Think I'm being Ddosed

Discussion in 'Installation/Configuration' started by Boon-Dog-Danny, Aug 19, 2006.

  1. Boon-Dog-Danny

    Boon-Dog-Danny New Member

    so I'm trying to find the error_log to see whats calling the site .. this started about 9:00pm last night.. VERY SLOW Site.. then it went off line.. my site security is getting some of it but I need to find out whats hitting the site to crash it.. what logs do I check access logs? where are they? I use suse 10.1 from the perfect setup.. I need the logs that will give me the ips calling the http.. everything else works.

    I end up finding the apache2 error_log but its so large I cant even get past 1% on the scroll down.. and its pretty much this

    [Fri Aug 18 12:00:51 2006] [error] an unknown filter was not added: PHP
    [Fri Aug 18 12:00:58 2006] [error] [client ::1] Directory index forbidden by Options directive: /srv/www/htdocs/
    [Fri Aug 18 12:01:05 2006] [error] [client ::1] Directory index forbidden by Options directive: /srv/www/htdocs/
    [Fri Aug 18 12:01:06 2006] [error] an unknown filter was not added: PHP

    how do I check who or whats hammering
  2. edge

    edge Active Member Moderator

  3. Boon-Dog-Danny

    Boon-Dog-Danny New Member

    I read that and did it.. edited the file I dont understand when falko said edit the site? edit what? and how do I delete the file thats already there?
  4. edge

    edge Active Member Moderator

    What he is saying is.

    Make a small change to the site in ISPconfig like enabling SSH and than disabling it again or disable PHP and than enable it again.

    This will make ISPconfig reload all the needed files (like the one you made the change in)
  5. Boon-Dog-Danny

    Boon-Dog-Danny New Member

    ok well that effectively shut off everything.. ok since I have tried pretty much everything there a way to get the html to come back up?? everything is running .. yet no site now??? yes I even put back the

    $go_info["server"]["apache2_php"] = 'both';

    in the file /home/admispconfig/ispconfig/lib/

    and added and removed a sql database.. nothing? any ideas?
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Please change:

    $go_info["server"]["apache2_php"] = 'both';


    $go_info["server"]["apache2_php"] = 'addtype';

    in the ISPConfig configuration file. Then change a setting in one of your websites to tell ISPConfig to rewrite the vhosts file. If your server does not serve any html pages anymore, run:

    httpd -t

    on the commandline and post the error message to the forum.
  7. Boon-Dog-Danny

    Boon-Dog-Danny New Member

    ok Till thanks.. I'll do that as soon as I get my business line working again.. an update.. this is what has happened.. the reason everything went south.. you'll love this. as you see from the first post I stated someone was hitting the site.. well how about that.. I was right.. and it was gee's.. ok so my business line has a control deal where I can set a firewall.. all sorts of goofy stuff I can block like xxx sites etc etc so I notice I cant block these three Ip's.. no matter what.. and they filled my harddrive with these error messages.. FILLED IT.. I have an error message thats like 50 so anyway I finially called and what was up.. I had done a lookup to see who it was and come to find its a comcast ip.. so I figure I ask if they could do something.. wel well well.. guess what.. its comcast all right.. its the techs and they have screwed up my line and pretty much screwed everything.. so they say to me.. oh my god.. no lie.. again Oh My God.. ok we have a serious issue here I'll have someone out tomorrow we are really sorry ...

    Oh that just makes me feel so much better.. dont you feel better?
    anyway they have flashed this so much in the last few hours that I'm thinking I'll be lucky to get anything working again..
    ANYWAY I'm thinking the dns is somehow screwed because I just get nothing now.. so after the comcast guy is done I'll do what I can and post what I find.. Thanks ton Till

Share This Page