hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : How do you know if you are being DDoS'ed?
Reply

Forum Jump

How do you know if you are being DDoS'ed?

Reply Post New Thread In Dedicated Server Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 04-26-2010, 02:00 AM
Lakjin Lakjin is offline
WHT Addict
 
Join Date: Apr 2009
Posts: 115

How do you know if you are being DDoS'ed?


Lately my website has been loading extremely slowly. I talked to my host about it, and they noticed that packets were being dropped, hence the slow connection. So they worked their magic and fixed it; for a few days my website was running just fine. However, then it went back to being slow again.

So I contacted my host, and asked them to look at it. I mentioned that the problem does not seem to be dropped packets this time, but rather I was getting an unusually high MS (I usually get 70-90 and was getting 105-130) when pinging the server. So a system administrator looked at it and told me that a possible reason for the lack of speed is that multiple IPs have multiple connections open to my server. He mentioned that this typically is the case when you host video files; the only problem is that I run a blog and a forum - don't host any videos, or such.

After that he basically just told me it was my problem to deal with and to go ask at Wordpress forums (this response really ticked me off seeing as I still believe it is a network related problem which I can't solve without their help). However, I don't think the problem is at my end - I have been running Wordpress since I started and this lag has only recently happened.

So, my question is am I being DDoS'ed? If so, how can I solve the problem? If not, any ideas as to what could be causing the problem?

Thank you.



Sponsored Links
  #2  
Old 04-26-2010, 03:12 AM
bqinternet bqinternet is offline
Backup Guru
 
Join Date: Feb 2002
Location: New York, NY
Posts: 4,480
The first thing the host should do is to look at the bandwidth graph for the port that your server is connected to. If they don't see anything there, then you should look at your Apache logs to see how much traffic you're getting.

__________________
Scott Burns, President
BQ Internet Corporation
Remote Rsync and FTP backup solutions
*** http://www.bqbackup.com/ ***

  #3  
Old 04-26-2010, 03:54 AM
hhw hhw is offline
Web Hosting Master
 
Join Date: Oct 2002
Location: Vancouver, B.C.
Posts: 2,363
Quote:
Originally Posted by bqinternet View Post
The first thing the host should do is to look at the bandwidth graph for the port that your server is connected to. If they don't see anything there, then you should look at your Apache logs to see how much traffic you're getting.
DoS attacks may not show up in bandwidth graphs however, as they may be small packets. For that reason, it's good to have packets/s graphs as well. It's surprising that more providers don't have them.

Quote:
Originally Posted by Lakjin View Post
After that he basically just told me it was my problem to deal with and to go ask at Wordpress forums (this response really ticked me off seeing as I still believe it is a network related problem which I can't solve without their help). However, I don't think the problem is at my end - I have been running Wordpress since I started and this lag has only recently happened.
To be fair, Wordpress isn't the lightest on resources and it may very well be that you've just recently started receiving enough traffic to slow down your server. When your server is barely keeping up, it will still be fairly responsive. However, as soon as it's even a little too much, processes will start queuing up, waiting for CPU time and responsiveness will degrade quite dramatically.

However, they should have performed some diagnostics to demonstrate that it's not a network problem, if you had indicated you suspected that was the case. If it's a managed server, they should have also checked the load on the server to see which processes are taking up all the CPU time. It does seem based on what you've described that they were not quite as thorough as they could've been, but if it's a self-managed server you shouldn't really be expecting anything more.

__________________
Han Hwei Woo, ASTUTE HOSTING AS54527 *Advanced and customized solutions for the savvy customer!*
Dedicated Hosting and CDN out of Vancouver, Seattle, LA, Toronto, NYC, Miami, and London
We include CDN, anycast DNS, onboard KVMoIP, firewall, local and global load-balancing, and privatenet with all servers.
sales@astutehosting.com

Sponsored Links
  #4  
Old 04-26-2010, 03:57 AM
Lakjin Lakjin is offline
WHT Addict
 
Join Date: Apr 2009
Posts: 115
As far as I know - and I am no expert mind you - I am not getting near enough traffic to tax the server one bit. In fact, I would say I got less traffic than usual for the past week or so, which is when these problems starting happening.

That said, it isn't a managed server, so I will give my host that much. But, for a network problem I still think they ball is in their court.

  #5  
Old 04-26-2010, 09:43 AM
eukhostsupport eukhostsupport is offline
Junior Guru Wannabe
 
Join Date: Apr 2010
Location: India
Posts: 47
problem solving would need some reverse engineering, first of all take a look at network utilization, then check its logs for incoming/outgoing logs and segregate the difference, compare these with your previous utilization, your statistic will help you in this. Then check you CPU utilization.

some time outbound UDP traffic too decreases server performance, in such case check worms and malware infections

  #6  
Old 04-26-2010, 02:00 PM
dmsimard dmsimard is offline
Junior Guru Wannabe
 
Join Date: Apr 2007
Location: Montreal, Quebec
Posts: 86
I'd recommend installing a resource monitoring utility such as Munin.

You will definitely be able to see if something is wrong with your server's resource usage over the course of just a few hours.

Otherwise, you should make sure your wordpress is as optimized as it can be. These articles may be of help:
http://codex.wordpress.org/WordPress_Optimization
http://codex.wordpress.org/WordPress...zation/Caching

Just installing and configuring WP_SuperCache can drastically boost your performance.

Best of luck,

__________________
David Moreau Simard
:: dmsimard.com | @dmsimard

  #7  
Old 04-26-2010, 02:17 PM
LiquidWebBenny LiquidWebBenny is offline
Aspiring Evangelist
 
Join Date: Apr 2010
Location: Lansing, MI
Posts: 422
The bandwidth graphs should show pretty clearly if you are being dossed, like was said. If you don't see packets per second graphs in your control panel, ask your host. It is possible that they have them, but don't display them to customers.

mtr is a good tool to monitor packet loss and latency along the entire route from you to your server. If you still see loss and latency at your server, then there is definitely something there.

I second and third the recommendation of caching. Even if you are not being DDoS'ed it is an absolute must in my opinion.

There are other things that can cause dropped packets, too, that you/your host can check: a failing cable, or NIC can show packet loss. If there is a problem with the hardware, you may see it in the logs. Is this a linux server?

  #8  
Old 04-26-2010, 02:25 PM
alons alons is offline
Web Hosting Master
 
Join Date: May 2009
Posts: 1,468
Please check your CPU usage.
Which OS are you using ?

One thing is for sure that WordPress will not make a dedicated server so slow unless you have over 10000 visitors at the same time

How much RAM does your server have ?

__________________
Softaculous - Auto Installer for cPanel, Direct Admin, InterWorx, Plesk, H-Sphere
The only Auto Installer that installs 260+ scripts. Install in just ONE STEP!
Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 60+ OS Templates
Webuzo - Softaculous for the Cloud i.e. Softaculous Standalone

  #9  
Old 04-26-2010, 02:35 PM
LiquidWebBenny LiquidWebBenny is offline
Aspiring Evangelist
 
Join Date: Apr 2010
Location: Lansing, MI
Posts: 422
Quote:
Originally Posted by alons View Post
One thing is for sure that WordPress will not make a dedicated server so slow unless you have over 10000 visitors at the same time.
I'm sorry, I have to disagree with this statement. There are far too many factors involved to make this kind of blanket statement, both having to do with the available resources (CPU, Memory, Drive speed) and with the site/theme that is being used.

If you are running a completely uncached site with 20+ database calls per hit, on a P4 with 1G of ram, it will take very little traffic to make your server slow. While it's not directly WordPress's fault, in that case, it is definitely related.

__________________
Benny Crampton
Liquid Web - Dedicated Hosting with Heroic Support
StormOnDemand - Flexible Cloud Hosting Infrastructure
1-800-580-4985 | Twitter: @liquidweb | @StormOnDemand

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Server DDoS'ed, but how to know which website? Uncle Mad Web Hosting 10 04-17-2009 01:52 PM
Brand new VPS, already DDos'ed? JayNL VPS Hosting 16 05-31-2007 06:06 PM
Knownhost/C4D getting DDOS'ed again? zanzaban Providers and Network Outages and Updates 2 09-12-2006 11:42 PM
PsiGate being DDoS'ed again gossi Web Hosting 3 10-11-2004 02:42 PM
united.colo is probably getting ddos'ed again cybotix Dedicated Server 10 10-13-2002 01:18 AM

Related posts from TheWhir.com
Title Type Date Posted
F5 Networks Acquires Cloud-Based DDoS Security Startup Defense.Net Web Hosting News 2014-05-26 16:47:34
DDoS Protection for Hosting Providers - Expand Your Cloud Offering and Protect Your Services Webinars 2014-06-13 10:11:16
The Cloud Is Under Siege; How Can I Protect It From DDoS Attacks? Webinars 2014-06-10 10:55:46
Arbor Networks Reports Alarming Increases in DDoS Attack Size in 2013 Web Hosting News 2013-10-17 13:40:25
Prolexic Warns of Growing Identity Theft Camouflaged by DDoS Attacks Web Hosting News 2013-08-28 12:20:19


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?