Latest Announcemnent
New thread

Possible DOS attack and database optimization

Status
Not open for further replies.
X

xandor

Active Member
209
2011
21
0
I am having some major problems with my website. My Average CPU load is currently at ~30, using a server with 8 cores so max it can handle should be 8.

Contacted the company I have my server at and they said this:

"It seems that a lot of data is read from / written to the database quiet often. Due to the RAID1 this needs to be synchronized to the second hard disk, which is causing the 97% user (access to database) or 97% IO (synchronizing between the hard disks). Is you database optimized (Primary and Foreign Keys set, using Auto-Increment, ...) if not we would recommend to perform the optimizations yourself or contact a specialist for this."

Is it enough to just use Optimize in phpmyadmin?

"Additionally, there are a lot of connections to your webserver.
Maybe you should check if this are normal visitors or if this is a DoS"

I am not currently at home and I dont really know if it is a DoS or not, but I think it might be.

I have ~30 users online all the time, had a plugin that said I have 200 online all the time though, no idea why it shows so much more than analytics but maybe it can see traffic from DoS attack. It didnt get slow until yesterday night so maybe not.

I had a few people complaining about my website also (the kind of content it contains, legal but some think it isn't) and I am also in competition with other websites and I rank on first spot on google so it is both competitors and haters that might want to take down my website.

What am I gonna do if I am being DoS attacked?
 
11 comments
No it is not dos attack , all you need is to optimize your database tables.

I faced the same problem and I just rectifies it by hiring an good coder and asked him to look through the codes and database .

And then he add something to table and then all load went smooth.

All you need is now good coder not an server admin. As you say it is dos attack

Sent from my HTC One X using Tapatalk 2
 
Is it really not a DoS attack?
It was working fine until ~22:00-23:00 yesterday, then the website pretty much instantly died. I am even unable to open phpmyadmin.

Output from running some commands: (I am really noobish at this so I dont really know what things mean)
netstat -an | grep :80 | wc -l
440-580
(it was 444 then I used the command again 5 seconds later and it was 572 all of a sudden)
Isnt this the amount of "users" connected to the website? It is currently completely unavailable and changing from 444 to 572 in ~5 seconds seems very strange. I am not sure if I understand it right but I think so.

netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n
1 established
1 foreign
5 listen
7 fin_wait1
10 time_wait
14 last_ack
120 established
160 close_wait
253 syn recv

netstat -an | grep :80 | sort | uniq -c
I can see ips next to each other like this: (x,y,z = same value on these ips)
x.y.z.87:43335
x.y.z.87:44190
x.y.z.90:46114
x.y.z.90:46344
x.y.z.90:46852
This looks really wierd to me, I am not sure if it is wierd but it looks really wierd.
 
I changed my htaccess file.

order deny,allow
deny from all
allow from my ip

And the command "netstat -an | grep :80 | wc -l" showed 4000-8000 instead of ~400-600.

So the low amount was probably because the server was unable to handle the higher amount. (not even sure 4000-8000 is max or if that is just where it cant handle anymore)

Also I redirected my domain name to my old server, it has a plugin to show how many visits the website have had.
I redirected it to my old website and then redirected it back to the new website, maybe 30 min between I changed.
The plugin on the old website said: 120 visit 21k page views (175 page views / visitor compared to my normal 13-14 / visitor). 21k pageviews in 30-60 min... that is quite a lot.
Normally I have 3000 visitors with 40k page views daily.

I really really think it is DOS attack but I am not sure. Just want to fix it somehow :(
It is so wierd, I think CPU average load was ~1-3 before, and then instantly 30-60 and can't seem to get it down.

I also did:
optimized database in phpmyadmin.
Installed a plugin (wp-optimize) and optimized aswell as deleting old revisions (2100 old revisions).
I also deleted plugins that I don't need that add stuff to the database, decreasing its size and tables. -80% size, -50% tables.

My pages load in <1 second or so when I block everyone else than myself. (in htaccess file)
It is completely unavailable if I let others access it.
It instantly gets unavailable once I stop blocking everyone else. Instantly.

Can it really be that I need to optimize something on the website?
If so, know anyone good to contact and what would it cost?
 
Last edited:
lol.... not legal

I can guess you are webmaster of

either
[SIZE=-1]terrorist
[SIZE=-1]children p[SIZE=-1]*[/SIZE]rn
[SIZE=-1]animal p[SIZE=-1][SIZE=-1]*[/SIZE]rn

[SIZE=-1]there [SIZE=-1]a[SIZE=-1]re few thing ill[SIZE=-1]egal on the [SIZE=-1]internet
[/SIZE][/SIZE][/SIZE][/SIZE][/SIZE][/SIZE][/SIZE][/SIZE][/SIZE]
 
Ok as you dont know what to do better report it to serverpolice. He charge minimum and fix things good.

Sent from my HTC One X using Tapatalk 2
 
I said it is legal, but some think it isnt.

I read that it is illegal to redirect the traffic to another website. (would mean that I would DOS that website, although they would be able to handle it but still attempting to DOS them) Also think it wouldn't help me at all (want to keep my real visitors).

I tried restarting server but it instantly became overloaded again.

I am going to try with serverpolice.
 
Status
Not open for further replies.
Back
Top