IS this a ddos attack?

28 Jan 2008 1444 1412063 1460202 44.01 GB

Is that 1,444 uniques, over 1 million pageviews/visitors and use of 44GB?

My average is 500MB with like 2k uniques, but for some reason I'm getting MORE pageviews and MORE bw is being used.

That's daily, 44GB.

Also, the IP that AwStats says is sending the Bandwidth is the Server IP i'm on...

How is that possible?

My site is currently down due to too much BW.

=/

Can anyone help?

 

If the IP address is the server you are on it sounds like there is a script on your site that attempts to download itself, possibly several times per real request.

This can happen in PHP with file_get_contents("http://www.domain.com/whatever.php"); or include("http://www.domain.com/whatever.php"); or one of several other functions.

Can you get shell access to your server ? Can you get to your raw log files ? If so, we can help you analyse them further to figure out what's happening.

If not, AWStats still may help. Try looking at what the most frequently requested file is. Also look at 404 errors (right down the bottom...) and tell us how many of those there are.

 

DDoS is IP specific, so it targets the server, sounds like DoS
basically some bots are loading pages over and over again, simple fix will cost you a little but PM me
if you want me to implement protection

 

Just apply some iptables rule, search around the forum, you will find plenty.

 

Do you think that this would be enough to prevent the whole thing from happening again?

 

Not completely prevent, there is no such thing unless you monitor 24/7. But, it will greatly reduce.

 

Its a botnet for sure, u r compromised if you are running proxy websites.
Just block whole range and china.