[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 28 Sep 2015, Matt Stevenson wrote:
Its a cpanel server hosting a few websites and I have been looking in /usr/local/domlogs to identify which bots we want to visit and those that are there to disrupt or worse. I have not knowingly pissed off any competitors in Ukraine, Russia, Indonesia and China. This command helped a bit to establish whose connecting to the web host. netstat -anp | grep :80 | grep ESTABLISHED Googled for Linux DDos attacks. Few sites out there helped https://www.liquidcomm.net/how-to-manage-a-ddos-or-dos-attempt-directed-at-your-linux-server.html Now looking for an open source local script or perhaps I need to connect with a Linux security company.
Maybe you just need to stop looking at the logs.You will get probes, and 1000's of random robots trying to look for malware entry points, broken forums, etc. this is a fact of hosting life. I have a couple of dozen servers in a data center and it's really just background noise. They all see random posts, etc. It won't go away.
Use iftop on the server to see if it's really a (distributed) denial of service attack, or just random script kiddies (and professionals) trying to break in.
Actually, if you can still use cpanel on it, then it's not being DOSsed. Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq