Why still they can attack my SERVER?

[Trishia]

Hello guys.
Why still they can attack my Server?

I have already anti DDoS.
but they can destroy my Site / HTTP Server / WAMP ..
Players from my server cannot visit the website,

I need to stop my WAMP and start again,
but in just small time, they can destroy again (WAMP / my website).

It is like shutting down my WAMP Server / HTTP Server.
I need to stop it or to shut it down and to start again,
but still in just short minutes, they can destroy it.

HELP ME PLS.
HOW CAN I SOLVE THIS?

This is the ERROR LOG I have read

[Fri Aug 12 08:52:30 2011] [notice] Child 2064: Child process is running
[Fri Aug 12 08:52:30 2011] [notice] Child 2064: Acquired the start mutex.
[Fri Aug 12 08:52:30 2011] [notice] Child 2064: Starting 64 worker threads.
[Fri Aug 12 08:52:30 2011] [notice] Child 2064: Starting thread to listen on port 80.
[Fri Aug 12 08:54:05 2011] [warn] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
[Fri Aug 12 08:59:06 2011] [error] [client 216.157.83.121] request failed: error reading the headers
[Fri Aug 12 08:59:06 2011] [error] [client 216.157.83.121] request failed: error reading the headers
[Fri Aug 12 08:59:06 2011] [error] [client 216.157.83.121] request failed: error reading the headers

Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
Seems like this IP Address is the attacker: 216.157.83.121

[MentaL]

[Chubby7]

Which anti ddos youre using?

[Trishia]

Which anti ddos youre using?

They cannot PING my IP Address nor to do DDoS Attack.
But still they can visit my website PORT 80.
But on DDoS Attack, they failed.

But they can still attack my server using my Apache/WAMP.
Help me if you know pls.
Because after just a few minutes,
my Website cannot see by visitors,
I need to stop my Apache/WAMP and to start again.
But still, in just few minutes, my Website cannot see by visitors.

Help me pls.
Don't mind on my ANTI-DDOS because it is 100% working.

My only problem is my website.

I am using Windows Server 2003 (VPS)

[lolkiller]

They cannot PING my IP Address nor to do DDoS Attack.
But still they can visit my website PORT 80.
But on DDoS Attack, they failed.

But they can still attack my server using my Apache/WAMP.
Help me if you know pls.
Because after just a few minutes,
my Website cannot see by visitors,
I need to stop my Apache/WAMP and to start again.
But still, in just few minutes, my Website cannot see by visitors.

Help me pls.
Don't mind on my ANTI-DDOS because it is 100% working.

My only problem is my website.

I am using Windows Server 2003 (VPS)

Posted via Mobile Device

---------- Post added at 01:25 PM ---------- Previous post was at 01:24 PM ----------

Use a ip blocker an block the ip newblets problay use there own ip to ddos people or ask your vps company to solve those ddos attacks because they maybe have a hardware firewall en thats the only thing that can protect against a ddos attack
Posted via Mobile Device

[SecretsOThePast]

Had this issue a bit ago.

Ended up being this setting in httpd.conf:

Code:

KeepAliveTimeout (seconds)

Yes, it's someone attacking your server. Just change that setting to 0. What happens is it creates another thread every time a connection is kept alive, up to 15 seconds. By making threads last 0 seconds, they get cleaned up as soon as the connection is finished. The only thing you may encounter is less than optimal speed on pages with multiple images, but on most modern connections it shouldn't matter.

Also, try and keep as much as possible separate from the register page and other web services, this will balance the load on your web services. Web hosting isn't that expensive now a days, anyway...

[lolkiller]

Had this issue a bit ago.

Ended up being this setting in httpd.conf:

Code:

KeepAliveTimeout (seconds)

Yes, it's someone attacking your server. Just change that setting to 0. What happens is it creates another thread every time a connection is kept alive, up to 15 seconds. By making threads last 0 seconds, they get cleaned up as soon as the connection is finished. The only thing you may encounter is less than optimal speed on pages with multiple images, but on most modern connections it shouldn't matter.

Also, try and keep as much as possible separate from the register page and other web services, this will balance the load on your web services. Web hosting isn't that expensive now a days, anyway...

That doesnt gonna help to stop the attacks if they have a good ddosser every edit in apache wont help it still gonna die

[SecretsOThePast]

That doesnt gonna help to stop the attacks if they have a good ddosser every edit in apache wont help it still gonna die

If they have a good enough DDOS'er, they can take down your gunz server by flooding it especially if you have no DDOS protection.

This isn't the case here, it's exploiting apache's keepalive system w/ threads, not DoS attacking, it's sending http requests over and over and never completing them fully. If you want to call that "DoSing", fine, but it's far from DDOSing and easily fixable.

I had the same issue on an unrelated to gunz project, for the record, and it was solved by disabling the keepalive timeout.

Also, this:

Code:

[Fri Aug 12 08:54:05 2011] [warn] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting

means it's running out of threads to serve requests. Do you not seem to understand that it is running out of threads due to keepalive holding them for 15 seconds each http request? By disabling the thread keepalive, you instantly free up connections when the transaction is over. This means that the max amount of threads (see: MaxKeepAliveRequests defaulting to 100, Each connection is a thread) is being taken up, and apache will refuse all new connections because of that.

[lolkiller]

If they have a good enough DDOS'er, they can take down your gunz server by flooding it especially if you have no DDOS protection.

This isn't the case here, it's exploiting apache's keepalive system w/ threads, not DoS attacking, it's sending http requests over and over and never completing them fully. If you want to call that "DoSing", fine, but it's far from DDOSing and easily fixable.

I had the same issue on an unrelated to gunz project, for the record, and it was solved by disabling the keepalive timeout.

Also, this:

Code:

[Fri Aug 12 08:54:05 2011] [warn] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting

means it's running out of threads to serve requests. Do you not seem to understand that it is running out of threads due to keepalive holding them for 15 seconds each http request? By disabling the thread keepalive, you instantly free up connections when the transaction is over. This means that the max amount of threads (see: MaxKeepAliveRequests defaulting to 100, Each connection is a thread) is being taken up, and apache will refuse all new connections because of that.

I still stay at my opinion but i only care about this guy and not really about what your saying and simple Dos attack Requests the website for threaths and if the server cant handle it,it crashes
you can max it up how many you want it still will let apache run slow because of that the simple solution is to ip block the person and your done

[Dawson]

You're an idiot, do you even know what threads are, and how Apache calls threads/handles them in it's core? In addition, by blocking his IP address you never addressed the exploit, it still exists. If he has a dynamic IP address or teaches others how to pull of the exploit then what? Are you going to block each one and never fix the problem? Of course not.

Let me explain how this works.

Client Request -> Apache -> Creates Thread for processing -> Sends data -> Closes Thread.

That's the normal way, but this guy is doing...

Client Request Malformed -> Apache -> Threads and threads trying to process what the client wants -> Sends -> Dies.

Just too many threads since he keeps sending malformed or incomplete requests. Please understand how networking works before you try and sound smart

[Trishia]

You're an idiot, do you even know what threads are, and how Apache calls threads/handles them in it's core? In addition, by blocking his IP address you never addressed the exploit, it still exists. If he has a dynamic IP address or teaches others how to pull of the exploit then what? Are you going to block each one and never fix the problem? Of course not.

Let me explain how this works.

Client Request -> Apache -> Creates Thread for processing -> Sends data -> Closes Thread.

That's the normal way, but this guy is doing...

Client Request Malformed -> Apache -> Threads and threads trying to process what the client wants -> Sends -> Dies.

Just too many threads since he keeps sending malformed or incomplete requests. Please understand how networking works before you try and sound smart

How can I fix my problem?
I don't know what to do.
please help me.

[SecretsOThePast]

How can I fix my problem?
I don't know what to do.
please help me.

I just told you a few posts up ago.

Originally Posted by SecretsOThePast View Post
Had this issue a bit ago.

Ended up being this setting in httpd.conf:

Code:

KeepAliveTimeout (seconds)

Yes, it's someone attacking your server. Just change that setting to 0. What happens is it creates another thread every time a connection is kept alive, up to 15 seconds. By making threads last 0 seconds, they get cleaned up as soon as the connection is finished. The only thing you may encounter is less than optimal speed on pages with multiple images, but on most modern connections it shouldn't matter.

Also, try and keep as much as possible separate from the register page and other web services, this will balance the load on your web services. Web hosting isn't that expensive now a days, anyway...

[Rotana]

Is it an big server? With lot visits to website? You only can handle 64 requests at once.

[Dave]

There are certain modules for Apache to stop a DoS.
You can also try to increase the things above to serve more requests.

[Kruiqne]

Ask you host if they can install Anti-DDoS for you