Denial Of Service?
I'm running Fedora 4, Apache 2, MySQL 4, PHP 4.
I'm pretty mediocre when it comes to administering Apache. I run a website and I think I was the victim of a Denial of Service attack. Pinging my website would almost always time out, or I would receive one reply and the rest would time out. Other people noticed the site being down so I know it's not a connection problem on my side.
I checked the Access logs and Error logs located at /var/log/httpd/ and I'm a little confused. Half of the text is garbled (like opening a binary file) and some of it is readable. I'm not seeing a single IP listed as accessing the site repeatedly.
I guess it could have been a firewall/router issue where the server is located.
put up a network monitoring tool like
Originally Posted by Johnny Utah
"ntop" & monitor what's happening. who r accessing ur servers , which ip's & what protocols.
u'll get a fair idea with the reports generated by ntop.
let me know further progress.
I still don't know why the Apache logs are all screwed up. But the message logs showed a brute force attack, attempts to SSH in. The rapidity of the SSH login attempts created a side effect similar to a DoS. We're working on banning the offending IPs.