Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, sorry if I'm a little "green," I've got an Amazon EC2 linux server. My website stopped responding. I tried to SSH in and also did not get a response. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2011
    Posts
    1

    Exclamation Unresponsive server. Hacked? Crashed? How do I tell what happened?


    Hi, sorry if I'm a little "green,"

    I've got an Amazon EC2 linux server. My website stopped responding. I tried to SSH in and also did not get a response. Amazon EC2 Management Console said it was still running fine. I could ping it, but web and ssh were not responding. I rebooted the instance and it came back up working fine.

    I'm trying to look through the logs and I'm seeing nothing that helps. Amazon shows a single spike in disk read/write at 7am. My httpd access log showsa stop in file requests at 7am, but domain requests continued. I checked /var/log/secure and /var/log/messages and both don't have anything from 7am until I rebooted 3 hours later. It does show a ton of ssh failed attempts that stopped around 5am.

    Is there somewhere else I should look? Is there a change I need to make in logging?

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,755
    It sounds like you were the victim of a DOS (Denial of Service) attack. Make sure you don't allow root access via ssh, and make sure that your passwords are not easy for a dictionary attack to break. Then, when you login to maintain the system via ssh, you can su to root, providing the appropriate root password, should you need that level of admin access directly. Does Amazon EC2 services have the ability to enable a watchdog timer on the system? If so, then you can use that to automatically reboot the system if it becomes unresponsive again in the future. Not a panacea, but it will let you recover more gracefully from such attacks.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Banned
    Join Date
    Nov 2011
    Location
    India
    Posts
    29
    try to setup some monitoring tools like nagios, in case high cpu or memory occurs that can alarm u and also setup PAM module if someone fails for login for incorrect password that user should be block for next 15 or 20 mnts like this...

    Setup firewall for incase anyone any IP is trying to hit ur server 10 or 8 times in a minute that IP should blocked for next few mnutes or permanent....for this problem if related to apache then use mod_evasive

    Thanks
    manoj

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •