Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2003

    help troubleshooting? possible dos attack

    I'm having problems on one of my servers.

    Every now and then apache will fail to serve pages. Yet the service itself is not actually failing.

    A simple restart in shell corrects the problem for awhile. It's not failing around any certain intervals though.

    I've cheked the apache access and error logs - nothing seems abnormal. Also took a look at /var/log/messages - seems ok.

    The server load is always normal around 0.5.


  2. #2
    Join Date
    Jan 2005
    Are there any memory hogging apache processes (possibly php/perl)? You usually see CPU try to hit 100% usage when these flake out, but not always. Try a short rlimit in apache and see what happens if this is the case.

    CROWHOST hosting+colocation services | 877-CROWHOST | support at
    Independent remote-hands serving all Chicago data centers

  3. #3
    Join Date
    Jun 2005

    Re: help troubleshooting? possible dos attack


    Do you use any control panel?, if yes tell me the details

    With regards,

  4. #4
    Join Date
    Aug 2003
    Gods Own Country
    Monitor your server for a day....and see the number of connections which your machine is getting

    command to use bash# netstat -lpn |awk {'print $5'} | sort

    If there are large number of connections from single ip or if there are large connections from different ip then there is a chance of your server being DOSed or DDOSoed

    I would suggest you to install a good APF firewall and enable the DOS protection mode in it. Please read my article on Security to know more about Server Security
    Blessen Cherian
    Follow me on
    Over a decade plus in the Hosting Industry

  5. #5
    Join Date
    Nov 2003
    Yeah - forgot to mention that it's a cPanel box.

    I am running APF and have configured the anti-dos protection.

    There is one account with a large number of processes running - all are safe/legit, however. Mostly php processes (web traffic) and some other processes/scripts which provide online stats for a gameing server and such.

    It's a Dual Xeon 2.4GhZ RHEL 3 box
    2GB RAM
    php_suexec configuration.

    I'll try your suggestions and see if I can dig up anything additonal.

    The reason I thought DOS attack was because we had an account that was under attack previously (numerous time)
    We had stopped that by adding a static .html file as the entry page - rather than the php file they were hitting.

    I was thinking maybe they realized that and better directed the attack. But traffic seems normal for this account.

  6. #6
    Join Date
    Nov 2003
    Yeah - this turned out to be a bad network card...


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts