How to identify DDoS attack? [closed]

Posted on

How to identify DDoS attack? [closed] – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about mysql, apache-2.2, freebsd, ddos, .

I am experiencing intermittent, very odd jumps in server load that generally end in server being unavailable. Server runs a pretty high traffic website on WordPress, Apache, MySQL. There is a plugin(hypercache) installed that minimizes mysql usage by caching full pages. However, everytime spike in load happens, mysql eventually becomes unavailable.
Load average jumps from 2 to 30-40 during that time and apache seems to be handling a lot of requests(I’ve seen in the log file message about MaxClients being reached).

My question is this: how do I know if this is legitimate traffic or if it’s a DoS attack? If it’s DoS how do I determine what type of attack it is and protect myself against it?

Server runs FreeBSD 7, Apache 2.2, MySQL 5.1

Solution :

We notice a similar phenomenon, and if you enable Apache’s server-status module, you can see what’s going on. For us, it is caused by scanners looking for installations of phpMyAdmin to exploit. Because of the way WordPress processes every request, the load quickly shoots up. WP Super Cache for WordPress makes a HUGE difference. I also created some global RedirectMatch rules which intercept most of these scanner requests before hitting any PHP/MySQL-driven sites.

You can see what’s traffic comes to your server by installing TrafShow from FreeBSD ports. Much like ps ax but you see traffic flows instead of process IDs.

Leave a Reply

Your email address will not be published.