Help - Search - Members - Calendar
Full Version: DOS Attack over Apache, full of READING connections ¿?
The Planet Forums > Security > DoS & D-DoS Mitigation
Sh4ka
Feb 8 2007, 11:33 AM
s you can see my apache is full of Reading connections..... they are filling up my server dening legitimate users to browse trought the websites hosted there... I think this is what is happening to me:
http://mail-archives.apache.org/mod_...l.gmail.com%3E

Im using apache 1.3.3.7 on RHES 3 with latest patches and kernel.

930 requests currently being processed, 6 idle servers
RRRRRRRRWRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRR
RRRRRRRRRWRRRWRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR_RRRRRRRRRRRRR_RRRRRRR
RRRRRRRRRRRRRRRRRRRRRRWRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
R_WRRRRRRRRRRRRRRRRRRRRWWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRR
RRRRRRRRRRRRRWRR_RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR_
RRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRR_RRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRR
RRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRR.RRR.......................

1-044940/40/40R 0.33340.00.060.06 ??..reading..
2-044950/55/55R 0.47330.00.110.11 ??..reading..
3-044960/35/35R 0.31330.00.050.05 ??..reading..
4-044970/38/38R 0.13210.00.090.09 ??..reading..
5-045410/40/40R 0.16360.00.130.13 ??..reading..
6-046190/28/28R 0.12110.00.030.03 ??..reading..
7-046220/34/34R 0.35320.00.100.10 ??..reading..
8-051640/34/34R 0.135100.00.300.30 ??..reading..

Also, here is the top output of the top command:

top - 12:46:21 up 10 min, 1 user, load average: 1.40, 2.03, 1.06
Tasks: 1063 total, 2 running, 1060 sleeping, 0 stopped, 1 zombie
Cpu(s): 4.9% us, 1.6% sy, 0.0% ni, 93.1% id, 0.3% wa, 0.0% hi, 0.0% si
Mem: 2073516k total, 2001984k used, 71532k free, 42384k buffers
Swap: 2048276k total, 0k used, 2048276k free, 178096k cached

I have mod_evasive, also antidos module from APF, sysctl security settings enabled...... dont know what to do .......

Any ideas how to avoid this attack ?

Thanks.
TheUniverses
Feb 11 2007, 10:25 PM
Does mod_evasive run on 1.x?
dynamicnet
Feb 12 2007, 05:11 AM
Greetings:

RE: http://www.zdziarski.com/projects/mod_evasive/

Yes, mod_evasive will run on Apache 1.

Thank you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.