Dear OcUK Linux Gods,
My dedicated server yesterday spiked up to 140k PPS of Unicast traffic. This was presumed to be part of a DDoS attack and the servers port was disabled.
I've been given remote KVM access but am finding it difficult to find the cause. The techs at the hosting company identified a number of shell scripts running and disabled them but won't re-open the port until I have found the cause.
The best way I have to find it is in the apache access_log but it's 6GB and without internet access I've no way of viewing it (Trying to view it over KVM just crashes it understandably).
Is there any common linux attacks I can look for? I can ask the company to sort it but the server is used for none profit purposes and already costs me money so the idea of paying an engineer £30 per hour isn't ideal for me.
Thanks in advance to anybody with any ideas.
My dedicated server yesterday spiked up to 140k PPS of Unicast traffic. This was presumed to be part of a DDoS attack and the servers port was disabled.
I've been given remote KVM access but am finding it difficult to find the cause. The techs at the hosting company identified a number of shell scripts running and disabled them but won't re-open the port until I have found the cause.
The best way I have to find it is in the apache access_log but it's 6GB and without internet access I've no way of viewing it (Trying to view it over KVM just crashes it understandably).
Is there any common linux attacks I can look for? I can ask the company to sort it but the server is used for none profit purposes and already costs me money so the idea of paying an engineer £30 per hour isn't ideal for me.
Thanks in advance to anybody with any ideas.
. Thanks guys, I knew you were right!