Knowledgebase

netstat results show 3 ips in same location with several connections

Posted by clrockwell, 03-13-2008, 09:56 AM
Hello again Please bear in mind I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help. This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number: 86.104.230.29:59009 86.104.117.45:18065 89.37.137.157:41593 As far as I can tell they are from Romania, and there are several connections. I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated. Thanks very much for any time you take on looking at this. netstat: ps -auxf top: vmstat 5 5
Posted by applicurearun, 03-13-2008, 11:25 AM
What about the apache logs? Look like DDOS and SYN_Recv Attacks. have you tried an apache restart or stop when your server load is high? Also you can block those IPs on the server.
Posted by clrockwell, 03-13-2008, 12:30 PM
Thanks applicurearun, I looked into iptables and set them up for these ip blocks, and I did restart the VPS as soon as I got in this morning, I never knew it went down last night. I have posted the apache logs from 3-13, I hope this gives some insight, it just seems like a whole lot of memory issues Sar does not seem to be logging anymore, the last date it logged was 09, and that is not complete. I need to get this fixed once and for all, and the frustration is building. I had sent an email to rack911, but never got a response. If anyone (with a good rep of course) would like to take a look, please pm with your cost. Of course, I'm still hacking away at this myself and am taking advice. Thanks again applicurearun
Posted by applicurearun, 03-14-2008, 12:26 PM
swap memory can do the click ;P allow more swap in your server.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Cheapest domain reseller provider (Views: 682)
Interworx to cPanel account migration (Views: 611)
Server4U down? (Views: 722)
incorrect mysql disk quota (Views: 597)
Tutorial Advice (Views: 542)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.