl.org:http (CLOSE_WAIT)
udevd     31116 root  269u  IPv4 48880489       TCP server20.hosthat.com:47837->ftp-osl.osuosl.org:http (CLOSE_WAIT)
yum-updat 31347 root  269u  IPv4 48880489       TCP server20.hosthat.com:47837->ftp-osl.osuosl.org:http (CLOSE_WAIT)
auditd    31683 root  269u  IPv4 48880489       TCP server20.hosthat.com:47837->ftp-osl.osuosl.org:http (CLOSE_WAIT)
python    31685 root  269u  IPv4 48880489       TCP server20.hosthat.com:47837->ftp-osl.osuosl.org:http (CLOSE_WAIT)
ntpd      31715  ntp  269u  IPv4 48880489       TCP server20.hosthat.com:47837->ftp-osl.osuosl.org:http (CLOSE_WAIT)


I have rebooted the server and now server is normal.

I disabled yum on the server. Some days back, i have same problem with another server, server have too many connection to one of the yum respositry IP. The OS is CentOS 5.1

View 2 Replies View Related

DNS Connection

Jun 7, 2007

This is an error that dns report spat out to me. I have the firewall disabled as of now so I don't understand why packets would be blocked..if they are being blocked. From what I can tell, I can get to the server and resolve no problem...but could that stop other dns servers from connecting to it? I recently moved my cpanel box to another location in the LT datacenter in order to get on a different subnet - the previous one was a spam list nightmare. All IP's have been changed over and such...is this just cached from like the 14 hours I was down (ouch!) or is this still happening? I mean...its able to look up a records and it can get the mx servers...

error: Our local DNS server was unable to get your MX record. This usually means that a firewall in front of your DNS server is interfering. For example, it may be blocking DNS packets from low source port numbers (ours is often in the 1024-1030 range). Firewalls should never block DNS queries based on the source IP address; otherwise, it is guaranteed that legitimate queries will be blocked. This specific lookup must be cached, so a recent change may not be reflected.

View 5 Replies View Related

FTP Connection

May 28, 2007

I have a Linux box running CPanel and am having issues with 1 particular client trying to connect using FTP. I am also running lfd and csf.

The problem is that whenever they try to ftp to the server (regardless of the domain), they get an error saying:

"Connection to host lost".

I look through the logs (/var/log/messages) and see that there was a connection made and closed. No errors.

Otherwise, all my clients can connect without a problem.

View 6 Replies View Related

DDOS Attack

May 29, 2009

My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..

netstat -an | grep :80 | sort
and the result is this

tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK
tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK
tcp ....

View 14 Replies View Related

Getting DDoS, Can Squid Help?

May 29, 2008

The DC installed Squid. It manages the load fine but the php code on my page is cached and doesn't work.

Is there a way to get squid to not cache php? in that httpd can directly call php while squid does everything else?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved