Results 1 to 12 of 12
  1. #1

    * server under attack? please help

    Hi guys,

    Recently we have been having issues of our server stopping because we have many connections open from the same ip.

    we deliver videos with this server and when i run

    netstat -n | grep :80 | awk '{ print $5 }' | awk -F: '{ print $1 }' | sort | uniq -c | sort -n | tail

    I see like 400 open connections from the same ip, when i go to WHM and see the apache status, i see that this one ip is downloading the same video 400 times.

    how can i overcome this issue? can i limit the number of connections per ip in apache?

    thank you

  2. #2
    Join Date
    Jul 2007
    Location
    Southampton, NY
    Posts
    229
    Quote Originally Posted by steven2009 View Post
    Hi guys,

    Recently we have been having issues of our server stopping because we have many connections open from the same ip.

    we deliver videos with this server and when i run

    netstat -n | grep :80 | awk '{ print $5 }' | awk -F: '{ print $1 }' | sort | uniq -c | sort -n | tail

    I see like 400 open connections from the same ip, when i go to WHM and see the apache status, i see that this one ip is downloading the same video 400 times.

    how can i overcome this issue? can i limit the number of connections per ip in apache?

    thank you
    you could always just ban the ip.
    "Unix is simple. It just takes a genius to understand its simplicity." Dennis Ritchie

  3. #3
    Do you have ddos deflate installed? That will limit your amount of connections per a ip.

    http://deflate.medialayer.com/

  4. #4
    Join Date
    Jan 2005
    Posts
    2,175
    Try mod_limitipconn

  5. #5
    Join Date
    Dec 2002
    Location
    The Shadows
    Posts
    2,913
    more of a tech question...
    Dan Sheppard ~ Freelance whatever

  6. #6
    Join Date
    May 2009
    Location
    Ft. Lauderdale, Florida
    Posts
    1,474
    You can block the offending ip in your WHM--> Security Center--> Host Access Control (block ip address). That will immediately stop the drain.
    Last edited by JixHost; 10-07-2009 at 09:42 PM.
    JixHost | U.S.A. based hosting & support for 8+ years. | Powerful, reliable network.
    JixHost.com | Instant Activation | Trusted by over 115,000 clients served globally.
    █ Cloud VPS | Alpha Reseller | Master Reseller | Reseller | BBB Rated "A+".
    █ 24/7/365 Help desk support | Recurring Affiliate Program available.

  7. #7
    Join Date
    Aug 2009
    Location
    Essex, UK
    Posts
    30
    mod_cband is quite good if you google for it, that can do all kinds of limiting for apache.

  8. #8
    Instead of playing with apache mods, I will suggest to install a decent firewall like CSF and ban that IP.
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

  9. #9
    Install and configure csf +lfd or apf +bfd in your server.

  10. #10
    Thanks for the replies guys,

    I Can disable the ip once i see the attack, but sometimes by the time i findout what is going on, its too late,,, So I want to come up with a solution. what would be a better approach to this?

    installing CSF?
    getting a hardware firewall?
    installing mod_limitipconn or mod_cband

    any advice is greatly appreciated,

  11. #11
    Better you should get install the csf firewall on the server from http://www.configserver.com/free/csf.tgz and can block the IP by using the csf,

    # csf -d ipaddress
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  12. #12
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,100
    Installing both csf +lfd or apf+bfd will help you much better in these situations. There has been no effective software solutions to prevent DDOS except hardware firewalls.
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

Similar Threads

  1. Need linux server admin to protect server - server under DDos attack
    By woonapservers in forum Systems Management Requests
    Replies: 10
    Last Post: 08-17-2009, 12:32 PM
  2. SYN attack on my server!
    By VL-Adam in forum Hosting Security and Technology
    Replies: 7
    Last Post: 08-12-2009, 01:42 AM
  3. Server under attack?
    By giavinh in forum Hosting Security and Technology
    Replies: 11
    Last Post: 11-06-2008, 11:18 AM
  4. Replies: 14
    Last Post: 11-22-2003, 05:40 AM
  5. Replies: 8
    Last Post: 11-13-2003, 10:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •