Portal Home > Knowledgebase > Articles Database > under ddos
under ddos
Posted by mixmox, 11-24-2010, 10:45 AM |
hello. these files are locat on /tmp
cceHKHWo.s
dos-109.125.150.13
dos-109.74.229.234
dos-113.140.13.218
dos-113.16.225.142
dos-113.6.166.82
dos-113.83.224.143
dos-117.90.16.11
dos-1.195.200.192
dos-124.227.242.206
dos-184.154.104.45
dos-188.118.93.141
dos-188.34.13.215
dos-194.146.150.131
dos-194.146.150.132
dos-213.233.183.253
dos-2.144.238.1
dos-218.200.4.114
dos-220.170.199.142
dos-222.87.144.32
dos-60.20.129.234
dos-69.175.79.4
dos-78.38.18.222
dos-79.175.167.80
dos-81.90.155.11
dos-83.147.196.10
dos-83.147.223.230
dos-91.98.125.115
dos-91.99.173.131
dos-91.99.20.224
dos-91.99.254.21
dos-93.110.66.138
dos-94.101.191.122
dos-94.183.134.98
dos-94.183.158.57
dos-94.232.173.30
dos-95.82.41.182
install.sh
ks-script-k41clj
ks-script-k41clj.log
pear
unban.AgE26795
unban.ahW17607
unban.AuV20438
unban.aVc20921
what should i do now?
|
Posted by eth00, 11-24-2010, 11:24 AM |
It just means somethnig triggered mod_evasive. You don't have to do anything if you do not want and the server performance is fine. You may want to double check to make sure they were legit blocks since that is a pretty small number of ips.
you may also want to double check and see what install.sh is
|
Posted by kevinnivek, 11-24-2010, 11:38 AM |
Yeah I'd start worrying once the server performance starts suffering.
|
Posted by Hillockhosting, 11-25-2010, 12:46 PM |
open the file ad check the contents.
It can also be a attack from your server to remote server which can eat up all bandwidth and choke the server.
|
Posted by mixmox, 11-26-2010, 03:53 AM |
vi dos-84.241.5.244
content is only one single line :
26272
|
Posted by madaboutlinux, 11-26-2010, 06:04 AM |
The 'dos-IP' files are used by Mod_Evasive to track the connections, they are not log files. And the number you see in those files is the PID of the Apache child process that triggered the rule and was then blocked by mod_evasive.
|
Posted by mixmox, 11-29-2010, 06:21 AM |
and where these ban ip locate?
on csf dent file or on iptables?
|
Add to Favourites Print this Article
Also Read