troubleshoot: my server goes down. Comes back up after reboot
Hi all, I have a remote, unmanaged dedicated Debian server. Last Tuesday, my server went down so I emailed the support team to reboot my server and it fixed the problem. Today, it happened again. And like last time, a reboot fixed the problem. I would really appreciate it if someone helps me to troubleshoot:
-------Netstat -lpn output--------:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2135/mysqld
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2394/dnscache
tcp6 0 0 :::ssh :::* LISTEN 2290/sshd
tcp6 0 0 :::80 :::* LISTEN 2337/apache2
tcp6 0 0 :::443 :::* LISTEN 2337/apache2
tcp6 0 576 ::ffff:ip:ssh ::ffff:myip:ssh ESTABLISHED2404/sshd: user [p
udp 0 0 127.0.0.1:53 0.0.0.0:* 2394/dnscache
udp 0 0 ip:53 0.0.0.0:* 2392/tinydns
-------My firewall output----------:
Accepting port ssh...
Accepting port 53...
Accepting port 80...
Accepting port 443...
blocking everything not listed here...
activating DoS prevention...
blocking XMAS-tree and NULL packets
-------My firewall--------:
#!/bin/sh
#
# A simple firewall initialization script
#
WHITELIST=/usr/local/etc/whitelist.txt
BLACKLIST=/usr/local/etc/blacklist.txt
ALLOWED="ssh 53 80 443"
#
# Drop all existing filter rules
#
iptables -F
#
# First, run through $WHITELIST, accepting all traffic from hosts and networks
# contained therein.
#
for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
echo "Permitting $x..."
iptables -A INPUT -t filter -s $x -j ACCEPT
done
#
# Now run through $BLACKLIST, dropping all traffic from the hosts and networks
# contained therein
#
for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do
echo "Blocking $x..."
iptables -A INPUT -t filter -s $x -j DROP
done
#
# Next, the permitted ports: What will we accept from hosts not appearing
# on the blacklist?
#
for port in $ALLOWED; do
echo "Accepting port $port..."
iptables -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done
#
# Finally, unless it's mentioned above, and it's an inbound startup request,
# just drop it.
#
echo "blocking everything not listed here..."
iptables -A INPUT -t filter -p tcp --syn -j DROP
#
# a simple DoS prevention script
#
echo "activating DoS prevention..."
# Create syn-flood chain for detecting Denial of Service attacks
iptables -t nat -N syn-flood
# Limit 12 connections per second (burst to 24)
iptables -t nat -A syn-flood -m limit --limit 12/s --limit-burst 24 -j RETURN
iptables -t nat -A syn-flood -j DROP
# Check for DoS attack
iptables -t nat -A PREROUTING -i $EXT_IFACE -d $DEST_IP -p tcp --syn -j syn-flood
#
# a simple script for blocking XMAS-tree and NULL packets
#
echo "blocking XMAS-tree and NULL packets"
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
|