RE: Apache in under attack. [EXT]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The first place to look in this case is the size of the apache processes. Once the OP has got on top of this - then other issues can be investigated.

So process would be:
	1) Reduce number of modules in Apache (>100 at the moment) should be around 15-25 region;
	2) Look at memory usage;
	3) If high would also look to see which PHP packages have been installed;
	4) Once past these I would start looking at the actual attack and the particular requests;



-----Original Message-----
From: @lbutlr <kremels@xxxxxxxxx> 
Sent: 15 January 2021 06:37
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Apache in under attack. [EXT]

On 14 Jan 2021, at 04:48, Jason Long <hack3rcon@xxxxxxxxx.INVALID> wrote:
> Server have 4 CPU cores and 6GB of RAM.
> I pasted Apache configuration. In your opinion, which parts of servers must be examine?

Throwing more resources at the problem is not likely to fix the problem. You need to figure out what is going on with your server and WHY it is taking so much time it is bogging down and WEHRE the slowdown is happening.

This is not something that someone can just say "Oh, it's this" because the problem is unique to your machine, your content, and your users.

I would start with those very suspicious (to me) looking URL requests containing dozens of digits of hex. Do those look like they are legitimate links to your server's web content?

Also, please stop top-posting and quoting the entire message thread below.

-- 
We are born naked, wet and hungry; then it's all downhill.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



-- 
 The Wellcome Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux