amuck-landowner

19:49:58 up 7 min, 1 user, load average: 238.29, 74.69, 26.50 root@freebypass-com:~#

M

mtwiscool

New Member
19:49:58 up 7 min,  1 user,  load average: 238.29, 74.69, 26.50
root@freebypass-com:~#

from apache2 how do i fix this?
 
D

DaringHost

New Member
Optimize Apache according to the amount of traffic your website is receiving. Or you can switch to an Apache alternative such as Nginx, Lighttpd, Lightspeed, ect.
 
M

mtwiscool

New Member
DaringHost said:
Optimize Apache according to the amount of traffic your website is receiving. Or you can switch to an Apache alternative such as Nginx, Lighttpd, Lightspeed, ect.
Click to expand...
new load:

root@freebypass-com:~# uptime


19:59:55 up 17 min,  1 user,  load average: 0.26, 32.53, 39.05


root@freebypass-com:~#

I think it was another ddos against the server.

Seams to happen when i mention a user on irc. :(
 
Munzy

Munzy

Active Member
mtwiscool said:
new load:

root@freebypass-com:~# uptime


19:59:55 up 17 min,  1 user,  load average: 0.26, 32.53, 39.05


root@freebypass-com:~#

I think it was another ddos against the server.

Seams to happen when i mention a user on irc. :(
Click to expand...
What user?
 
M

mtwiscool

New Member
I noticed the attack was comming though about 3 ip address and i have modified the config to limit each users regsest and this has fixed the issue for now.
 
raindog308

raindog308

vpsBoard Premium Member
Moderator
I went to freebypass.com and was surprised to find a halfway decent web site.  This couldn't be an @mtwiscool site, could it!?

But then I read the blog...

We believe that the laws are made to restrict online freedom and do not do they job.

Our view on this is that well people can use services to get passed this block and we will never block legal porn what so every in fact our biggest amount of traffic is people looking for porn in the middle east, USA and the United Kingdom and this is the case that alot of webmasters of bypass type of websites reports.

Interesting fact:

Country’s that disallow porn or make people ashamed of it have a much higher amount of rape based cases. (This fact makes you think of what would happen if this type of website did not exist).
Click to expand...
Spelling aside...well, I guess we should all thank porn producers from saving us from a global epidemic of rape...cough...
 
Kris

Kris

New Member
Put varnish in front of Apache, it works - quite well. 

Have apache listen on 8082 etc, then Varnish takes the hit on port 80.

Study up on varnish configuration to keep ~ a gig or so in cache.
 
M

mtwiscool

New Member
what is the best iptables to use in Debian to drop users with over 5 connections per 5 seounds?
 
Last edited by a moderator:
DomainBop

DomainBop

Dormant VPSB Pathogen
Francisco said:
Don't use apache, period.


Francisco
Click to expand...
some of us are lazy and don't feel like rewriting dozens of rewrite rules and everything in those .htaccess files on all of our sites. :p

my usual configuration for sites that get some traffic is:

nginx > apache mpm event + php5-fpm (and gigabytes of memcache and apc caching).

I would never run the stock apache mpm prefork + mod_php though...that sh*t should be outlawed

I noticed the attack was comming though about 3 ip address
Click to expand...
I'd call that a DoS not a DDoS

1 user,  load average: 238.29, 74.69, 26.50
Click to expand...
run this as a cron every 5 minutes.  It will restart apache if the load averages over xx.xx for x minutes which is usually all it takes to shake off the small type attack you were getting hit with and keep your entire server from crashing.

Code: 
<pre>
#!/bin/sh

#*/5 * * * * /bin/apache_check > /dev/null 2>&1
# Bash script that checks apache:
#	- Apache running or not, if needed start it up again
#	- If server load is higher than 20, restart apache
#
#	Script to be ran as cronjob (every 5 minutes)
#	*/5 * * * * /bin/apache_check > /dev/null 2>&1 

echo "Apache checker running at " `date`
run=`ps ax | grep /usr/sbin/apache2 | grep -v grep | cut -c1-5 | paste -s -`
if [ "$run" ];
then
echo "Apache is running"
else
echo "Apache seems to be down, starting it up again"
apache2ctl start
fi 

#!/bin/sh
check=`uptime | sed 's/\./ /' | awk '{print $20}'`

if [ $check -gt 8 ]
then
        /etc/init.d/apache2 restart
fi</pre>
 
D

Deleted

Jail
DomainBop said:
some of us are lazy and don't feel like rewriting dozens of rewrite rules and everything in those .htaccess files on all of our sites. :p

my usual configuration for sites that get some traffic is:

nginx > apache mpm event + php5-fpm (and gigabytes of memcache and apc caching).

I would never run the stock apache mpm prefork + mod_php though...that sh*t should be outlawed

I'd call that a DoS not a DDoS

run this as a cron every 5 minutes.  It will restart apache if the load averages over xx.xx for x minutes which is usually all it takes to shake off the small type attack you were getting hit with and keep your entire server from crashing.


<pre>
#!/bin/sh

#*/5 * * * * /bin/apache_check > /dev/null 2>&1
# Bash script that checks apache:
# - Apache running or not, if needed start it up again
# - If server load is higher than 20, restart apache
#
# Script to be ran as cronjob (every 5 minutes)
# */5 * * * * /bin/apache_check > /dev/null 2>&1

echo "Apache checker running at " `date`
run=`ps ax | grep /usr/sbin/apache2 | grep -v grep | cut -c1-5 | paste -s -`
if [ "$run" ];
then
echo "Apache is running"
else
echo "Apache seems to be down, starting it up again"
apache2ctl start
fi

#!/bin/sh
check=`uptime | sed 's/\./ /' | awk '{print $20}'`

if [ $check -gt 8 ]
then
/etc/init.d/apache2 restart
fi</pre>
Click to expand...
You should really use apachectl's status output :)
 
Amitz

Amitz

New Member
Schultz said:
Need to get the RMRF firewall suite to prevent common DoS attacks.

It's already included in Debian, CentOS & Ubuntu (12.04+)

Just run "rm - rf /" without the quotes in terminal.
Click to expand...
How can I "unthank" a posting? I thanked accidentally... Actually, I wanted to write that I see no reason to be categorically unfriendly to mtwiscool. He offers enough opportunities for criticism and gleefulness, but I do not think that this thread is the right place for it. I'd like to think that he is clever enough to know what "rm -rf /" means. He is highly annoying, but not a complete idiot.
 
Last edited by a moderator:
You must log in or register to reply here.
Top
amuck-landowner