3

I have a VPS with Ubuntu. I host a small website (~10 visitors at the same time). Sometimes the website starts lagging. It lags so bad that my SSH connection starts lagging too. Running top says that 2 instances of apache2 take up 50% CPU each.

I assume this is a DoS attack. I've copy-paste installed a few iptables scripts that made sense, but this has not helped.

I installed libapache2-mod-evasive -- I'm sure it blocks the attacker, but I'm still lagging.

What can I do? Can I at least find the IP of the attacker?

I have strong experience with Linux, but almost zero experience with being a server admin.

Dennis
  • 50,701
Mikhail
  • 1,481
  • 3
  • 15
  • 22

3 Answers3

3

Check the Apache access log for repeated attempts by a similar IP address, /var/log/httpd/access_log is the usual location.

You may also be interested in an automated solution such as DDoS Deflate or PSAD. I'd also strongly recommend mod_security for Apache itself.

0

Have you hardened Apache or your OS?

Are you able to post any logs?

This may help a bit.

http://httpd.apache.org/docs/2.0/misc/security_tips.html

Bernie White
  • 140
-1

I can't suggest enough Fail2ban. It is a daemon that runs in the background and monitors all of your log files for suspicious activity and blocks the suspicious activity based on the log file errors. This means you must create the error log files in the first place, for web servers you can usually do this. I've done it for NGINX just recently, but I'm sure there's a similar directive for Apache.

ntk4
  • 99