PDA

View Full Version : DDoS


TheInsaneManiac
11 Jul 2008, 06:33
I believe I am under DDoS attack. My server just keeps loading and loading then when it doesn't load, it says "The Connection has been Reset". So am I undergoing an attack? My server load is only like .08 so IDK why I would be. If I reset the server, the site loads for a few minutes and then back down... Any advice at all?

Dismounted
11 Jul 2008, 06:56
Have you asked your host?

TheInsaneManiac
11 Jul 2008, 07:03
They are stupid...

royo
11 Jul 2008, 07:09
What kind of hosting environment are you using? Also, what are the results of the top command when it has problems?

TheInsaneManiac
11 Jul 2008, 07:23
I'm running a VPS with Plesk OS.

What did you mean by top command?

royo
11 Jul 2008, 07:34
Type the top command in SSH after you log in and paste the results here, it may or may not show a problem.

TheInsaneManiac
11 Jul 2008, 07:44
[root@localhost ~]# top
top - 23:43:33 up 31 min, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 40 total, 1 running, 38 sleeping, 0 stopped, 1 zombie
Cpu(s): 0.0% us, 0.0% sy, 0.0% ni, 100.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 32783540k total, 174032k used, 32609508k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 18 0 1668 624 540 S 0.0 0.0 0:03.32 init
1851 root 15 0 4324 1064 760 S 0.0 0.0 0:00.00 sshd
1863 root 18 0 2092 872 700 S 0.0 0.0 0:00.06 xinetd
1959 qmails 16 0 1520 428 324 S 0.0 0.0 0:00.04 qmail-send
1961 qmaill 18 0 1480 464 396 S 0.0 0.0 0:00.00 splogger
1962 root 18 0 1508 376 284 S 0.0 0.0 0:00.00 qmail-lspawn
1963 qmailr 15 0 1500 388 292 S 0.0 0.0 0:00.00 qmail-rspawn
1964 qmailq 18 0 1472 352 284 S 0.0 0.0 0:00.00 qmail-clean
1997 root 18 0 34224 14m 8216 S 0.0 0.0 0:00.18 httpd
2029 root 20 0 20116 4576 392 S 0.0 0.0 0:00.00 httpd
2031 named 22 0 36876 3260 1956 S 0.0 0.0 0:00.41 named
3165 apache 15 0 43796 20m 5008 S 0.0 0.1 0:01.26 httpd
3167 root 24 0 2224 1136 972 S 0.0 0.0 0:00.00 mysqld_safe
3217 mysql 15 0 100m 15m 4720 S 0.0 0.0 0:01.37 mysqld
3229 apache 15 0 43680 20m 5052 S 0.0 0.1 0:02.11 httpd
3323 apache 15 0 43480 20m 4988 S 0.0 0.1 0:01.08 httpd
3324 apache 15 0 43352 20m 4980 S 0.0 0.1 0:01.14 httpd

royo
11 Jul 2008, 07:48
Doesn't show anything out of the ordinary. What was your hosts' answer?

TheInsaneManiac
11 Jul 2008, 08:02
Doesn't show anything out of the ordinary. What was your hosts' answer?
They think the CPU is shot, due to the fact, that my load average is now 0.0. I mean look at the log above, the CPU doesn't even show to be working.

royo
11 Jul 2008, 08:06
CPUs rarely break down. Is this problem occurring on other VPSs on the same machine?

TheInsaneManiac
11 Jul 2008, 18:22
CPUs rarely break down. Is this problem occurring on other VPSs on the same machine?
No clue. The guy did say his call volume went from 2 to 37 in less than a few seconds.