Results 1 to 9 of 9
  1. #1
    Join Date
    Apr 2009
    Posts
    182

    How do you know if you are being DDoS'ed?

    Lately my website has been loading extremely slowly. I talked to my host about it, and they noticed that packets were being dropped, hence the slow connection. So they worked their magic and fixed it; for a few days my website was running just fine. However, then it went back to being slow again.

    So I contacted my host, and asked them to look at it. I mentioned that the problem does not seem to be dropped packets this time, but rather I was getting an unusually high MS (I usually get 70-90 and was getting 105-130) when pinging the server. So a system administrator looked at it and told me that a possible reason for the lack of speed is that multiple IPs have multiple connections open to my server. He mentioned that this typically is the case when you host video files; the only problem is that I run a blog and a forum - don't host any videos, or such.

    After that he basically just told me it was my problem to deal with and to go ask at Wordpress forums (this response really ticked me off seeing as I still believe it is a network related problem which I can't solve without their help). However, I don't think the problem is at my end - I have been running Wordpress since I started and this lag has only recently happened.

    So, my question is am I being DDoS'ed? If so, how can I solve the problem? If not, any ideas as to what could be causing the problem?

    Thank you.

  2. #2
    Join Date
    Feb 2002
    Location
    New York, NY
    Posts
    4,565
    The first thing the host should do is to look at the bandwidth graph for the port that your server is connected to. If they don't see anything there, then you should look at your Apache logs to see how much traffic you're getting.
    Scott Burns, President
    BQ Internet Corporation
    Remote Rsync and FTP backup solutions
    *** http://www.bqbackup.com/ ***

  3. #3
    Join Date
    Oct 2002
    Location
    Vancouver, B.C.
    Posts
    2,570
    Quote Originally Posted by bqinternet View Post
    The first thing the host should do is to look at the bandwidth graph for the port that your server is connected to. If they don't see anything there, then you should look at your Apache logs to see how much traffic you're getting.
    DoS attacks may not show up in bandwidth graphs however, as they may be small packets. For that reason, it's good to have packets/s graphs as well. It's surprising that more providers don't have them.

    Quote Originally Posted by Lakjin View Post
    After that he basically just told me it was my problem to deal with and to go ask at Wordpress forums (this response really ticked me off seeing as I still believe it is a network related problem which I can't solve without their help). However, I don't think the problem is at my end - I have been running Wordpress since I started and this lag has only recently happened.
    To be fair, Wordpress isn't the lightest on resources and it may very well be that you've just recently started receiving enough traffic to slow down your server. When your server is barely keeping up, it will still be fairly responsive. However, as soon as it's even a little too much, processes will start queuing up, waiting for CPU time and responsiveness will degrade quite dramatically.

    However, they should have performed some diagnostics to demonstrate that it's not a network problem, if you had indicated you suspected that was the case. If it's a managed server, they should have also checked the load on the server to see which processes are taking up all the CPU time. It does seem based on what you've described that they were not quite as thorough as they could've been, but if it's a self-managed server you shouldn't really be expecting anything more.
    ASTUTE HOSTING: Advanced, customized, and scalable solutions with AS54527 Premium Canadian Optimized Network
    MicroServers.io: Enterprise Dedicated Hardware with IPMI at VPS-like Prices with AS63213 Affordable Bandwidth in Canada and beyond
    Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, Miami, and London

  4. #4
    Join Date
    Apr 2009
    Posts
    182
    As far as I know - and I am no expert mind you - I am not getting near enough traffic to tax the server one bit. In fact, I would say I got less traffic than usual for the past week or so, which is when these problems starting happening.

    That said, it isn't a managed server, so I will give my host that much. But, for a network problem I still think they ball is in their court.

  5. #5
    Join Date
    Apr 2010
    Location
    India
    Posts
    47
    problem solving would need some reverse engineering, first of all take a look at network utilization, then check its logs for incoming/outgoing logs and segregate the difference, compare these with your previous utilization, your statistic will help you in this. Then check you CPU utilization.

    some time outbound UDP traffic too decreases server performance, in such case check worms and malware infections

  6. #6
    Join Date
    Apr 2007
    Location
    Montreal, Quebec
    Posts
    88
    I'd recommend installing a resource monitoring utility such as Munin.

    You will definitely be able to see if something is wrong with your server's resource usage over the course of just a few hours.

    Otherwise, you should make sure your wordpress is as optimized as it can be. These articles may be of help:
    http://codex.wordpress.org/WordPress_Optimization
    http://codex.wordpress.org/WordPress...zation/Caching

    Just installing and configuring WP_SuperCache can drastically boost your performance.

    Best of luck,
    David Moreau Simard
    :: Blog: dmsimard.com
    :: Twitter: @dmsimard

  7. #7
    Join Date
    Apr 2010
    Location
    Lansing, MI
    Posts
    422
    The bandwidth graphs should show pretty clearly if you are being dossed, like was said. If you don't see packets per second graphs in your control panel, ask your host. It is possible that they have them, but don't display them to customers.

    mtr is a good tool to monitor packet loss and latency along the entire route from you to your server. If you still see loss and latency at your server, then there is definitely something there.

    I second and third the recommendation of caching. Even if you are not being DDoS'ed it is an absolute must in my opinion.

    There are other things that can cause dropped packets, too, that you/your host can check: a failing cable, or NIC can show packet loss. If there is a problem with the hardware, you may see it in the logs. Is this a linux server?

  8. #8
    Please check your CPU usage.
    Which OS are you using ?

    One thing is for sure that WordPress will not make a dedicated server so slow unless you have over 10000 visitors at the same time

    How much RAM does your server have ?
    Softaculous - Auto Installer for cPanel, Direct Admin, InterWorx, Plesk, H-Sphere
    The only Auto Installer that installs 260+ scripts. Install in just ONE STEP!
    Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 60+ OS Templates
    Webuzo - Softaculous for the Cloud i.e. Softaculous Standalone

  9. #9
    Join Date
    Apr 2010
    Location
    Lansing, MI
    Posts
    422
    Quote Originally Posted by alons View Post
    One thing is for sure that WordPress will not make a dedicated server so slow unless you have over 10000 visitors at the same time.
    I'm sorry, I have to disagree with this statement. There are far too many factors involved to make this kind of blanket statement, both having to do with the available resources (CPU, Memory, Drive speed) and with the site/theme that is being used.

    If you are running a completely uncached site with 20+ database calls per hit, on a P4 with 1G of ram, it will take very little traffic to make your server slow. While it's not directly WordPress's fault, in that case, it is definitely related.
    Benny Crampton
    Liquid Web - Dedicated Hosting with Heroic Support
    StormOnDemand - Flexible Cloud Hosting Infrastructure
    1-800-580-4985 | Twitter: @liquidweb | @StormOnDemand

  10. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Server DDoS'ed, but how to know which website?
    By Uncle Mad in forum Web Hosting
    Replies: 10
    Last Post: 04-17-2009, 01:52 PM
  2. Brand new VPS, already DDos'ed?
    By JayNL in forum VPS Hosting
    Replies: 16
    Last Post: 05-31-2007, 06:06 PM
  3. Knownhost/C4D getting DDOS'ed again?
    By zanzaban in forum Providers and Network Outages and Updates
    Replies: 2
    Last Post: 09-12-2006, 11:42 PM
  4. PsiGate being DDoS'ed again
    By gossi in forum Web Hosting
    Replies: 3
    Last Post: 10-11-2004, 02:42 PM
  5. united.colo is probably getting ddos'ed again
    By cybotix in forum Dedicated Server
    Replies: 10
    Last Post: 10-13-2002, 01:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •