LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-15-2018, 02:03 PM   #1
yeknafar
LQ Newbie
 
Registered: Jul 2018
Posts: 11

Rep: Reputation: Disabled
High 5 minute load average alert means I am under DDOs?


Hello

For 48 hours I have come to Cloudflare but I recive “high 5 minute load average alert” like before using the Cloudflare but with lower numbers like 20 but I fear they become more.

I have blocked some countries and about 200 IPs too.

What more should I do to get rid of these attacks?


Uptime: 2588 Threads: 8 Questions: 91518 Slow queries: 0 Opens: 211 Flush tables: 1 Open tables: 200 Queries per second avg: 35.362


I am using a cload server with 8 CPUs.
My Cpu now is 1.
Ram is 4.
I am using CWP.


Thank you for your help and attention :slight_smile:
 
Old 07-15-2018, 06:13 PM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000
Try dropping ip blocks, i.e. 200.100.0.0/16. Use whois to find the whole block. Eventually you'll get it under control. Or subscribe to a blacklist.
 
Old 07-15-2018, 06:35 PM   #3
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 2,206

Rep: Reputation: 688Reputation: 688Reputation: 688Reputation: 688Reputation: 688Reputation: 688
I have to wonder what you have running on that server?

As I understand it, CWP is a LAMP configuration, yes? Are you hosting websites? Forums? Torrent?
Quote:
Uptime: 2588 Threads: 8 Questions: 91518 Slow queries: 0 Opens: 211 Flush tables: 1 Open tables: 200 Queries per second avg: 35.362
I presume that's something from CWP...
Threads of what?
Queries of what? 200 Queries per second seems a lot.
Do you have a database exposed to the world?
 
Old 07-16-2018, 04:09 AM   #4
yeknafar
LQ Newbie
 
Registered: Jul 2018
Posts: 11

Original Poster
Rep: Reputation: Disabled
Unhappy

Quote:
Originally Posted by scasey View Post
I have to wonder what you have running on that server?

As I understand it, CWP is a LAMP configuration, yes? Are you hosting websites? Forums? Torrent?

I presume that's something from CWP...
Threads of what?
Queries of what? 200 Queries per second seems a lot.
Do you have a database exposed to the world?
I just have a wordpress website on it.
CWP is centos web panel that give a GUI.
Queries per second avg: 35.362
Do you have a database exposed to the world? no, as it seems I am under Slowris attack.
 
Old 07-16-2018, 04:12 AM   #5
yeknafar
LQ Newbie
 
Registered: Jul 2018
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
Try dropping ip blocks, i.e. 200.100.0.0/16. Use whois to find the whole block. Eventually you'll get it under control. Or subscribe to a blacklist.
I have blocked more than 300 IPs. I am using Cloudflare now but did not stop the attacks completely. How can I subscribe to a blacklist?

Would you give me a link about it?

Thanks
 
Old 07-16-2018, 10:24 AM   #6
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,804

Rep: Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088Reputation: 1088
Could be too late if your public IP is "out there", but if you need DDoS mitigation / traffic cleaning then look at Incapsula, I've used their services in the past.
 
Old 07-16-2018, 09:32 PM   #7
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000Reputation: 1000
300?

Quote:
Originally Posted by yeknafar View Post
I have blocked more than 300 IPs.
Here's a blacklist page: https://myip.ms/browse/blacklist/Bla...base_Real-time
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
High average load at 60.01 smilemukul Linux - Server 7 04-19-2013 01:59 AM
CPU load average alert linuxandtsm Linux - Newbie 6 05-10-2012 05:15 PM
Load average too high chobong Linux - Newbie 2 08-11-2011 02:38 AM
load average high sang_froid Linux - Server 3 12-14-2009 11:18 AM
Load Average means ZAMO Linux - General 1 10-31-2008 08:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration