troubleshooting Question

Help with probable hacking/flooding attempts on a big site

Avatar of sven2012
sven2012Flag for Afghanistan asked on
PerlApache Web ServerScripting Languages
30 Comments1 Solution687 ViewsLast Modified:
Ok, since a couple of weeks/months I have a serious issue which I cannot resolve on my own, despite the skills I have in this segment:

I have a medium sized filehosting site with clients mostly from europe.
the software is written in perl, hosted on an apache2 webserver with mysql (each on one server)

for a couple of weeks I get serverloads of 200-700 since I have connections from all over the world (zimbabwe, china, thailand, brazil etc.) where I definitly not have customers.
it seems that those connections are increasing the load dramaticly.
weare not talking about a floodding or DDOS but some kind of other attack.
when I ban those IPs (I have a Cisco Firewall) the load goes to normal again, but then new connections from new weird countries are made.
so I blocked a couple of contries with the firewall, but basicly I could block the whole world since new weird connections from new countires are made continuesly.

we are talking about 80-200 connections at time, not more, seen with this:

netstat -anp |grep 'tcp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

the main server is a dual quadcore with SSD harddrives and 24 GB ram, the databse server is the same, linked to each other by cable.
OS is Ubuntu.

I would be gratefull if anyone could give me some hints what to do in order to trace those connections are se where the security whole is, since probably is there is one.
or might it be a bot-attack of someone?!
ASKER CERTIFIED SOLUTION
ahoffmann

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 30 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 30 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros