Results 26 to 42 of 42
Thread: Is this a DDoS Attack or no?
-
07-11-2009, 04:23 AM #26Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
Just killed it with
kill 30487
server is back to normal.
Bug on cpanel forums: http://forums.cpanel.net/f5/webmail-...ad-102425.html
Is there any fix to this?
-
07-11-2009, 04:28 AM #27Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
I just accidently ran the cmd
ps aux |grep
and which seems to have locked up the server
-
07-11-2009, 04:29 AM #28Junior Guru
- Join Date
- Jun 2009
- Location
- Singapore
- Posts
- 205
Well, if Roundcube is really causing you the problem, I suggest that you report a bug to the developers to Roundcube.
Anyway, check that your Roundcube is at the latest version. Bugs are usually fixed with new releases. You are able to update software via WHM, and this can be set to do automatically or manually. However, I suggest setting it to manually.
You can update by going to "update server software" under the software tab.
EDIT:
When you say locked up, you mean the entire server is inaccessible?bikster.com - Quality Hosting. Affordable Prices.
Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
Reseller cPanel/WHM hosting solutions that you can afford
-
07-11-2009, 04:31 AM #29Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
Its back to normal now =)
Thanks alot bikster
This thing has been bugging me for more than a month now, thanks for the help.
-
07-11-2009, 04:36 AM #30Junior Guru
- Join Date
- Jun 2009
- Location
- Singapore
- Posts
- 205
bikster.com - Quality Hosting. Affordable Prices.
Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
Reseller cPanel/WHM hosting solutions that you can afford
-
07-11-2009, 04:45 AM #31Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
Spoke too soon =(
When I initially killed the process the server was loading fine, now its back to its old shenanigans.
top cmd isn't showing anything suspicious
back to square one
-
07-11-2009, 04:52 AM #32Junior Guru
- Join Date
- Jun 2009
- Location
- Singapore
- Posts
- 205
bikster.com - Quality Hosting. Affordable Prices.
Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
Reseller cPanel/WHM hosting solutions that you can afford
-
07-11-2009, 04:55 AM #33Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
Nah, top isn't showing anything with overly high CPU usage.
-
07-11-2009, 04:57 AM #34Junior Guru
- Join Date
- Jun 2009
- Location
- Singapore
- Posts
- 205
Check with your provider, it could be a network problem.
bikster.com - Quality Hosting. Affordable Prices.
Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
Reseller cPanel/WHM hosting solutions that you can afford
-
07-11-2009, 05:01 AM #35Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
My hosting provider(iweb.com) doesn't listen.
They've told me its DDoS attack for the past 2 weeks and are trying to make me buy a DDoS protection package.
-
07-11-2009, 05:06 AM #36Newbie
- Join Date
- Jul 2009
- Location
- rules.php
- Posts
- 6
if this ddos attack ... do this ,ask your provider about the ip attacker then send email abuse to ISP who have this ip's.
as usual data center will block the ip if detected as flooding ...
oh..dont buy anything
-
07-11-2009, 05:09 AM #37Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
Its not a DDoS attack because the bandwidth is fine, no excessive usage or anything of that sort.
I called them yesterday when the server was down, and they said its not a DDoS attack, and they're not responding to my support ticket, which I sent 2 days ago.
-
07-11-2009, 05:14 AM #38Newbie
- Join Date
- Jul 2009
- Location
- rules.php
- Posts
- 6
-
07-11-2009, 05:44 AM #39Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
This is what I found in it:
Code:PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly
-
07-11-2009, 06:13 AM #40Aspiring Evangelist
- Join Date
- Mar 2009
- Location
- /home/khunj
- Posts
- 433
It will always display 0 because it is not correct. You should use the 't' parameter (t for TCP) :
Code:netstat -nt | grep SYN_RECV | wc -l
I will repeat myself but, whatever happens inside your server, it is handle by the kernel so it may be a good idea to ask it how is it going :
Code:# dmesg | tail -n 100
Code:tail -n 100 /var/log/kern.log
-
07-13-2009, 11:55 AM #41Junior Guru Wannabe
- Join Date
- Oct 2004
- Location
- Chicago, IL
- Posts
- 56
They responded about two days ago:
After investigation, and analyzing the system log files and the traffic
graphics, we can confirm that you server is not suffering from any kind
of DDoS attacks!
....
We have also analyzed the log files generated by the command "sar" which
logs periodically (every 10 minutes) different statistics related to the
server resources usage (memory usage, load, CPU usage,...).
You can display these reports by using the following commands:
sar -r -f /var/log/sa/sa01 (01 for the 1st of July, ...) to display
the statistics related to the memory usage. (The memory is used at more
than 96% ...). This is probably the main cause of the reported issues!,
we suggest you to upgrade you memory to have the needed resources for
the running processes.
Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
Processor #1 speed: 1600.000 MHz
Processor #1 cache size: 1024 KB
Processor #2 Vendor: GenuineIntel
Processor #2 Name: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
Processor #2 speed: 1600.000 MHz
Processor #2 cache size: 1024 KB
Memory for crash kernel (0x0 to 0x0) notwithin permissible range
Memory: 1023704k/1038976k available (2096k kernel code, 14576k reserved, 874k data, 228k init, 121472k highmem)
Is my server really that bad not to be able to host about 15, very small sites?
-
07-13-2009, 02:21 PM #42Web Hosting Master
- Join Date
- Mar 2006
- Location
- New Jersey
- Posts
- 851
Server configuration is absolutely fine, infact you can host them on vps or shared hosting if they are small sites. I think you really need a server administrator to investigate for you. There are many server management companies offering one time service which could solve your problem.
24Shells in Business Since 2003 - AS55081
Dedicated Servers, High Bandwidth Servers
@24Shells - 24shells.net
Similar Threads
-
DDoS attack
By newbie_security in forum Hosting Security and TechnologyReplies: 12Last Post: 05-26-2009, 06:11 PM -
DDOS attack
By Hserver in forum Hosting Security and TechnologyReplies: 5Last Post: 10-06-2007, 03:30 AM -
What to do during/after a DDoS attack
By Mitsurugi in forum Hosting Security and TechnologyReplies: 4Last Post: 07-31-2007, 09:51 AM -
DDOS attack
By KGLim in forum Hosting Security and TechnologyReplies: 1Last Post: 09-10-2004, 07:28 AM -
Ddos attack, any help?
By beniceman in forum Hosting Security and TechnologyReplies: 5Last Post: 08-31-2004, 11:58 PM