Results 1 to 8 of 8

Thread: DDos

  1. #1

    DDos

    dear
    i have a centos server.
    in this week my server ddos all days. i install firewall but it can not prevent ddos.
    ddos is from my server . when i see the ip that ddos my server , i see that it is my server ip.
    how can i solve this problem ?
    thanks
    Colocation, Dedicated Server, Cloud Services

  2. #2
    Join Date
    Nov 2003
    Location
    Kherson, Ukraine
    Posts
    267
    So, your server DDOSing itself?
    Seems this is not DOS but a bug in some script. May be script recursively call itself.
    Try to use
    nestat -n -a -p
    to determine which process sends and receives ip packets.
    Private remote administrator of Linux servers - www.petrov.ks.ua
    Quality hosting - Host-Web-Site.com

  3. #3
    Try to check the processes causing load on the server by login to the shell and by using command,
    # top
    or
    # ps -auxf
    SUPPORT FACILITY | 24/7 TECH SUPPORT
    SERVER MANAGEMENT | WEB HOSTING SUPPORT | WP EXPERTS

  4. #4
    Join Date
    Jul 2009
    Posts
    178
    netstat -plan|grep :80 |awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

    Use this command and see is any IP exceeds more then 200 connections.
    If yes block it.

  5. #5
    Hi,

    Preventing ddos is actually a difficult task and it can be prevented successfully using external firewall.Anyway I've created a script to prevent ddos.It will block the ip addresses that makes more connection than the specified limit.
    Last edited by Mike V; 09-27-2009 at 03:29 PM.

  6. #6
    Join Date
    Feb 2004
    Location
    USA
    Posts
    1,572
    Is your server runing cpanel? then you can try CSF or AFP.

    http://www.configserver.com/cp/csf.html

  7. #7
    Join Date
    Dec 2008
    Location
    Florida
    Posts
    1,052
    Install Config Server, then install DDoS Defalte (Yes it will work without APF, except you can't remove bans).

    Also, if this is a actual DDoS, your software firewalls won't do anything as the damage being done is at the switch, it's killing your bandwidth stream.

    Contact your provider, and ask them to look into it if the attack IS a DDoS.

    Could you tell me your provider? If it's a unmanaged provider you may run into some trouble with them helping you.
    Not sure what to put here :-P

  8. #8

    It's not a DDOS

    What 'soltan' is saying isn't a DDOS but a bug in the script which is calling itself as stated by 'vapetrov'. This happens many a time when clients leave a small bug causing high number of connections to itself making the server inaccessible.

    In order to figure out the actual script in question, list the running processes using either

    netstat -alntp
    OR
    ps -auxf

    In the 'netstat' output, you will see a PID of a running process in the last column along with it's service like '12345/httpd'

    In the 'ps' output, you will see the PID of a process in the second column.

    In either of the case, pick up a PID and see which files it is accessing, using the command:

    lsof -p PID

    This will show you the script the process is accessing and you can get the script corrected.

Similar Threads

  1. Replies: 3
    Last Post: 06-08-2009, 01:53 PM
  2. Replies: 0
    Last Post: 06-01-2009, 02:39 AM
  3. Replies: 0
    Last Post: 05-09-2009, 12:54 PM
  4. Replies: 0
    Last Post: 05-01-2009, 09:27 PM
  5. Replies: 7
    Last Post: 01-17-2007, 12:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •