Problem with my Apache (attacks on my webserver)

Alles, was den Apache betrifft, kann hier besprochen werden.

Problem with my Apache (attacks on my webserver)

Postby iomega » 09. February 2015 11:00

Dear guys,
I have a serious problem with my server.
Sometimes (often at the night), we have an attack on my HTTP (Port 80) and I checked with netstat commands with a lot of switches and features and the only one thing I can understand from these netstat commands is : There are a lot of TCP Connection (on 80 Port) with no IP ! Unfortunately there are a lot of load on my Server Loads.
And when we are restarted the web server all of those connection will be lost and no loads continued on the server and there is no more load on the server until the attack will start.
For example you can watch the result after restarting webserver (apache) about 2 minutes after attack :

[root@hosted-by ~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
1 servers)
1 Address

The one thing that makes me amazing is : with number of 100 to 150 TCP Connections (on port 80),the loads for my server (a server with 4 GB of RAM and 4 Core Xeon cpu) will grew up to 110 % !
I tried to trace the issue with tcpdump sniffer and I couldn’t find any result from tcpdump.
I just saw some arp packets in tcpdump report from some neighbor IPs on Data Centers (in the same range with my server’s IP address).And now I couldn’t see the IP addresses in tcpdump results again.
What’s your opinion to find the solution for this problem?
I guess that it is something like DOS attack with a new unknown method
Thanks all.
Posts: 1
Joined: 09. February 2015 10:59
Operating System: Linux Centos

Re: Problem with my Apache (attacks on my webserver)

Postby Nobbie » 09. February 2015 15:17

iomega wrote:What’s your opinion to find the solution for this problem?

I would try to ask in an APPROPRIATE forum, Apache forum is surely not appropriate. Any TCPIP forum with DDOS forum or similar (unfortunately i dont know any).
Posts: 10430
Joined: 09. March 2008 13:04

Return to Apache

Who is online

Users browsing this forum: No registered users and 4 guests