I think my server got DOS'ed via HTTP(port 80).
When I checked apache access log, it showed that specific IPs requested /GET/HTTP1.1 more than 150 times in a minute.
And I've been trying to limit connection per IP via CSF.
However after I installed and configured CSF, I keep getting so many notification emails like this:
Time: Sun May 18 22:34:40 2014 +0700 PID: 11727 (Parent PID:1636) Account: apache Uptime: 73 seconds Executable: /usr/sbin/httpd Command Line (often faked in exploits): /usr/sbin/httpd Network connections by the process (if any): tcp6: 0.0.0.0:80 -> 0.0.0.0:0 tcp6: 0.0.0.0:443 -> 0.0.0.0:0 tcp: 127.0.0.1:57790 -> 127.0.0.1:11211 Files open by the process (if any): /dev/null /dev/null /var/log/httpd/error_log /dev/urandom /var/log/virtualmin/xxx.com_error_log /var/log/virtualmin/xxx.net_error_log /var/log/virtualmin/xxx.com_error_log /var/log/httpd/ssl_error_log /var/log/httpd/access_log /var/log/virtualmin/xxx.com_access_log /var/log/httpd/ssl_access_log /var/log/httpd/ssl_request_log anon_inode:[eventpoll] anon_inode:[eventpoll] /dev/urandom anon_inode:[eventpoll] Memory maps by the process (if any): 7fb758000000-7fb758021000 rw-p 00000000 00:00 0 7fb758021000-7fb75c000000 ---p 00000000 00:00 0 ...... 7fb765fad000-7fb7669ad000 rw-p 00000000 00:00 0 7fb79bcfd000-7fb79d2f2000 rw-p 00000000 00:00 0
as I stated above, I only want to limit the connection so I only modified the CT_LIMIT and incoming/outgoing ports in csf.conf
I know adding the execution path on csf.pignore might fix the problem, but that will also defeat the purpose of installing CSF in the first place.
My server specs :
Centos 6.3 64-bit RAM 6 GB 4 Cores Memcached Installed on port 11211 Apache with Prefork MPM: StartServers 8 MinSpareServers 8 MaxSpareServers 16 ServerLimit 100 MaxClients 100 MaxRequestsPerChild 4000 Timeout 60 KeepAlive On MaxKeepAliveRequests 1000 KeepAliveTimeout 2 MySQL used only for hosting a wordpress
I dont know what happened here. Could somebody enlighten me?
