On my RackForce server I'm having a big problem with large amounts of defunct httpd's. I believe it's DDoS attacks, but I'm *supposed* to be behind a managed firewall that filters them out. Is there anything I can do about this? It's causing loads to go insanely high?

you could always run apache off a different port until this problem is resolved.

Don't think that would work, this server is housing 2 of my somewhat high traffic sites (3 million page views month each). I've tried turning off Apache but then they just start attacking something else gets real annoying.

Originally posted by interactive:

On my RackForce server I'm having a big problem with large amounts of defunct httpd's. I believe it's DDoS attacks, but I'm *supposed* to be behind a managed firewall that filters them out. Is there anything I can do about this? It's causing loads to go insanely high?

Hi Robert, We also have seveal boxes colo-ed at Rackforce and I know for a fact (been there) that the Firewall installed does not filter DDOS attacks, or slashdottings, apparently it's all legit traffic.

(Not trying to be a jerk or discredit you) But when I signed up I was told it did. Kind of pisses me off. I'll call Ian tomarrow I guess

Hmm, Well Ian's a good guy - He always fixes things. :)

I believe once they've found the DDOS attack they can filter it but it doesn't do it automatically.

This may not be a DDOS attack - I think i've read somewhere on Plesk this could be a problem related to them - do you have Plesk installed?

Hello all,

If you are on a linux server, make sure you have syn_cookies enabled, this will help with the attack, by not allowing the stack to be filled.

This would work if it's a SYN attack.
you can also add the address to your routing table, to reject

"route add X.X.X.X reject"


http://datums.net