Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > big deal on /var/log/messages


big deal on /var/log/messages




Posted by mixmox, 11-26-2010, 09:03 AM
hello. after we refuse a huge ddos attack and delete user acc from serrver. is increase MB and GB every minute . after an hour /var/log/messages size is 30 GB or some times near 60 GB. and only this lines save on this file: Nov 26 15:59:29 server named[24296]: client 212.93.155.86#51902: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 209.85.174.85#57498: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 200.33.146.209#54267: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 213.77.5.2#34320: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 203.146.237.51#14525: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 163.121.184.222#30642: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 189.5.128.61#6004: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 212.93.155.86#63830: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 213.157.188.218#50970: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 92.52.71.241#62760: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 83.229.88.14#65216: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 64.127.100.12#49492: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 62.173.34.222#40234: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 213.42.1.165#5441: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 189.17.142.53#49919: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 212.93.158.242#33793: query (cache) 'domain.com/A/IN' denied Nov 26 15:59:29 server named[24296]: client 83.149.52.10#53388: query (cache) 'domain.com/A/IN' denied how can i prevent /var/log/messages from this lines.
Posted by cpanellover, 11-26-2010, 01:30 PM
hello, While it's technical possible to remove those messages from your logs it's not a good idea.Trust me you wanna know whenever someone is trying to attack your server however i can see your point as those messages take a lot of storage space.I would iptables those ip addresses to DROP connections whenever they try todo anything.I believe csf firewall has an option to fight logfile flooding this may not be the best advice just my 2 cents
Posted by mixmox, 11-26-2010, 01:44 PM
can you tell me more about csf option? i cant find this. you right but this is botnet attack and near 12000 ip are store on messages log file.
Posted by cpanellover, 11-26-2010, 01:57 PM
it's in firewall configuration the setting is named "LOGFLOOD_ALERT" but it looks like it won't help much as there is this text
Posted by mixmox, 11-27-2010, 01:24 AM
mm and this allert will send to which Email address?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Is my Rollover code script outdated? (Views: 715)
Need help fiding reliable reseller hosting (Views: 722)
"Apache Taxing Resources" Says Hosting Company (Views: 781)
Anti-Spam Techniques (Views: 745)
redirect html pages based on region (Views: 676)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.