Find the answer to your Linux question:
Results 1 to 3 of 3
Hi Everyone, I'm running Fedora 4, Apache 2, MySQL 4, PHP 4. I'm pretty mediocre when it comes to administering Apache. I run a website and I think I was ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! Johnny Utah's Avatar
    Join Date
    Jul 2007
    Location
    San Francisco
    Posts
    10

    Denial Of Service?


    Hi Everyone,

    I'm running Fedora 4, Apache 2, MySQL 4, PHP 4.

    I'm pretty mediocre when it comes to administering Apache. I run a website and I think I was the victim of a Denial of Service attack. Pinging my website would almost always time out, or I would receive one reply and the rest would time out. Other people noticed the site being down so I know it's not a connection problem on my side.

    I checked the Access logs and Error logs located at /var/log/httpd/ and I'm a little confused. Half of the text is garbled (like opening a binary file) and some of it is readable. I'm not seeing a single IP listed as accessing the site repeatedly.

    I guess it could have been a firewall/router issue where the server is located.

    Thoughts?

  2. #2
    Just Joined!
    Join Date
    Aug 2007
    Posts
    33
    Quote Originally Posted by Johnny Utah View Post
    Hi Everyone,

    I'm running Fedora 4, Apache 2, MySQL 4, PHP 4.

    I'm pretty mediocre when it comes to administering Apache. I run a website and I think I was the victim of a Denial of Service attack. Pinging my website would almost always time out, or I would receive one reply and the rest would time out. Other people noticed the site being down so I know it's not a connection problem on my side.

    I checked the Access logs and Error logs located at /var/log/httpd/ and I'm a little confused. Half of the text is garbled (like opening a binary file) and some of it is readable. I'm not seeing a single IP listed as accessing the site repeatedly.

    I guess it could have been a firewall/router issue where the server is located.

    Thoughts?
    put up a network monitoring tool like
    "ntop" & monitor what's happening. who r accessing ur servers , which ip's & what protocols.
    u'll get a fair idea with the reports generated by ntop.

    let me know further progress.

  3. #3
    Just Joined! Johnny Utah's Avatar
    Join Date
    Jul 2007
    Location
    San Francisco
    Posts
    10
    I still don't know why the Apache logs are all screwed up. But the message logs showed a brute force attack, attempts to SSH in. The rapidity of the SSH login attempts created a side effect similar to a DoS. We're working on banning the offending IPs.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •