Ok.. I run a forum. Recently, we keep getting attacked somehow and it stops the server connecting. We have to reboot the server, but it only lasts for 12-24 hours max at the moment before they do it again. Is there anyway to stop this happening?
look into ALL log files access_log error_log warn messages etc fine out HOW this is initiated - look at the time when the server is taken down and go back line by line in your various raw log files what SW etc the problem started with ... then secure your servers this may take efforts and time to solve - i had a security issue with hackers that took me some 200 hrs in 2 weeks nearly day and night study and research until solved once you found and solved YOUR security weakness - you may rest in peace and enjoy life egain - until then study and work until job done analyze all SE you have installed search google for each and every SW about security issues
Its not necessary that you are being attacked but if your forum is very much busy, that can hang up the server as well. More load on the server causes it to work very slowly or I should say, it lags the server
Thanks for your information. Our server guy just contacted us stating that their has been a huge traffic spike causing the server to crash, so hopefully thats as far as it goes and we don't get attacked again, once I pay for the new server ($300 a month ). I'll keep you updated.
They are probably sending lots of syn packets.So httpd keeps you at waiting status.You can prevent it via snort (but you have to create nice rules ) + mod_security.Don't try to ban the ips via iptables or apf.It won't work.the server will keep crashing.Be sure make keep alive off, and reduce socket open & close times at httpd.conf
Also hardware firewalls are useless in this case.We were heavily attacked 2 years ago,and we used cisco.Firewall won't do anything in this case (with default config)because as i stated they probably crashing the server via httpd requests.You may prevent it via h. firewall if you can limit the number of requests per ip via h. firewall but since its a hardware firewall and we didn't control over it,i dont know much about it.
lol i n that case anyone can pm me coz i can install ddos protection for some $$ it will cause a reverse packet