Denial Of Service?

[Johnny Utah]

Hi Everyone,

I'm running Fedora 4, Apache 2, MySQL 4, PHP 4.

I'm pretty mediocre when it comes to administering Apache. I run a website and I think I was the victim of a Denial of Service attack. Pinging my website would almost always time out, or I would receive one reply and the rest would time out. Other people noticed the site being down so I know it's not a connection problem on my side.

I checked the Access logs and Error logs located at /var/log/httpd/ and I'm a little confused. Half of the text is garbled (like opening a binary file) and some of it is readable. I'm not seeing a single IP listed as accessing the site repeatedly.

I guess it could have been a firewall/router issue where the server is located.

Thoughts?

[a18u14]

Hi Everyone,

I'm running Fedora 4, Apache 2, MySQL 4, PHP 4.

I'm pretty mediocre when it comes to administering Apache. I run a website and I think I was the victim of a Denial of Service attack. Pinging my website would almost always time out, or I would receive one reply and the rest would time out. Other people noticed the site being down so I know it's not a connection problem on my side.

I checked the Access logs and Error logs located at /var/log/httpd/ and I'm a little confused. Half of the text is garbled (like opening a binary file) and some of it is readable. I'm not seeing a single IP listed as accessing the site repeatedly.

I guess it could have been a firewall/router issue where the server is located.

Thoughts?

put up a network monitoring tool like
"ntop" & monitor what's happening. who r accessing ur servers , which ip's & what protocols.
u'll get a fair idea with the reports generated by ntop.

let me know further progress.

[Johnny Utah]

I still don't know why the Apache logs are all screwed up. But the message logs showed a brute force attack, attempts to SSH in. The rapidity of the SSH login attempts created a side effect similar to a DoS. We're working on banning the offending IPs.