it happen lately these days, my user complain can't access his site, and when I check I can't also, tried ssh to server can't, but I can the server properly, no time out.. and then after I can login to server via ssh, I just stay there and doing netstat randomly while opening the site on my browser.. and when the time I can't access the site, I tried to check how many connection opened (netstat -an) it has slow response, and result were displayed later. and when the result came up, I found many connection thru port 80 from the same IP but already close_wait... (see below) my question, am I being DDoS-ed?? if so how do I prevent it. ps: I have installed Blockhost.. thank before. Code: tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:55089 CLOSE_WAIT 15781/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:39846 CLOSE_WAIT 15782/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:39190 CLOSE_WAIT 15990/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:60557 CLOSE_WAIT 15786/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:46049 CLOSE_WAIT 15995/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:56390 CLOSE_WAIT 15992/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:48077 CLOSE_WAIT 6252/httpd tcp 0 0 ::ffff:10.10.48.232:22 ::ffff:10.10.105.181:4480 ESTALISHED 18532/0 tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:10.10.105.181:4517 CLOSE_WAIT 25432/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:52498 CLOSE_WAIT 15788/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:40852 CLOSE_WAIT 15994/httpd tcp 0 0 ::ffff:10.10.48.232:80 ::ffff:10.10.105.181:4524 ESTALISHED 15783/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:10.10.105.181:4521 CLOSE_WAIT 15965/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:37391 CLOSE_WAIT 20978/httpd tcp 0 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:40554 CLOSE_WAIT 15969/httpd tcp 1 0 ::ffff:10.10.48.232:80 ::ffff:74.6.8.106:44626 CLOSE_WAIT 16006/httpd tcp 279 0 ::ffff:10.10.48.232:80 ::ffff:66.249.70.92:58074 ESTALISHED -
correct, 10.10.48.232 is my box which NAT'ed by router with public IP. I just curious why when these 2 IPs connect to port 80 (66.249.70.92, 74.6.8.106) how come my box became not responding. (I cant access to port 80 and 22).. that's all.... but with new version of Centos and ispconfig available. I'll upgrade my box and hopefully this case wont happen again ________ Vapolution
after checking my server console, I found error that my server is not enough memory, and killing some process belong to httpd and mysqld. I have 640MB Memory and 1GB swap on my primary server. is that not enough ?? http://www.howtoforge.com/forums/showpost.php?p=135001&postcount=5 hosting 22 sites (all of them using mysql DBs - for Wordpress and Joomla) ________ CR250M
I think you should try to optimize Apache and MySQL. Are you using a PHP cache such as eAccelerator or Xcache? If not, you should definitely install one.
i'll install php eAccelator and try to configure mysql... but to optimize apache?? I never do that... but thanks for the tips.. ________ E23
Oke I found one, http://phpimpact.wordpress.com/2007/06/22/optimizing-apache-and-php/ but its actually summary of 3 IBM's articles http://www.ibm.com/developerworks/linux/library/l-tune-lamp-1/index.html http://www.ibm.com/developerworks/linux/library/l-tune-lamp-2.html http://www.ibm.com/developerworks/library/l-tune-lamp-3.html still reading it, but I think every should read this...
