Is My Server Under DdOS attack. please help. :(

Discussion in 'Security' started by bindasboy, Aug 5, 2010.

0
  1. #1
    Hi guys,
    im new here many people recommended this forum to me.
    I am a newbie on linux and its management, im learning. I have a server and i think that my server is under Ddos attack. i see that server is not having much load and only few process runs but my site opens very slow.

    i executed the following command on my ssh:
    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail

    and as i result i got following output:

    root@server [~]# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail
      4 110.225.237.32
      4 203.88.10.130
      4 27.248.94.106
      6 182.156.5.157
      7 203.88.11.129
      8 182.16.156.122
      9
     10 117.206.66.79
     12 64.255.180.229
     28 0.0.0.0
root@server [~]#
    Code (markup):
    please tell me if these IPs are doing any kind of attacks..

    also tell me what steps should i take to stop Ddos on my server.
     
    bindasboy, Aug 5, 2010 IP
  2. SuprSRV

    SuprSRV Active Member

    Messages:
    40
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #2
    It's not a DDoS attack. You need to optimize your site and server better.
     
    SuprSRV, Aug 6, 2010 IP
  3. bindasboy

    bindasboy Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    thanks for replying.

    my server is not slow but the site opens slow.

    also my load average is below 0.2. this server is not doing anything only hosting a few small sites.

    site opens slow, but when i reboot the httpd it starts to load instantly for 5 mins then after that it starts to load slow. damn slow.

    any ideas.

    and how can i optimise my server. please help me DP members.
     
    bindasboy, Aug 6, 2010 IP
  4. coolmaste

    coolmaste Peon

    Messages:
    120
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Is it VPS or dedicated server?
     
    coolmaste, Aug 6, 2010 IP
  5. bindasboy

    bindasboy Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Its a dedicated server with follwing cpu specs:

    Core2Quad 9300
    1TB SATA HDD
    8GB DDR2 RAM
    apache 2.2+ cpanel/WHM + mysql + php
     
    bindasboy, Aug 6, 2010 IP
  6. jeffatrackaid

    jeffatrackaid Active Member

    Messages:
    168
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    75
    #6
    You've not provided too many details about your site, but if it is database driven, you may want to just call a image directly:

    http://www.domain.com/image.jpng

    Put in your domain and an image of course.

    This will see how quickly your site loads static content.

    If it is fast, then perhaps your web application has an issue.

    You can then put up a php info page with:

    
(? phpinfo() ?>
    Code (markup):
    And call that page. If that loads quickly, then it is not likely in your apache/php configuration but a application specific problem.

    Without looking at your logs and setup, I really cannot provide many more pointers, but in a DOS attack, you will see many more network connections (100's or 1000's).
     
    jeffatrackaid, Aug 6, 2010 IP