Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > cpanel high load for 5 minutes - ddos?


cpanel high load for 5 minutes - ddos?




Posted by SAHostKing, 03-19-2016, 01:18 PM
Hi guys Getting these frequently and then I check the email which the information and check netstat which shows something like: tcp 0 0 1.2.3.4:993 105.226.215.190:54949 ESTABLISHED 225665/dovecot/imap tcp 0 60323 1.2.3.4:80 173.254.28.74:45946 FIN_WAIT1 - tcp 0 0 1.2.3.4:80 119.147.225.85:41667 TIME_WAIT - tcp 0 0 1.2.3.4:993 52.34.98.174:44236 ESTABLISHED 225665/dovecot/imap tcp 0 26280 1.2.3.4:80 103.224.214.2:64300 ESTABLISHED 70582/litespeed (ls tcp 0 0 1.2.3.4:80 197.242.148.203:39409 TIME_WAIT - Does the above mean as it is in send-q column a ddos? or is it something else to look for? Whenever I get these emails it always seems to be IP addresses outside of our country so not local to South African IP ranges hence my assumption is ddos?
Posted by UNIXy, 03-19-2016, 02:18 PM
These log entries aren't enough to establish evidence of a DDoS. Best
Posted by SAHostKing, 03-19-2016, 03:36 PM
OK thanks I enabled CT_LIMIT in CSF which I see was off on some servers which seems to show me too many connections from these IPS in TIMEWAIT. So it blocks it - hope this works.
Posted by copahost, 03-19-2016, 07:42 PM
Try this: netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n it will print the IP address with connections , grouped and ranked.
Posted by tech-for-you, 03-21-2016, 05:40 AM
Hi, Does this load issue affects at a certain time? If yes, check if any crons running at that time. If it is not a certain time, get the top result when the load spikes and also provide the result of the below commands when the load spikes. +++++ netstat -ntu | awk ' $5 ~ /^[0-9]/ {print $5}' | cut -d: -f1 | sort | uniq -c | sort -n mysqladmin proc +++++
Posted by copahost, 03-21-2016, 06:55 AM
iptraf is also a nice tool to mitigate your in/out traffic To install it: #yum install iptraf and then #iptraf


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
MySQL Server (Views: 668)
PHP running as CGI or FCGI (Views: 715)
Can iptables be used to protect against DDoS? (Views: 725)
SimpleDNS - Basic fast dns query tools. (Views: 779)
Installing subversion on Centos (Views: 664)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.