[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RAQ3: FTP Log and CPU going nuts (SYN Flood I think)

Where is the FTP log for the main site (site1) on a RAQ3?

I have anonymous ftp attempts to the server from dusk till dawn and everywhere in between - here are a few logfile records:

Mar  9 20:45:02 ns proftpd[23931]: ns.webyourbusiness.com (localhost[127.0.0.1]) - no such user 'anonymous' 
Mar  9 20:45:02 ns proftpd[23931]: ns.webyourbusiness.com (localhost[127.0.0.1]) - no such user 'anonymous' 
Mar  9 20:45:02 ns proftpd[23931]: ns.webyourbusiness.com (localhost[127.0.0.1]) - FTP session closed. 


On the RAQ4s, I get the IP attempting this, so I can chase up the ISP of the idiot attempting this - I don't get it on the RAQ3, but I'm guessing it will be hidden away in some logfile SOMEWHERE - a pointer is all I require here - thanks in advance...

Second problem - at about 1PM MST, or 3 PM EST EVERY DAY for the last 5 days, I'm getting warning that the CPU is going nuts (heavily loaded) - by the time we are able to log back on, I can't find anything, and the logfiles aren't showing anything crazy as far as I can see - ie, messages contains nothing - kernel appears to have SYN FLOOD activity, which I can only assume is the cause:

Mar  7 15:00:47 ns kernel: possible SYN flooding on port 80. Sending cookies.
Mar  7 15:01:49 ns kernel: possible SYN flooding on port 80. Sending cookies.
Mar  7 15:04:05 ns last message repeated 2 times
Mar  7 15:05:11 ns kernel: possible SYN flooding on port 80. Sending cookies.
Mar  7 15:07:31 ns kernel: possible SYN flooding on port 80. Sending cookies.
Mar  7 15:09:04 ns kernel: possible SYN flooding on port 80. Sending cookies.


What is the most effective way to block/remove this SYN FLOOD problem?

tia again

regards

Greg
-- 
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158