Firewall

How to find IP Address that Launch DDOS Attack

If your VPS or server load suddenly increases much higher than normal, it could be a DDOS attack.

To find out which IPs did that do the following,

Option 1 :- If you know which domain is attacked. SSH to your server & issue the following command. Make sure you replace “DOMAIN” with your domain name. If you are using cPanel/WHM and the domain is not the primary domain, normally it will be the sub domain of the primary domain.

less /usr/local/apache/domlogs/DOMAIN | awk '{print $1}' | sort | uniq -c | sort -n

Option 2 :- If you don’t know which domain is attacked. SSH to your server & issue the following command. Option 1 if preferable especially if your server is very busy has many domain. It will take quite sometimes to process the log file. You can check by issuing “top -c” command to find out which domain consume the most resources.

less /usr/local/apache/logs/access_log | awk '{print $1}' | sort | uniq -c | sort -n

Both of the option will give the ip and number of connections in the descending order. For example:

.....
.....
.....
.....
17843 56.51.155.156
19234 66.156.66.266
234578 156.56.16.76

In the above case we can see too many connections from those ips and it is abnormal. You can block these ips in the firewall such as ConfigServer Firewall (“csf”).


Fix “PHP Warning: fsockopen() ” Error in Opencart in cPanel & CSF

If you are using Opencart on a VPS or dedicated server and you have cPanel/WHM with Configserver Firewall (CSF) installed, you may encounter a problem when sending email.

If you check error log, you may see the similar error.

PHP Warning: fsockopen()  [function.fsockopen'>function.fsockopen]: unable to connect to ssl://smtp.gmail.com:465 (Connection timed out) in /home/XXXX/public_html/www.example.com/system/library/mail.php on line 153

You may try the following fix.

1. Logon to WHM & browse to ConfigServer Security & Firewall page.

2. Click on “Firewall Configuration” button

3. Find “SMTP_ALLOWUSER” option.

4. In the field add your cPanel username. If the is multiple username use comma to separate.

5. Click “Change” and Restart Configserver Firewall

This guide may fix other program such as Interspire Email Marketer as well.