akia
Well-known member
I think my server is being DDOS, I've noticed a spike in my servers load and just been checking into it.
I've noticed that APC is serving the following:
Request Rate (hits, misses) 515.88 cache requests/second
Hit Rate 515.38 cache requests/second
Miss Rate 0.50 cache requests/second
Insert Rate 0.78 cache requests/second
Now I've checked with my getclicky stats and I'm showing 6 people online, and i've noticed in the past even when busy there is only normally 50 cache requests a second. So something is up.
I've also noticed that:
t/library/Zend/Validate/Hostname/Com.php
has been hit 546515 times in the last hour, when library/config.php for example has only been hit 3785 times.
when i do netstat -apn | grep :80 | wc -l I've got connections 1039 open.
and when I do netstat -n|grep :80|cut -c 45-|cut -f 1 -d ':'|sort|uniq -c|sort -nr|more
I get :
482 109.123.108.*
126 94.99.15.*
121 82.36.240.*
121 81.156.252.*
120 86.3.147.*
119 94.172.151.*
119 86.14.150.*
67 196.47.168.*
57 92.40.253.*
51 94.169.76.*
43 178.111.218.*
41 2.217.54.*
32 94.4.185.*
31 94.197.127.*
28 89.142.223.*
and more (i've * out the last bits)
So do you think my suspicions are correct. I'm not sure what I'm meant to be looking for. Also where would you suggest my next steps should be, while my sever isn't breaking out in a sweat, I'd like to put a stop to it if possible.
Also where in my server logs would I be able to find detials of the ip address there the attach are coming from, as I'd like to make sure its reported the the ISp's abuse teams.
I've noticed that APC is serving the following:
Request Rate (hits, misses) 515.88 cache requests/second
Hit Rate 515.38 cache requests/second
Miss Rate 0.50 cache requests/second
Insert Rate 0.78 cache requests/second
Now I've checked with my getclicky stats and I'm showing 6 people online, and i've noticed in the past even when busy there is only normally 50 cache requests a second. So something is up.
I've also noticed that:
t/library/Zend/Validate/Hostname/Com.php
has been hit 546515 times in the last hour, when library/config.php for example has only been hit 3785 times.
when i do netstat -apn | grep :80 | wc -l I've got connections 1039 open.
and when I do netstat -n|grep :80|cut -c 45-|cut -f 1 -d ':'|sort|uniq -c|sort -nr|more
I get :
482 109.123.108.*
126 94.99.15.*
121 82.36.240.*
121 81.156.252.*
120 86.3.147.*
119 94.172.151.*
119 86.14.150.*
67 196.47.168.*
57 92.40.253.*
51 94.169.76.*
43 178.111.218.*
41 2.217.54.*
32 94.4.185.*
31 94.197.127.*
28 89.142.223.*
and more (i've * out the last bits)
So do you think my suspicions are correct. I'm not sure what I'm meant to be looking for. Also where would you suggest my next steps should be, while my sever isn't breaking out in a sweat, I'd like to put a stop to it if possible.
Also where in my server logs would I be able to find detials of the ip address there the attach are coming from, as I'd like to make sure its reported the the ISp's abuse teams.