Results 1 to 16 of 16
  1. #1
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391

    Random Down Time/ DOS Attacks

    I have 2 big sites on my server, its a dual core rig from SoftLayer with 100mbps port. The members on the forums I have are complaning about random Page Cannot Be Displayed error like when apache goes down, it never goes down...I have SL saying theres no logs to why it randomly does it and the site wants to leave. What could cause this? Load is low always. Also how do I auto stop dos attacks? I have APF and its too hard to manually insert the IP's since they usually hit when I sleep.

    top - 23:39:55 up 1 day, 3:56, 1 user, load average: 0.09, 0.08, 0.07

    The current connection's, this is how it usually looks..

    1 127.0.0.1
    1 152.163.100.133
    1 152.163.100.134
    1 152.163.100.136
    1 152.163.100.138
    1 152.163.100.139
    1 152.163.100.195
    1 152.163.100.197
    1 152.163.100.198
    1 152.163.100.200
    3 152.163.100.201
    1 152.163.100.202
    1 152.163.100.204
    1 152.163.100.5
    2 152.163.100.67
    1 152.163.100.70
    1 152.163.100.72
    2 152.163.100.73
    1 152.163.101.10
    1 152.163.101.13
    1 152.163.101.6
    1 64.12.116.130
    1 64.12.117.6
    1 64.12.117.8
    1 66.249.66.3
    50 67.71.136.88
    2 68.127.93.78
    25 68.41.129.235
    23 68.61.132.208
    1 71.193.204.160
    67 72.47.95.215
    22 76.208.85.208
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  2. #2
    There is no DoS attacks
    check your httpd.conf configuration and recompile apache. may be something wrong with PHP/CGI scripts?

  3. #3
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391
    SoftLayer tuned the apache configuration. I've compiled php a few times only bad outcome is GD 2 dosent work right on the forums I have to default to 1. I've been going through pages alot to see if I could catch the error. We did have this a few days ago then the members said OMG ITS GONE and stuff but now there like ITS BACK bla bla.
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  4. #4
    Just 8-20 connection that is not DoS/DDoS attack. You must have Apache config problem or script that blocks disk I/O.

    Optimize your Apache, PHP and MySQL. I have 2 large forum and 3 large customer blog hosted at one of my SL box. Don't have any issues (crossing 50k unique a day). But I have SCSI hd+2GIG+AMD Dual core+100Mbps and everything is optimized.
    <<Please see rules for signature setup>>

  5. #5
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391
    I have payed SL to optmize php, mysql & apache, it was working faster... maybe my other sys admin installed some ****** anti dos script
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  6. #6
    Talk to your other sys admin, disable anti dos script and monitor system again. Run netstat command to see how many connection you have at a time... you can configure Apache and Linux networking to terminate client connections/persistent connection quickly.This way you can serve more users.
    <<Please see rules for signature setup>>

  7. #7
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    8 - 20 connections could very well be DDoS. There are types of resource attacks that have been popping up lately that do not require a high volume of traffic to bring the server to it's knees.

    The best solution is a combination of network and server level migitation techniques. It sounds like SoftLayer may already be doing *some* of this for you but nothing is absoutely perfect and some manual intervention is going to be required at times.

  8. #8
    Quote Originally Posted by IRCCo Jeff
    8 - 20 connections could very well be DDoS. There are types of resource attacks that have been popping up lately that do not require a high volume of traffic to bring the server to it's knees.
    Can you explain some of those attacks...? this is new info to me so I would like to know the deatils
    <<Please see rules for signature setup>>

  9. #9
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391
    I'm always looking at howmany connections

    I've herd that we're getting hit by "dontcare" bots. Anyways I'm calling the ISP of anyone doing more then 1000 connections and sueing if the ISP dosent take action. It happens daily.
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  10. #10
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Service providers are immune from legal liability in the actions of their customers. The only reason they would take action is to protect their own network.

  11. #11
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391


    Well what can I do to them?
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  12. #12
    You can't...

    Feds will not do anything until and unless you are losing millions of dollars. But you can protect yourself by migrating or using 3rd party anti ddos service.
    <<Please see rules for signature setup>>

  13. #13
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391
    What kind of 3rd party anti ddos service should I get?
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  14. #14
    Well I don't have any personal experience but my friend uses www.prolexic.com he runs very popular site which is monetized by ads. If his site goes down for a day he losses around 5-10k.

    You will find other providers which have good reputation here Staminus and Gigenet.

    Most solutions are not cheap but you can fight back. Also SL provides DDoS migration. Last time they mirgraed 6 Gbps DDoS. Have you talked to them about same problem?
    <<Please see rules for signature setup>>

  15. #15
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391
    It seems to be better now.

    I experenced it once tonight, i was going to the mesger on ipb and the load was 0.03 and it times out O_o
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

  16. #16
    Join Date
    Jan 2006
    Location
    Santa Cruz, California
    Posts
    391
    Hows this?

    118 67.68.54.180
    5 68.189.88.21
    113 68.65.43.192
    27 69.157.110.194
    15 82.43.225.244
    99 86.139.249.178
    [email protected]
    www.xenserv.com Your High Performance Hosting Specialists - Try the Xen Experience Today!
    http://uploadpla.net - My free Media hosting site.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •