My IP Dos Attack my own website!!! Need help!!!
I've got I really strange problem with my website.
I've changed host in december. I have upgrade to a much larger server (from shared to a big VPS package).
Since then, I've got strange server load peak. My site is running really fast for about 5/10 minutes... and than, a sudden high server load happen for about 1 minutes. In this period of time (1 minute), my server load will look something like this:
Example: 0.40 - 1.50 - 3.00 - 5.35 - 4.20 - 3.50 - 1.27 - 0.60...
So my website is normally fast... but within 1 minute... it will slow down... and then come back to normal.
This not seems related to the number of people on my website (90% of my website activity is related to vbulletin, so I can easily watch number of user on my site) or peak time. This happen at random time.
1 - First I tought that what a problem of optimization. I've post an server optimization request on vbulletin.com:
vbulletin.com/forum/showthread.php?t=171740
(If you follow this link, you can see my server configuration)
I followed these instructions... but the problem was still there.
2- After that, I've found that the netstat command was showing a lot of connections when the problems arise.
By example, normal numbers of connections is 40 to 100.
I've been monitoring netstat for some time... and i have found that number of connections have go up to 254, 352, 576, 800 and even 1028!!!!!
Example: root@nation [~]# netstat -nap | grep :80 | wc -l
496
So, conclusion: my website is victim of an DoS attack!!!
3- My webhost have installed Antidos + APF Firewall. My server load come back to normal as the number of banned IP go up. But then... I have see that my own IP was ban (my IP's at home and at work). My staff members have also been banned!!!!
oooohhh... that's not great....
4- So, I have monitor my own computer connections(cmd.exe netstat). When I browse the net... no problem...
Then... I access my website: 2/3 connections are open. I reload the page... 15/20 connections are open to my website. I browse to my forum... 40/50 connections!!! And it continues to go up!!!
Look at this:
img397.imageshack.us/my.php?image=lotofip7md.jpg
The more I browse... the more connections are openned!!!!
Imagine... the more peaople browse in my site... more connections are oppened and make my CPU go crazy!!!
This only happen with with my website. This happen whatever page I browse: on my forum and other pages (with other scripts).
I'm really lost now...
How can this be possible!!!???!!! What is happening???
Any advise is welcome!!!
