Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 23rd January 2012, 10:35
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,266
Thanks: 82
Thanked 24 Times in 20 Posts
Default how to analyze a DOS attack?

I think some script kiddie or similar is having fun targeting my server. happened about 3 times in the last 3 weeks. server would come to a stand still and all I can still see is that all 4GB of RAM is begin used and about 5GB of swapping done. countless apache2 threads and php-cgi processes. Munin show a huge spike in traffic.
everything is becoming so slow that only a reboot can help.

now how would I analyze my log files to see which site was being targeted and which IP or IPs the attack came from?

can one use some iptables rules to block i.e. incoming packets from any IPs that are asking for a site too often, within certain limits?

I did a search for some tools and found these 3

http://www.rfxn.com/projects/advanced-policy-firewall/
http://www.rfxn.com/projects/process-resource-monitor/
http://www.rfxn.com/projects/system-integrity-monitor/

but do I really need something like that?

I already added mod_dosevasive but that won't help that much since the apache and php_cgi processes still get spawned even though the visitor gets a 403 error he has still kept my server busy.

any advice and help here?
Reply With Quote
Sponsored Links
 

Bookmarks

Tags
attack, dos

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Why do I see message about Apache, CPanel & WHM. I don't run cpanel! websissy Installation/Configuration 3 18th November 2008 22:16
Am I experiencing a DOS attack? badgerbox76 Server Operation 5 11th October 2008 00:07
mod_evasive & svn (webdav) (or preventing DoS) Karel Server Operation 0 4th August 2008 11:52
System attack message from logcheck Hagforce Server Operation 6 30th August 2006 16:07
Isp Says Dos Attack Being Conducted ZebraCobra Server Operation 3 20th December 2005 16:18


All times are GMT +2. The time now is 06:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.