For the last 2 nights my servers has shown services as being offline and the system log is full of the following:- nf_conntrack: table full, dropping packet Now I understand this may be a DOS or DDOS attack on the server. A reboot cures the problem but I can't reboot the server every night as that's impracticable. I should add that although the services are showing as offline - they are in fact online. i.e. the www service is showing as offline but all my sites are up. Any help in curing this would be appreciated. This never happened before the upgrade to 3.0.5.4 and 3.0.5.4p1 Many thanks Jeff
Update UPDATE: It looks like my server is being attacked nightly by some kind of stress attack. Here are the list of connections:- So it does look like some kind of dos attack and putting the system under loads of stress. Any recommendations for counter defence ? Jeff
@Jeff: For me it looks more like your server is spamming (if the list of commands you posted is from your server). Have you checked the "lsof -p xxxx" for the open processes? You might be able to find out which web is the source with this. e. g. lsof -p 30415
Think I've managed to pinpoint the problem. I ran a grep for the originators domain name and all the results were from a string in one script on one of my sites. There must have been a backdoor with this script. I have completely removed the site from my server and the attacks have stopped. I also added a "pkill xmlrpc" cron job to run every minute to kill any process that starts up with xmlrpc, which was the way the attackers were getting in. So far so good. Apologies as this was not specifically an ISPconfig problem in the end. Jeff
