Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 23rd January 2012, 11:35
Ovidiu Ovidiu is offline
Senior Member
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default how to analyze a DOS attack?

I think some script kiddie or similar is having fun targeting my server. happened about 3 times in the last 3 weeks. server would come to a stand still and all I can still see is that all 4GB of RAM is begin used and about 5GB of swapping done. countless apache2 threads and php-cgi processes. Munin show a huge spike in traffic.
everything is becoming so slow that only a reboot can help.

now how would I analyze my log files to see which site was being targeted and which IP or IPs the attack came from?

can one use some iptables rules to block i.e. incoming packets from any IPs that are asking for a site too often, within certain limits?

I did a search for some tools and found these 3


but do I really need something like that?

I already added mod_dosevasive but that won't help that much since the apache and php_cgi processes still get spawned even though the visitor gets a 403 error he has still kept my server busy.

any advice and help here?
Reply With Quote
Sponsored Links
Old 25th January 2012, 16:48
Ovidiu Ovidiu is offline
Senior Member
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts

I have done some reading and I think I am looking for a cross between Fail2ban and mod_dosevasive.

Any advice for me pelase?
Reply With Quote


attack, dos

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Why do I see message about Apache, CPanel & WHM. I don't run cpanel! websissy Installation/Configuration 3 18th November 2008 23:16
Am I experiencing a DOS attack? badgerbox76 Server Operation 5 11th October 2008 01:07
mod_evasive & svn (webdav) (or preventing DoS) Karel Server Operation 0 4th August 2008 12:52
System attack message from logcheck Hagforce Server Operation 6 30th August 2006 17:07
Isp Says Dos Attack Being Conducted ZebraCobra Server Operation 3 20th December 2005 17:18

All times are GMT +2. The time now is 23:13.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.