Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-12-2018, 05:28 PM   #1
LQ Newbie
Registered: Jul 2018
Posts: 11

Rep: Reputation: Disabled
Attacker IPs do not go through my cload


Thanks for your attention.
I am using a cload to prevent DDOs attacks on

my site and it is supposed just I see the IP of

my cload on my server but when I check it with

netstat -ntu | awk '{print $5}' | cut -d: -f1 |

sort | uniq -c | sort -n

I see many strange IPs and when I Google them I

find they are attacker IPs.

- I am using centos web panel (CWP).

Now I wonder:
- Why they come to my site directly and do not

go through the cload to prevent them? (I do not

think they have my IP, I have used 2 different


- I ban them manually, can it becomes an auto

- Are they doing Slowris attack on my site?

(Because I receive for example 335 load average

and database error sometime or even 3 times a

day with low bandwith)

- Is it a good job to ban the most famous

attacker IPs ? If yes how can I get the list?

Old 07-13-2018, 08:17 PM   #2
LQ Veteran
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,297
Blog Entries: 36

Rep: Reputation: Disabled
191 ways to echo hello world on the command line

So far, you're doing what should be done, in my opinion only.

Cloudfl can partially mitigate a low-to-modeate threat simply by pointing your NSs (Nameservers) at their service.
Cloudflare was started and staffed by the same team that gave us Project HoneyPot. Good stuff.
It's been a few years but they are pretty good and I give that team Mad Props.

The next "God, that wasn't so hard" is "centralized logging" and by that I speak of Elasticserch, Logstash, and Kibana, or "ELK".
ELK and others are the shit.

Why they come to your server?
I don't know that answer, but I do know we shouldn't take it personally.
centos-webpanel features csf and I recommend you at poke around and "get a feel"
WhM/cPanel was a big fat Target, so maybe this is too?

Close the database port to the world?
ELK "later", ok?

cat x | grep y | grep z | awk
... is old-as-dirt

But...that is also another good skill to have. Comfort at a text prompt.

ELK can slice and dice:
Visualizing Logs Using ElasticSearch, Logstash and Kibana - YouTube

Continue to do as you have been.
That's a good habit to have.

An Intro to badbots was an eye-opener for me.
Details that I found in my logs every dayfor seven years.
Been centralizing w\ELK ever since.

An Intro to badbots may offer you some hope of keeping this under control..
I'd love to grep your logs.
You familiar with the Apache webserver LogFormat directive?
Me either, so....Ha!

IDK how far I can encourage you, since I don't know what your equipped with or skilled to accomplish.
Secure your Apache server from DDoS, Slowloris, and DNS

I'll check in "in a few"...see how you are getting on.
Be encouraged.
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Attacker IPs yeknafar Linux - Security 5 07-25-2018 04:26 AM
LXer: Most popular cload projects, Walmarts investment in open source, and more LXer Syndicated Linux News 0 08-29-2014 11:51 PM
iptables blocking all ips except US & US Amazon. Can't log dropped IPs. mcginlej Linux - Networking 3 10-08-2013 12:18 PM
Getting things straight: Apache, SSL, Multiple External IPs / Internal IPs Linux - Server 21 10-13-2007 11:39 PM
How about this attacker? pe2338 Debian 5 09-03-2003 05:43 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:37 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration