Results 1 to 9 of 9
-
04-26-2010, 02:00 AM #1Web Hosting Evangelist
- Join Date
- Apr 2009
- Posts
- 470
How do you know if you are being DDoS'ed?
Lately my website has been loading extremely slowly. I talked to my host about it, and they noticed that packets were being dropped, hence the slow connection. So they worked their magic and fixed it; for a few days my website was running just fine. However, then it went back to being slow again.
So I contacted my host, and asked them to look at it. I mentioned that the problem does not seem to be dropped packets this time, but rather I was getting an unusually high MS (I usually get 70-90 and was getting 105-130) when pinging the server. So a system administrator looked at it and told me that a possible reason for the lack of speed is that multiple IPs have multiple connections open to my server. He mentioned that this typically is the case when you host video files; the only problem is that I run a blog and a forum - don't host any videos, or such.
After that he basically just told me it was my problem to deal with and to go ask at Wordpress forums (this response really ticked me off seeing as I still believe it is a network related problem which I can't solve without their help). However, I don't think the problem is at my end - I have been running Wordpress since I started and this lag has only recently happened.
So, my question is am I being DDoS'ed? If so, how can I solve the problem? If not, any ideas as to what could be causing the problem?
Thank you.
-
04-26-2010, 03:12 AM #2Backup Guru
- Join Date
- Feb 2002
- Location
- New York, NY
- Posts
- 4,618
The first thing the host should do is to look at the bandwidth graph for the port that your server is connected to. If they don't see anything there, then you should look at your Apache logs to see how much traffic you're getting.
Scott Burns, President
BQ Internet Corporation
Remote Rsync and FTP backup solutions
*** http://www.bqbackup.com/ ***
-
04-26-2010, 03:54 AM #3Web Hosting Master
- Join Date
- Oct 2002
- Location
- Vancouver, B.C.
- Posts
- 2,699
DoS attacks may not show up in bandwidth graphs however, as they may be small packets. For that reason, it's good to have packets/s graphs as well. It's surprising that more providers don't have them.
To be fair, Wordpress isn't the lightest on resources and it may very well be that you've just recently started receiving enough traffic to slow down your server. When your server is barely keeping up, it will still be fairly responsive. However, as soon as it's even a little too much, processes will start queuing up, waiting for CPU time and responsiveness will degrade quite dramatically.
However, they should have performed some diagnostics to demonstrate that it's not a network problem, if you had indicated you suspected that was the case. If it's a managed server, they should have also checked the load on the server to see which processes are taking up all the CPU time. It does seem based on what you've described that they were not quite as thorough as they could've been, but if it's a self-managed server you shouldn't really be expecting anything more.ASTUTE INTERNET: Advanced, customized, and scalable solutions with AS54527 Premium Performance and Canadian Optimized Network (Level3, Shaw, CogecoPeer1, GTT/Tinet),
AS63213 Cost Effective High Performance Network (Cogent, HE, GTT/Tinet)
Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami
-
04-26-2010, 03:57 AM #4Web Hosting Evangelist
- Join Date
- Apr 2009
- Posts
- 470
As far as I know - and I am no expert mind you - I am not getting near enough traffic to tax the server one bit. In fact, I would say I got less traffic than usual for the past week or so, which is when these problems starting happening.
That said, it isn't a managed server, so I will give my host that much. But, for a network problem I still think they ball is in their court.
-
04-26-2010, 09:43 AM #5Junior Guru Wannabe
- Join Date
- Apr 2010
- Location
- India
- Posts
- 47
problem solving would need some reverse engineering, first of all take a look at network utilization, then check its logs for incoming/outgoing logs and segregate the difference, compare these with your previous utilization, your statistic will help you in this. Then check you CPU utilization.
some time outbound UDP traffic too decreases server performance, in such case check worms and malware infections
-
04-26-2010, 02:00 PM #6Junior Guru Wannabe
- Join Date
- Apr 2007
- Location
- Montreal, Quebec
- Posts
- 88
I'd recommend installing a resource monitoring utility such as Munin.
You will definitely be able to see if something is wrong with your server's resource usage over the course of just a few hours.
Otherwise, you should make sure your wordpress is as optimized as it can be. These articles may be of help:
http://codex.wordpress.org/WordPress_Optimization
http://codex.wordpress.org/WordPress...zation/Caching
Just installing and configuring WP_SuperCache can drastically boost your performance.
Best of luck,
-
04-26-2010, 02:17 PM #7Aspiring Evangelist
- Join Date
- Apr 2010
- Location
- Lansing, MI
- Posts
- 422
The bandwidth graphs should show pretty clearly if you are being dossed, like was said. If you don't see packets per second graphs in your control panel, ask your host. It is possible that they have them, but don't display them to customers.
mtr is a good tool to monitor packet loss and latency along the entire route from you to your server. If you still see loss and latency at your server, then there is definitely something there.
I second and third the recommendation of caching. Even if you are not being DDoS'ed it is an absolute must in my opinion.
There are other things that can cause dropped packets, too, that you/your host can check: a failing cable, or NIC can show packet loss. If there is a problem with the hardware, you may see it in the logs. Is this a linux server?
-
04-26-2010, 02:25 PM #8Web Hosting Master
- Join Date
- May 2009
- Posts
- 1,547
Please check your CPU usage.
Which OS are you using ?
One thing is for sure that WordPress will not make a dedicated server so slow unless you have over 10000 visitors at the same time
How much RAM does your server have ?Webuzo - Multi user control panel supporting Apache, NGinx, MySQL, MariaDB, Percona, LiteSpeed, Varnish, WordPress, etc.
Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 200+ OS Templates
Softaculous - Auto Installer with 400+ scripts for Webuzo, cPanel, DirectAdmin, InterWorx, Plesk, etc.
-
04-26-2010, 02:35 PM #9Aspiring Evangelist
- Join Date
- Apr 2010
- Location
- Lansing, MI
- Posts
- 422
I'm sorry, I have to disagree with this statement. There are far too many factors involved to make this kind of blanket statement, both having to do with the available resources (CPU, Memory, Drive speed) and with the site/theme that is being used.
If you are running a completely uncached site with 20+ database calls per hit, on a P4 with 1G of ram, it will take very little traffic to make your server slow. While it's not directly WordPress's fault, in that case, it is definitely related.Benny Crampton
Liquid Web - Dedicated Hosting with Heroic Support
StormOnDemand - Flexible Cloud Hosting Infrastructure
1-800-580-4985 | Twitter: @liquidweb | @StormOnDemand
Similar Threads
-
Server DDoS'ed, but how to know which website?
By Uncle Mad in forum Web HostingReplies: 10Last Post: 04-17-2009, 01:52 PM -
Brand new VPS, already DDos'ed?
By jaspercloud in forum VPS HostingReplies: 16Last Post: 05-31-2007, 06:06 PM -
Knownhost/C4D getting DDOS'ed again?
By zanzaban in forum Providers and Network Outages and UpdatesReplies: 2Last Post: 09-12-2006, 11:42 PM -
PsiGate being DDoS'ed again
By gossi in forum Web HostingReplies: 3Last Post: 10-11-2004, 02:42 PM -
united.colo is probably getting ddos'ed again
By cybotix in forum Dedicated ServerReplies: 10Last Post: 10-13-2002, 01:18 AM