We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Am I under attack and how to prevent | Forum

Topic location: Forum home » Support » General Questions
Dan Peter
Dan Peter Aug 17 '14
Hi all,


I know I should have read/google before asking but it is kinda urgent, allow me to ask now (i did many security crash course but have not found any solution while the day is about to end)


- My site on VPS usually have 3-7 concurrent online user, which consume around 10% CPU and 15% RAM (2GB total). Today, there were more users registered and being online all of a sudden. RAM go up to 100% all the time. And I found out that there are around 30 httpd processes , each one taking 3% RAM 


- Side note: I made 2 changes to the app recently: switch from php5.4 to php5.5, install a plugin then uninstall.


- I have quite some "adversary website" who I think is willing to attack my site...


My watch dog status:


Prevented spammers today - none 


IPs in database -355107

Emails in database- 902832

last updated-Yesterday, 01:04


I don't quite get it and what action to take....


I am a very newbie webmaster , please help me  (10+ y exp. as developer so I have some base knowledge on IT stuff.)


Thank 



The Forum post is edited by Dan Peter Aug 17 '14
#1
Peatech LLC
Peatech LLC Aug 17 '14
Hello Dan,


Doesn't sound like an attack, exactly. How many users were registered when you got your stats, and were the users being online ones that had been registered for at least over 1 week? Please keep in mind that Oxwall is a highly victimized software of spam bots/spam harvesters. There are scripts by services like "sickmarketing" that instantly target websites with the Powered by Oxwall logo/link and more and make multiple fake accounts, stay online (the bots never sign out), etc. Add a possible chance of spam effecting your site with the fact you just performed a PHP update and some FTP transmissions (for the plugin), I could see why server usages was at it's cap. (Also yes, even with spam prevention plugins in, some spam bots can still make accounts).

So,


-Oxwall core script constantly running and running plugin inits all the time = a good amount of usage on the entire server.

-Active users (no matter how many) and depending on if you're using CRON-heavy and jQuery/AJAX-heavy functions/plugins, this = another good amount of RAM and even some I/O.

-Possible spam accounts signing up, causing more requests to be sent causing the script to work more = more I/O, RAM, and Disk space being taken up when the other factors are given. 


That's just my theory/take on the situation. I can't really see this as an "attack." If someone wanted to make your server go offline, they'd simply perform a DDoS to your server IP and be successful.


Goodluck,

~Jake

Head of Developments

www.ewtnet.us 

#2
ross Team
ross Aug 18 '14
read this post please: http://www.oxwall.org/forum/topic/11284
#3
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software