0

I'm running a small webserver on Ubuntu 12.04.

Last night, the server topped off at 100% cpu usage and crashed. This is unusual as I'm normally around 1-5%. I suspect a DDoS attack from someone related, but I'm not certain. I searched apache logs, syslog, messages, fail2ban logs but I couldn't find anything that explains what happened.

How can I figure out the cause of the crash? How can I possibly prevent it?

MichelZ
  • 11,068
  • 4
  • 32
  • 59
user1732521
  • 121
  • 1
  • 1
  • 5
  • Have you considered hiding it behind cloudlare to start with? – TomTom Apr 22 '14 at 08:45
  • I have not. CloudFlare isn't something I've used before. The thing is I'm not sure it's an attack... – user1732521 Apr 22 '14 at 08:52
  • Start by moving the site through cloudflare - they do some serious things there and that may help. It is a simple DNS change, free of charge. – TomTom Apr 22 '14 at 08:52
  • I will give it a shot, thanks. Having multiple vhosts on the same domain isn't an issue or anything? – user1732521 Apr 22 '14 at 08:54
  • No, they intercept via IP and then come as a proxy - works like a charm and save you some bandwidth, too, but mostly they block certain attack vectors. Only impact is analytics - web server logs do not get every visitor (google analytics etc. does) – TomTom Apr 22 '14 at 08:55

0 Answers0