Server under attack

Discussion in 'Server Operation' started by varunkrish, Feb 10, 2009.

  1. varunkrish

    varunkrish New Member

    Hi friends

    my vps has been almost dead for past 3 days during peak loads

    i ran this commend to check if i was under any attack

    Code:
    netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
    Code:
        4 61.1.221.217
        4 61.95.197.24
        4 66.249.85.85
        4 72.20.109.34
        5 116.193.132.254
        5 122.161.225.120
        5 122.162.54.206
        5 122.169.242.230
        5 159.51.236.201
        5 192.8.211.11
        5 202.70.77.158
        5 210.212.84.115
        5 59.90.184.47
        5 59.94.197.50
        5 64.255.180.59
        5 72.46.126.117
        6 117.196.214.12
        6 125.19.23.50
        6 127.0.0.1
        6 59.164.1.118
        6 59.97.184.234
        6 59.97.32.24
        6 63.110.158.55
        7 116.72.43.219
        7 124.30.49.75
        7 203.189.181.135
        7 63.110.148.115
        8 117.197.96.46
        8 125.161.183.139
        9 64.255.180.27
        9 64.255.180.60
       10 125.63.106.224
       10 212.70.33.210
       11 202.89.67.230
       12 59.180.133.85
       12 64.255.180.23
       13 210.212.62.88
       15 210.212.113.5
       20 125.21.88.245
       23 220.224.202.205
       29 0.0.0.0
       43 220.225.53.140
       50 202.148.207.94
    There are this many connections from single ip addresses .. is it normal ..

    also Wordpress is causing problems

    blog/index.php is what i see most in my WHM Cpu usage

    Im with servint and my config is as follows

    2 GB Guaranteed (4 GB Burst RAM)
    1 CPU Core Guaranteed (Burst to 4 Cores)
    Hardware RAID 10
    CentOS 5 Operating System

    I have not had any issues till last week. There is no jump in traffic .

    Traffic levels are rather same but vps is going down all the time.

    The server also has vbulletin installed .
    I disabled the same for now .

    I ran a mysqlreport utility just now and here is how my numbers look like

    Code:
    MySQL 5.0.67-community-  uptime 0 1:7:32        Tue Feb 10 04:18:01 2009
    
    __ Key _________________________________________________________________
    Buffer used     3.69M of   8.00M  %Used:  46.20
      Current       4.59M            %Usage:  57.41
    Write hit      99.73%
    Read hit       99.81%
    
    __ Questions ___________________________________________________________
    Total         320.54k    79.1/s
      QC Hits     183.32k    45.2/s  %Total:  57.19
      Com_         64.72k    16.0/s           20.19
      DMS          44.15k    10.9/s           13.77
      COM_QUIT     28.08k     6.9/s            8.76
      +Unknown        274     0.1/s            0.09
    Slow 5 s          248     0.1/s            0.08  %DMS:   0.56  Log:  ON
    DMS            44.15k    10.9/s           13.77
      SELECT       35.57k     8.8/s           11.10         80.56
      UPDATE        8.55k     2.1/s            2.67         19.36
      INSERT           20     0.0/s            0.01          0.05
      DELETE           13     0.0/s            0.00          0.03
      REPLACE           0       0/s            0.00          0.00
    Com_           64.72k    16.0/s           20.19
      change_db    62.45k    15.4/s           19.48
      show_fields     959     0.2/s            0.30
      show_tables     716     0.2/s            0.22
    
    __ SELECT and Sort _____________________________________________________
    Scan            4.64k     1.1/s %SELECT:  13.04
    Range           3.51k     0.9/s            9.86
    Full join           5     0.0/s            0.01
    Range check         0       0/s            0.00
    Full rng join       0       0/s            0.00
    Sort scan       4.77k     1.2/s
    Sort range      5.25k     1.3/s
    Sort mrg pass       0       0/s
    
    __ Query Cache _________________________________________________________
    Memory usage   20.84M of  24.00M  %Used:  86.82
    Block Fragmnt  14.10%
    Hits          183.32k    45.2/s
    Inserts        29.11k     7.2/s
    Insrt:Prune    6.60:1     6.1/s
    Hit:Insert     6.30:1
    
    __ Table Locks _________________________________________________________
    Waited          1.57k     0.4/s  %Total:   1.92
    Immediate      80.32k    19.8/s
    
    __ Tables ______________________________________________________________
    Open              336 of 1800    %Cache:  18.67
    Opened            382     0.1/s
    
    __ Connections _________________________________________________________
    Max used          173 of  200      %Max:  86.50
    Total          28.08k     6.9/s
    
    __ Created Temp ________________________________________________________
    Disk table      3.73k     0.9/s
    Table           6.37k     1.6/s    Size:  64.0M
    File                0       0/s
    
    __ Threads _____________________________________________________________
    Running             4 of   28
    Cached              5 of    8      %Hit:  73.72
    Created         7.38k     1.8/s
    Slow              346     0.1/s
    
    __ Aborted _____________________________________________________________
    Clients             0       0/s
    Connects           87     0.0/s
    
    __ Bytes _______________________________________________________________
    Sent          668.68M  165.0k/s
    Received      102.41M   25.3k/s
    
    __ InnoDB Buffer Pool __________________________________________________
    Usage               0 of       0  %Used:   0.00
    Read hit        0.00%
    Pages
      Free              0            %Total:   0.00
      Data              0                      0.00 %Drty:   0.00
      Misc              0                      0.00
      Latched           0                      0.00
    Reads               0       0/s
      From file         0       0/s            0.00
      Ahead Rnd         0       0/s
      Ahead Sql         0       0/s
    Writes              0       0/s
    Flushes             0       0/s
    Wait Free           0       0/s
    
    __ InnoDB Lock _________________________________________________________
    Waits               0       0/s
    Current             0
    Time acquiring
      Total             0 ms
      Average           0 ms
      Max               0 ms
    
    __ InnoDB Data, Pages, Rows ____________________________________________
    Data
      Reads             0       0/s
      Writes            0       0/s
      fsync             0       0/s
      Pending
        Reads           0
        Writes          0
        fsync           0
    
    Pages
      Created           0       0/s
      Read              0       0/s
      Written           0       0/s
    
    Rows
      Deleted           0       0/s
      Inserted          0       0/s
      Read              0       0/s
      Updated           0       0/s
    Locks are pretty bad ...

    How best can i solve this problem ?

    Please help me trace the same

    Thanks
     
  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    You could generally try to optimize your mysqld config, e.g. with the help of the mysql tuning primer script: http://www.day32.com/MySQL/
     

Share This Page