Skip to main content


DoS against Webserver


!Nerdica Forum

I don't know why, but the webserver seems to be under attack the last days. At least there was way too much load on the webserver caused by connections in "sending" state:

Total accesses: 1080 - Total Traffic: 11.5 MB - Total Duration: 222445988
CPU Usage: u6.3 s.84 cu8.99 cs1.45 - 3.12% CPU load
1.92 requests/sec - 20.9 kB/second - 10.9 kB/request - 205969 ms/request
195 requests currently being processed, 5 idle workers

WRCWWWWWCRCCWWRRWRWRCWCRWWWWWWWWWRCRWWRRWWWWWWWCWWWWWWWWWRCWRCWR
RWRWCCWWWCWWWWWWWWWRWWRWWWWCWWWWWWWWWWWWWCRRWWWWWCWWWCRWWRWWWWWW
WWWWCWRCWWWCWWWWWWWWCWWWWWRWWWWWWWRWWRCRCWWWWWCW.WWCWWWWWRWWRWW.
WRWRWWRWR_WWWRWWWW_RWWWWW__RRRW_W.........................WCWCWW
WRWWWCRWWWWRWWWRWWW.......W.WWCWWWWWWWWWWWWC..WW........W..G.W..
........WW..W.CC.WWWWWWWWWWWWWWWWWWWWWWWWCWWRWWRRWCWRRWWWWWWWWWC
WWWCWRRWRWWWRRWR

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process

The effect was that the webserver and thereof Friendica on Nerdica.net was quite unresponsive, as you can imagine from this screenshot:

I've now activated mod_evasive in Apache configuration and the result is after some minutes already visible:

K__KKW__KK__K__W_R__R____.......................................
.W..............................................................
................................................................
................................................................
................................................................
................................................................
................

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
2019 Aug 31 11:13:02 vserv1 Blacklisting address 2001:b011:700e:102f:c55f:352b:4274:a089: possible DoS attack. 2019 Aug 31 11:14:29 vserv1 Blacklisting address 46.167.239.181: possible DoS attack. 2019 Aug 31 11:15:05 vserv1 Blacklisting address 165.22.204.42: possible DoS attack. 2019 Aug 31 11:15:07 vserv1 Blacklisting address 134.119.20.10: possible DoS attack. 2019 Aug 31 11:15:55 vserv1 Blacklisting address 89.245.203.182: possible DoS attack.

So, hopefully the issue is now resolved. But if you experience issues because of mod_evasive, then please send me a mail to the same address as my Nerdica address... (or via XMPP).