Knowledgebase

Portal Home > Knowledgebase > Articles Database > under ddos


under ddos




Posted by mixmox, 11-24-2010, 10:45 AM
hello. these files are locat on /tmp cceHKHWo.s dos-109.125.150.13 dos-109.74.229.234 dos-113.140.13.218 dos-113.16.225.142 dos-113.6.166.82 dos-113.83.224.143 dos-117.90.16.11 dos-1.195.200.192 dos-124.227.242.206 dos-184.154.104.45 dos-188.118.93.141 dos-188.34.13.215 dos-194.146.150.131 dos-194.146.150.132 dos-213.233.183.253 dos-2.144.238.1 dos-218.200.4.114 dos-220.170.199.142 dos-222.87.144.32 dos-60.20.129.234 dos-69.175.79.4 dos-78.38.18.222 dos-79.175.167.80 dos-81.90.155.11 dos-83.147.196.10 dos-83.147.223.230 dos-91.98.125.115 dos-91.99.173.131 dos-91.99.20.224 dos-91.99.254.21 dos-93.110.66.138 dos-94.101.191.122 dos-94.183.134.98 dos-94.183.158.57 dos-94.232.173.30 dos-95.82.41.182 install.sh ks-script-k41clj ks-script-k41clj.log pear unban.AgE26795 unban.ahW17607 unban.AuV20438 unban.aVc20921 what should i do now?
Posted by eth00, 11-24-2010, 11:24 AM
It just means somethnig triggered mod_evasive. You don't have to do anything if you do not want and the server performance is fine. You may want to double check to make sure they were legit blocks since that is a pretty small number of ips. you may also want to double check and see what install.sh is
Posted by kevinnivek, 11-24-2010, 11:38 AM
Yeah I'd start worrying once the server performance starts suffering.
Posted by Hillockhosting, 11-25-2010, 12:46 PM
open the file ad check the contents. It can also be a attack from your server to remote server which can eat up all bandwidth and choke the server.
Posted by mixmox, 11-26-2010, 03:53 AM
vi dos-84.241.5.244 content is only one single line : 26272
Posted by madaboutlinux, 11-26-2010, 06:04 AM
The 'dos-IP' files are used by Mod_Evasive to track the connections, they are not log files. And the number you see in those files is the PID of the Apache child process that triggered the rule and was then blocked by mod_evasive.
Posted by mixmox, 11-29-2010, 06:21 AM
and where these ban ip locate? on csf dent file or on iptables?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
KnownHost vz66-tx server down (Views: 602)
any risk if i active mcrypt extention ? (Views: 600)
Can any Linux hosting service be used with RDP? (Views: 641)
SPF not working? (Views: 598)
Memory Used 98% - How can I tell? (Views: 622)