I run a server with apache2 on an ubuntu box. It is a crypto mining pool. Everything was running normal even with the large inflow of people accessing our site. Then out of nowhere our cpu usage across all 8 cores is at 98 to 100%
I use a reverse proxy in front of the server to help mitigate DDOS attacks but this is something I have never encountered before.
netstat -an | grep :80 | grep SYN | wc -l gives an output of 100+ while this is happening.
Killing apache immediately drops the load to normal levels and allows my clients to continue to use the other services on the server. But we have to have our front end working.
I have tried several iptables rules but they do not work. I have modified my sysctl according to some suggestions:
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_mem = 128000 200000 262144
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 1800000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
vm.swappiness = 5
net.ipv4.tcp_syncookies = 1
but that does not seem to mitigate the issue.
I am at my wits end and I need to get the website up and functioning again.
ANY and all suggestions would be appreciated.
Thank you.