it happen lately these days, my user complain can't access his site, and when I check I can't also, tried ssh to server can't, but I can the server properly, no time out..

and then after I can login to server via ssh, I just stay there and doing netstat randomly while opening the site on my browser.. and when the time I can't access the site, I tried to check how many connection opened (netstat -an) it has slow response, and result were displayed later. and when the result came up, I found many connection thru port 80 from the same IP but already close_wait... (see below)

my question, am I being DDoS-ed?? if so how do I prevent it.
ps: I have installed Blockhost..

thank before.

tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:55089 CLOSE_WAIT 15781/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:39846 CLOSE_WAIT 15782/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:39190 CLOSE_WAIT 15990/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:60557 CLOSE_WAIT 15786/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:46049 CLOSE_WAIT 15995/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:56390 CLOSE_WAIT 15992/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:48077 CLOSE_WAIT 6252/httpd
tcp 0 0 ::ffff:10.10.48.232:22 ::ffff:10.10.105.181:4480 ESTALISHED 18532/0
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:10.10.105.181:4517 CLOSE_WAIT 25432/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:52498 CLOSE_WAIT 15788/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:40852 CLOSE_WAIT 15994/httpd
tcp 0 0 ::ffff:10.10.48.232:80 ::ffff:10.10.105.181:4524 ESTALISHED 15783/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:10.10.105.181:4521 CLOSE_WAIT 15965/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:37391 CLOSE_WAIT 20978/httpd
tcp 0 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:40554 CLOSE_WAIT 15969/httpd
tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:44626 CLOSE_WAIT 16006/httpd
tcp 279 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:58074 ESTALISHED -

10.10.48.232 is a local IP address from your LAN...

correct, 10.10.48.232 is my box which NAT'ed by router with public IP.
I just curious why when these 2 IPs connect to port 80 (66.249.70.92, 74.6.8.106) how come my box became not responding. (I cant access to port 80 and 22)..

that's all.... but with new version of Centos and ispconfig available. I'll upgrade my box and hopefully this case wont happen again
________
Vapolution (http://www.vaporshop.com/vapolution-vaporizer.html)

This link might help: http://www.howtoforge.com/forums/showpost.php?p=38142&postcount=4

after checking my server console, I found error that my server is not enough memory, and killing some process belong to httpd and mysqld. I have 640MB Memory and 1GB swap on my primary server. is that not enough ??

http://www.howtoforge.com/forums/showpost.php?p=135001&postcount=5

hosting 22 sites (all of them using mysql DBs - for Wordpress and Joomla)
________
CR250M (http://www.honda-wiki.org/wiki/Honda_CR250M)

I think you should try to optimize Apache and MySQL. Are you using a PHP cache such as eAccelerator or Xcache? If not, you should definitely install one.

i'll install php eAccelator and try to configure mysql... but to optimize apache?? I never do that...

but thanks for the tips..
:D
________
E23 (http://www.bmw-tech.org/wiki/BMW_E23)

Oke I found one,

http://phpimpact.wordpress.com/2007/06/22/optimizing-apache-and-php/

but its actually summary of 3 IBM's articles
http://www.ibm.com/developerworks/linux/library/l-tune-lamp-1/index.html
http://www.ibm.com/developerworks/linux/library/l-tune-lamp-2.html
http://www.ibm.com/developerworks/library/l-tune-lamp-3.html

still reading it, but I think every should read this... :D