OT: (D)DoS attack mitigation
Patrick O'Callaghan wrote:
On Sat, 2008-05-24 at 17:41 -0400, Temlakos wrote:
Anyone have a line on things that a root-accessed server admin can do to
stop a (D)DoS attack?
A DDOS attack on what? What services are you running that might be
attacked? Are all unnecessary ports closed?
The attack, if that's what it is, is against Web service (Apache) at
port 80. It's a Wiki site, on a server running CentOS 5. The site seems
to be running again, but a few hours ago I was getting connection
resets, timeouts, and "can't find server" messages. And at one point, my
Web host said that the apache system account was making too many requests.
It's a remote server to which I have root access--at least, whenever I
can sign in.
The Web host is supposed to have mod-dosevasive and a Brute Force
Detection package installed. Assuming that those packages are in fact
working, what other measures should I take?
I need to have port 80 open for ordinary Web service, plus one other
port open for signing in as a domain-management client or as a server
administrator. I also use ssh on occasion, but I normally forbid that,
and open it only when necessary to get in, run a few quick scripts, and
then get out.
The "top" command reveals two routines by apache; the rest run by root.
I just installed wireshark, but now I can't get wireshark to start:
"command not found." What directory is that supposed to install in?
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list