I have a dell server about 9 month:
all these softs are updated.
About 500 accounts are located on it and about 6 to 10 accounts are active. I can say other accounts have no visit really.
Csf connection limit is 80 and 10 to 20 IPs are blocking per day for 15 mins for "to many connections".80% of IPs are from foreign countries (that there is no visit from them) and they are from different locations.
Recently my server is going down once at 24 to 72 hrs.
At that time:
my sql has more than 150 queries in the queue.
Server load is going up to 200 or even more.
Csf send many emails at same time. (Excessive processes running under user..)
all mails are at same time and alert for different users.
I also installed PRM (process resource monitor) to limit cpu and ram usage.
Prm also send many emails at that time with content like this:
EVENT: HARD FAIL MAX_PROC
ACTION: KILL_PARENT SET; KILLED
PARENT/CHILDREN PROCS WITH 'kill
-9 27192 '
CPU: 0% (max 15)
MEM: 0% (max 8)
ETIME: 0108 (max )
PROCS: 138 (max 30)
CMD: /usr/bin/php /home/
PRM mails are also for different users at same time and all accounts have approximately equal PROCS value (about 130 to 200).
Is this a DDOS Attack?