am I being DDoS-ed ??

Discussion in 'General' started by pakogah, Jul 9, 2008.

  1. pakogah

    pakogah New Member

    it happen lately these days, my user complain can't access his site, and when I check I can't also, tried ssh to server can't, but I can the server properly, no time out..

    and then after I can login to server via ssh, I just stay there and doing netstat randomly while opening the site on my browser.. and when the time I can't access the site, I tried to check how many connection opened (netstat -an) it has slow response, and result were displayed later. and when the result came up, I found many connection thru port 80 from the same IP but already close_wait... (see below)

    my question, am I being DDoS-ed?? if so how do I prevent it.
    ps: I have installed Blockhost..

    thank before.

    tcp        1      0 ::ffff:      ::ffff:   CLOSE_WAIT  15781/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  15782/httpd
    tcp        1      0 ::ffff:      ::ffff:   CLOSE_WAIT  15990/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  15786/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  15995/httpd
    tcp        1      0 ::ffff:      ::ffff:   CLOSE_WAIT  15992/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  6252/httpd
    tcp        0      0 ::ffff:      ::ffff:   ESTALISHED 18532/0
    tcp        1      0 ::ffff:      ::ffff:   CLOSE_WAIT  25432/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  15788/httpd
    tcp        1      0 ::ffff:      ::ffff:   CLOSE_WAIT  15994/httpd
    tcp        0      0 ::ffff:      ::ffff:   ESTALISHED 15783/httpd
    tcp        1      0 ::ffff:      ::ffff:   CLOSE_WAIT  15965/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  20978/httpd
    tcp        0      0 ::ffff:      ::ffff:     CLOSE_WAIT  15969/httpd
    tcp        1      0 ::ffff:      ::ffff:     CLOSE_WAIT  16006/httpd
    tcp      279      0 ::ffff:      ::ffff:   ESTALISHED -
  2. falko

    falko Super Moderator ISPConfig Developer is a local IP address from your LAN...
  3. pakogah

    pakogah New Member

    correct, is my box which NAT'ed by router with public IP.
    I just curious why when these 2 IPs connect to port 80 (, how come my box became not responding. (I cant access to port 80 and 22)..

    that's all.... but with new version of Centos and ispconfig available. I'll upgrade my box and hopefully this case wont happen again
    Last edited: Feb 18, 2011
  4. falko

    falko Super Moderator ISPConfig Developer

  5. pakogah

    pakogah New Member

    after checking my server console, I found error that my server is not enough memory, and killing some process belong to httpd and mysqld. I have 640MB Memory and 1GB swap on my primary server. is that not enough ??

    hosting 22 sites (all of them using mysql DBs - for Wordpress and Joomla)
    Last edited: Feb 18, 2011
  6. falko

    falko Super Moderator ISPConfig Developer

    I think you should try to optimize Apache and MySQL. Are you using a PHP cache such as eAccelerator or Xcache? If not, you should definitely install one.
  7. pakogah

    pakogah New Member

    i'll install php eAccelator and try to configure mysql... but to optimize apache?? I never do that...

    but thanks for the tips..
    Last edited: Feb 18, 2011
  8. pakogah

    pakogah New Member

Share This Page