some script based attack

Hello, its been 4 months now since i'm having this problem and its still the same, no one could help so far, the problem was i had this site running in phpnuke and one day suddenly i saw too many visitors on site it was unusual, then server started taking too much load and lots of apache and mysql processes, i had to shut it down, as i was not an expert in unix i tried different things, banning all those ip's installing dos module for apache but nothing worked, i tried changing hosting to 5 different places but all the hosts suspended it coz it was taking too much load during those attacks, most of them considered it as ddos attack.

Then i got this new dedicated server from ev1, p4 2.4 ghz with 1 gig of ram, setup the site on new server but again it was same, and i've found out its not dos or ddos as these attacks arent conusming any bandwidth, the thing i could understand was, its some kind of script attack, someone is using a script which loads a large number of proxy list, and send database query to the site from thousands of IP's at a time and it causes mysql and apache to take too much load on server, it gets fine when i suspend that specific site, i tried putting a simple index.php without any database relation the attack doesnt work.

I have a friend his site is hosted on some norwegian server, he was having the same attack problem, its also on phpnuke, but it actually didnt affect their server, he was having 1200 visitors at a time but it didnt even slow down a little. now thats weird for me, is there any specific settings for mysql or apache which could prevent against these attacks ? i really need help here as i dont have any clue what to do to stop those attacks and run my site.

i'm pasting my /etc/my.cnf here and i can paste the httpd.conf if someone is interested.


[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

max_connections = 500
key_buffer = 16M
myisam_sort_buffer_size = 64M
join_buffer_size = 2M
read_buffer_size = 2M
sort_buffer_size = 3M
table_cache = 1500
thread_cache_size = 128
wait_timeout = 14400
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 32M
query_cache_type = 1
skip-innodb



[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid


[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M

I would be reallly greatfull if someone could help me regarding this issue

Thanks

 

 

 

 

Top