Is Apache is experiencing a DDoS attack?
Posted by Cătălin on Fri, 10 Mar 2023
How can I tell if Apache is experiencing a DDoS (Distributed Denial-of-Service) attack?
If Apache is experiencing a DDoS attack, you may notice that your server's Web sites are timing out when loading. You may also observe errors like these in the Apache error log:
[Wed Aug 05 21:33:21.543968 2020] [mpm_prefork:error] [pid 10431] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Wed Aug 05 21:45:29.942556 2020] [mpm_prefork:error] [pid 13260] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Wed Aug 05 21:50:16.215967 2020] [mpm_prefork:error] [pid 14414] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
You can check whether Apache is experiencing a DDoS attack with this command, which shows the top 10 IP addresses from which Apache is receiving connections:
netstat -an | egrep ":80|:443" | egrep '^tcp' | grep -v LISTEN | awk '{print $5}' | egrep '([0-9]{1,3}\.){3}[0-9]{1,3}' | sed 's/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/' | sort | uniq -c | sort -nr | sed 's/::ffff://' | head
If you notice a large number of connections from an unrecognized IP address or IP address range, Apache is likely experiencing a DDoS attack.
web
Archives
- May 2023 1
- April 2023 1
- March 2023 3
- January 2020 1
- November 2019 1
- September 2019 1
- April 2018 2
- February 2018 1
- January 2018 3
- December 2017 2
- November 2017 2
- October 2017 2
- September 2017 1
- July 2017 2
- June 2017 2
- May 2017 1
- March 2017 2
- February 2017 2
- January 2017 2
- November 2016 1
- October 2016 4
- August 2016 1
- April 2016 1
- June 2015 1
- May 2015 2
- April 2015 1
- December 2014 1
- October 2014 2
- September 2014 1
- July 2014 2
- June 2014 1
- March 2014 1
- February 2014 2
- January 2014 2
- December 2013 2
- October 2013 2
- September 2013 2
- July 2013 2
- June 2013 1
- March 2013 1
- February 2013 3
- January 2013 1
- December 2012 1
- November 2012 1
- September 2012 1
- August 2012 2
- April 2012 1
- August 2011 2
- July 2011 2
- January 2011 1
- October 2010 5
- August 2010 2
- July 2010 3
- May 2010 1
- April 2010 5
- March 2010 3
- February 2010 2