bu saldırı mı?

sunucuda server load 1'in altında gözüküyor fakat siteler yavaş açılıyor bazen açılmıyor, arasıra apache kapanıyor. bunun sebebi ne olabilir? saldırı olup olmadığını nasıl anlayabilirim yada görebilirim?

hat saldırısı olabilir bu tür saldırılarda hedef sunucu bağlantısıdır ve cpu ram değerlerinde yükselme olmaz bunu anlamak için dc niz izin veriyorsa mrtg raporları incelenmelidir

sanırım saldırı değil, ram kullanımı artıyor sonra apache bi gidip geliyor :S

service httpd status ?

Apache Server Status for server.webarsiv.com

Server Version: Apache/1.3.39 (Unix) PHP/4.4.7 mod_log_bytes/1.2
mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635
mod_ssl/2.8.30 OpenSSL/0.9.7a
Server Built: Jan 1 2008 22:43:50
__________________________________________________ _______________

Current Time: Saturday, 05-Jan-2008 20:32:32 EET
Restart Time: Saturday, 05-Jan-2008 20:26:52 EET
Parent Server Generation: 0
Server uptime: 5 minutes 40 seconds
Total accesses: 1020 - Total Traffic: 1.6 MB
CPU Usage: u7.33 s.49 cu0 cs0 - 2.3% CPU load
3 requests/sec - 4963 B/second - 1654 B/request
150 requests currently being processed, 0 idle servers
RRKKRKRRKRKKWWRRRRRKRRRRRKKKRKRKKRRKRRRKKRWKRRKRRR RKRKRKRRRKRKWK
KKKRKRRRRKKKRRKRKWKKWRKRRRKKWRKKKKKKRRRKRRKRKRKRRR RKKWKKKKRKKRRK
KKRKRRKRKRRRRKRRKRKKKK............................ ..............
.................................................. ..............

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"L" Logging, "G" Gracefully finishing, "." Open slot with no current process



bir de bu uyarı nedir

[Sat Jan 5 20:47:43 2008] [warn] NameVirtualHost ipAdresi:80 has no VirtualHosts

netstat -n | grep SYN_RECV

sonucu kopyalarmısın

tcp 0 0 72.36.165.154:80 88.242.33.141:49441 SYN_RECV
tcp 0 0 72.36.165.154:80 82.236.72.192:1489 SYN_RECV

saldırıya pek benzemiyor. httpd ye restart atıp bir rahatlat bakalım devam edicekmi. bide top çekip shift m yapıp kim ne kadar ram yiyor izle bakalım.

4056 root 16 0 0 0:08.16 3.0 87756 61m 812 S clamd
3415 mysql 15 0 30 306:55.71 1.4 161m 29m 2536 S mysqld
24184 root 16 0 0 0:00.16 0.9 27792 18m 1472 S spamd
9988 nobody 16 0 0 0:26.42 0.9 30520 17m 3160 S httpd
4530 root 16 0 0 0:03.85 0.9 27908 17m 1400 S spamd
9956 nobody 15 0 0 0:31.64 0.9 30000 17m 3184 S httpd
9985 nobody 15 0 0 0:33.72 0.9 29896 17m 3220 S httpd
9970 nobody 16 0 0 0:25.00 0.9 29912 17m 3184 S httpd
9981 nobody 15 0 0 0:35.75 0.9 29920 17m 3180 S httpd
9984 nobody 16 0 0 0:39.13 0.9 29800 17m 3228 S httpd
9996 nobody 15 0 0 0:25.75 0.9 29704 17m 3264 S httpd
10001 nobody 16 0 12 0:30.60 0.9 29720 17m 3268 S httpd
9986 nobody 15 0 0 0:27.18 0.9 29740 17m 3196 S httpd
9969 nobody 16 0 0 0:28.70 0.9 29672 17m 3260 S httpd
10006 nobody 16 0 0 0:30.74 0.9 29772 17m 3144 S httpd
9999 nobody 15 0 0 0:28.76 0.9 29824 17m 3124 S httpd
10000 nobody 15 0 0 0:30.82 0.8 29656 17m 3208 S httpd
9997 nobody 16 0 0 0:27.98 0.8 29796 17m 3124 S httpd
9982 nobody 15 0 0 0:21.72 0.8 29612 17m 3216 S httpd
9993 nobody 15 0 0 0:25.80 0.8 29748 17m 3116 S httpd
9957 nobody 16 0 0 0:22.21 0.8 29576 16m 3180 S httpd
9978 nobody 16 0 0 0:32.55 0.8 29496 16m 3184 S httpd
9958 nobody 16 0 0 0:29.34 0.8 29532 16m 3192 S httpd
9976 nobody 16 0 0 0:37.77 0.8 29564 16m 3152 S httpd
9977 nobody 15 0 0 0:30.46 0.8 29396 16m 3240 S httpd
9992 nobody 15 0 0 0:31.58 0.8 29444 16m 3184 S httpd
9987 nobody 16 0 0 0:23.12 0.8 29328 16m 3268 S httpd
10018 nobody 16 0 0 0:31.36 0.8 29368 16m 3160 S httpd
9959 nobody 15 0 0 0:36.66 0.8 29240 16m 3136 S httpd
9991 nobody 15 0 0 0:35.89 0.8 29116 16m 3248 S httpd
10005 nobody 15 0 0 0:25.96 0.8 29204 16m 3136 S httpd