DoS Attack issue Site are going to down
Site and WHM were down by DoS Attack. I just got receive email. I don't know what is going. But 3 minutes to up site and WHM again.
mod_evasive was a problem or something?
- Removed Output -
cPanel tickets ID# 8782273
-
[cPanel tickets ID# 8782273]
Hello, It looks like the issue is no longer occurring based on the information in that support ticket. Feel free to update us on the outcome. Thank you.0 -
Hello, It looks like the issue is no longer occurring based on the information in that support ticket. Feel free to update us on the outcome. Thank you.
I have to ask support ticket now. If was issue or not. Check for error logs. Today a day.0 -
@cPanelMichael, Hi again. You can solve this thread. It's solved a problem on the support ticket. 0 -
You can solve this thread. It's solved a problem on the support ticket.
Could you confirm the specific solution that ultimately addressed the issue? Thank you.0 -
Could you confirm the specific solution that ultimately addressed the issue? Thank you.
[QUOTE=" Joshua Browning"> August 14th, 2017 at 02:57 PM Hello, Upon further review of your reported issue, this problem does not appear to be related to or caused by cPanel or by the basic configuration of the cPanel-bundled software. As such, I first performed an investigation to determine whether cPanel is or is not related to the reported issue. As a courtesy I proceeded to investigate the issue to see if I could provide further support and assistance. We want everyone who uses cPanel to have an amazing experience, both with our software and our support. Sometimes that means pointing you to an expert about your particular problem if it is not a cPanel-related issue. As a courtesy, we have checked your server to provide a list of IP addresses that are accessing port 80 on this server: [21:46:27 ~]cPs# netstat -an | grep :80 | egrep '^tcp' | grep -v LISTEN | awk '{print $5}' | egrep '([0-9]{1,3}\.){3}[0-9]{1,3}' | sed 's/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/' | sort | uniq -c | sort -nr | sed 's/::ffff://' | head -20 [Removed] However it does appear that your server is receiving more Apache connections than it is able to handle, which was pointed out in a previous response by Forest. Whether or not this is an attack or just a large scale of traffic, it would be better for your systems administrator or host/datacenter to review and determine. As such it would be vital at this point to get a systems administrator involved to assist in either mitigating the traffic, optimizing server performance, or looking into a server upgrade. Your hosting provider/datacenter may also be able to assist you with this depending on your plan with them and what their support provides. Here is some helpful information from Apache and the current status: ------------------------------- ? httpd.service - Apache web server managed by cPanel EasyApache Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2017-08-13 20:03:26 CEST; 1 day 1h ago Main PID: 7175 (httpd) CGroup: /system.slice/httpd.service ?? 331 /usr/sbin/httpd -k start ?? 388 /usr/sbin/httpd -k start ?? 393 /usr/sbin/httpd -k start ?? 395 /usr/sbin/httpd -k start ?? 396 /usr/sbin/httpd -k start ?? 399 /usr/sbin/httpd -k start ?? 455 /usr/sbin/httpd -k start ?? 460 /usr/sbin/httpd -k start ?? 461 /usr/sbin/httpd -k start ?? 462 /usr/sbin/httpd -k start ?? 465 /usr/sbin/httpd -k start ?? 466 /usr/sbin/httpd -k start ?? 467 /usr/sbin/httpd -k start ?? 501 /usr/sbin/httpd -k start ?? 503 /usr/sbin/httpd -k start ?? 516 /usr/sbin/httpd -k start ?? 535 /usr/sbin/httpd -k start ?? 541 /usr/sbin/httpd -k start ?? 542 /usr/sbin/httpd -k start ?? 546 /usr/sbin/httpd -k start ?? 547 /usr/sbin/httpd -k start ?? 564 /usr/sbin/httpd -k start ?? 567 /usr/sbin/httpd -k start ?? 568 /usr/sbin/httpd -k start ?? 572 /usr/sbin/httpd -k start ?? 573 /usr/sbin/httpd -k start ?? 579 /usr/sbin/httpd -k start ?? 593 /usr/sbin/httpd -k start ?? 594 /usr/sbin/httpd -k start ?? 598 /usr/sbin/httpd -k start ?? 610 /usr/sbin/httpd -k start ?? 614 /usr/sbin/httpd -k start ?? 655 /usr/sbin/httpd -k start ?? 660 /usr/sbin/httpd -k start ?? 664 /usr/sbin/httpd -k start ?? 674 /usr/sbin/httpd -k start ?? 675 /usr/sbin/httpd -k start ?? 679 /usr/sbin/httpd -k start ?? 680 /usr/sbin/httpd -k start ?? 681 /usr/sbin/httpd -k start ?? 682 /usr/sbin/httpd -k start ?? 683 /usr/sbin/httpd -k start ?? 684 /usr/sbin/httpd -k start ?? 685 /usr/sbin/httpd -k start ?? 686 /usr/sbin/httpd -k start ?? 878 /usr/sbin/httpd -k start ?? 880 /usr/sbin/httpd -k start ?? 881 /usr/sbin/httpd -k start ?? 882 /usr/sbin/httpd -k start ?? 883 /usr/sbin/httpd -k start ?? 884 /usr/sbin/httpd -k start ?? 885 /usr/sbin/httpd -k start ?? 893 /usr/sbin/httpd -k start ?? 894 /usr/sbin/httpd -k start ?? 895 /usr/sbin/httpd -k start ?? 896 /usr/sbin/httpd -k start ?? 897 /usr/sbin/httpd -k start ?? 898 /usr/sbin/httpd -k start ?? 901 /usr/sbin/httpd -k start ?? 902 /usr/sbin/httpd -k start ?? 903 /usr/sbin/httpd -k start ?? 904 /usr/sbin/httpd -k start ?? 905 /usr/sbin/httpd -k start ?? 906 /usr/sbin/httpd -k start ?? 907 /usr/sbin/httpd -k start ?? 908 /usr/sbin/httpd -k start ?? 909 /usr/sbin/httpd -k start ?? 910 /usr/sbin/httpd -k start ?? 911 /usr/sbin/httpd -k start ?? 912 /usr/sbin/httpd -k start ?? 913 /usr/sbin/httpd -k start ?? 914 /usr/sbin/httpd -k start ?? 915 /usr/sbin/httpd -k start ?? 916 /usr/sbin/httpd -k start ?? 917 /usr/sbin/httpd -k start ?? 918 /usr/sbin/httpd -k start ?? 919 /usr/sbin/httpd -k start ?? 920 /usr/sbin/httpd -k start ?? 921 /usr/sbin/httpd -k start ?? 922 /usr/sbin/httpd -k start ?? 923 /usr/sbin/httpd -k start ?? 924 /usr/sbin/httpd -k start ?? 7175 /usr/sbin/httpd -k start ??17266 /usr/local/cpanel/bin/splitlogs --main= --suffix=-bytes_log ??17267 /usr/local/cpanel/bin/splitlogs --main= --mainout=/etc/apache2/logs/access_log ??17269 /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect ??17271 /usr/sbin/httpd -k start ??30712 /usr/sbin/httpd -k start ??30986 /usr/sbin/httpd -k start ??31235 /usr/sbin/httpd -k start ??31269 /usr/sbin/httpd -k start ??31706 /usr/sbin/httpd -k start ??31709 /usr/sbin/httpd -k start ??31817 /usr/sbin/httpd -k start ??31820 /usr/sbin/httpd -k start ??31831 /usr/sbin/httpd -k start ??31941 /usr/sbin/httpd -k start ??31945 /usr/sbin/httpd -k start ??32014 /usr/sbin/httpd -k start ??32017 /usr/sbin/httpd -k start ??32021 /usr/sbin/httpd -k start ??32252 /usr/sbin/httpd -k start ??32256 /usr/sbin/httpd -k start ??32257 /usr/sbin/httpd -k start ??32285 /usr/sbin/httpd -k start ??32737 /usr/sbin/httpd -k start [Removed] ------------------------------- -- Have a great day! Joshua Browning Technical Analyst cPanel, Inc.
After contabo support fixed. [QUOTE="Contabo Support Team"> Dear Samet, Thank you for your patience. There are a lot of refused connections from IP address [Removed]. We would recommend you to block this IP using the WHM firewall tool. Please navigate to menu item "Plugins" -> "ConfigServer Security & Firewall". You can use the "Quick Deny" feature or you can add the IP to "csf.ignore" file. If you have any questions or need help, please do not hesitate to contact us. -- Best regards, Alexander H"llerer Technischer Support / Technical support Contabo GmbH0
Please sign in to leave a comment.
Comments
5 comments