Results 1 to 8 of 8
Thread: DDos
-
09-17-2009, 04:05 AM #1WHT Addict
- Join Date
- Jun 2007
- Posts
- 158
DDos
dear
i have a centos server.
in this week my server ddos all days. i install firewall but it can not prevent ddos.
ddos is from my server . when i see the ip that ddos my server , i see that it is my server ip.
how can i solve this problem ?
thanksColocation, Dedicated Server, Cloud Services
-
09-17-2009, 06:22 AM #2Web Hosting Guru
- Join Date
- Nov 2003
- Location
- Kherson, Ukraine
- Posts
- 267
So, your server DDOSing itself?
Seems this is not DOS but a bug in some script. May be script recursively call itself.
Try to use
nestat -n -a -p
to determine which process sends and receives ip packets.Private remote administrator of Linux servers - www.petrov.ks.ua
Quality hosting - Host-Web-Site.com
-
09-17-2009, 07:02 AM #3Support Facility
- Join Date
- Jun 2009
- Posts
- 2,335
Try to check the processes causing load on the server by login to the shell and by using command,
# top
or
# ps -auxf
-
09-18-2009, 11:40 AM #4Temporarily Suspended
- Join Date
- Jul 2009
- Posts
- 178
netstat -plan|grep :80 |awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Use this command and see is any IP exceeds more then 200 connections.
If yes block it.
-
09-18-2009, 12:39 PM #5Newbie
- Join Date
- Aug 2008
- Location
- Singapore
- Posts
- 16
Hi,
Preventing ddos is actually a difficult task and it can be prevented successfully using external firewall.Anyway I've created a script to prevent ddos.It will block the ip addresses that makes more connection than the specified limit.Last edited by Mike V; 09-27-2009 at 03:29 PM.
-
09-18-2009, 01:14 PM #6Temporarily Suspended
- Join Date
- Feb 2004
- Location
- USA
- Posts
- 1,572
Is your server runing cpanel? then you can try CSF or AFP.
http://www.configserver.com/cp/csf.html
-
09-18-2009, 01:59 PM #7Danananana Danananana Batman!
- Join Date
- Dec 2008
- Location
- Florida
- Posts
- 1,052
Install Config Server, then install DDoS Defalte (Yes it will work without APF, except you can't remove bans).
Also, if this is a actual DDoS, your software firewalls won't do anything as the damage being done is at the switch, it's killing your bandwidth stream.
Contact your provider, and ask them to look into it if the attack IS a DDoS.
Could you tell me your provider? If it's a unmanaged provider you may run into some trouble with them helping you.Not sure what to put here :-P
-
09-18-2009, 02:33 PM #8Web Hosting Master
- Join Date
- Jul 2009
- Posts
- 1,568
It's not a DDOS
What 'soltan' is saying isn't a DDOS but a bug in the script which is calling itself as stated by 'vapetrov'. This happens many a time when clients leave a small bug causing high number of connections to itself making the server inaccessible.
In order to figure out the actual script in question, list the running processes using either
netstat -alntp
OR
ps -auxf
In the 'netstat' output, you will see a PID of a running process in the last column along with it's service like '12345/httpd'
In the 'ps' output, you will see the PID of a process in the second column.
In either of the case, pick up a PID and see which files it is accessing, using the command:
lsof -p PID
This will show you the script the process is accessing and you can get the script corrected.
Similar Threads
-
(USA) DDOS Protected VPS plans - DDOS-VPS are fully DDOS Protected!
By 1-VPS in forum VPS Hosting OffersReplies: 3Last Post: 06-08-2009, 01:53 PM -
(USA) DDOS Protected VPS plans - DDOS-VPS are fully DDOS Protected!
By 1-VPS in forum VPS Hosting OffersReplies: 0Last Post: 06-01-2009, 02:39 AM -
(USA) DDOS Protected VPS plans - DDOS-VPS are fully DDOS Protected!
By 1-VPS in forum VPS Hosting OffersReplies: 0Last Post: 05-09-2009, 12:54 PM -
(USA) DDOS Protected VPS plans - DDOS-VPS are fully DDOS Protected!
By 1-VPS in forum VPS Hosting OffersReplies: 0Last Post: 05-01-2009, 09:27 PM -
Got DDoS? BLCC DDoS Protection sale! Stop HTTP GET attacks in their tracks!
By ddosguru in forum Dedicated Hosting OffersReplies: 7Last Post: 01-17-2007, 12:49 PM