Kako zaustaviti blagi DOS napad - pomocu PHP-ja?

jutros mi se jedan klijent zalio da ne moze otvoriti svoju stranicu. probam i ja - ne mogu. timed out. dok sam ceprk’o po stranici dobijem jos jedno 50-tak emailova “sta je sa stranicom?”.
kontaktiram hosting kompaniju i oni kazu kako stranica ima ogromnu posjetu i da umjesto 512MB trebam sto prije nabaciti 1GB na svoj virtualni server. ima smisla ali…
medjutim, CIJELI DAN stranica nije bila dostupna. malo prije (4 poslije podne po momvremenu) donloadiram apache access log file (idiot! trebao sam to uraditi jos jutros) i vidim da jedno 20-30 IP adresa se nonstop vrte i otvaraju jednu te istu stranicu (prilog.php). samo tu stranicu. meni to izgleda ko “blagi” DOS napad gdje cilj nije da se srusi server nego da se napravi “zauzetim”.
kontaktirao sam opet hosting kompaniju i oni rekli da ne mogu nista uciniti po tom pitanju - iako su placeni da “manage the server” (ovako znam i ja “manage”).

interesuje me imal kakva solucija da ja kontrolisem, sprijecim, uradim sta bilo po ovom pitanju - koristeci php?

Mozes li jednostavno blokirati te ip adrese ? (mozda kao privremeno rijesenje)

ogranici broj konekcija sa iptables-om http://www.google.ba/search?q=iptables+limit+connections ili napravi skriptu koja na osnovu “izvoda” iz netstat-a blokira adrese sa losim zahtjevima ili adrese koje se ponavljaju previse puta…

ili mozda provjeri situaciju, otvori stranicu i uprati access logove i netstat, da mozda nije sta mjenjano na stranici, da nije ostao neki lose definisani loop ili sl. posto moze i to da bidne laHko

Ako se nastavi i sutra, javi pa ce pomognemo.

ubacio sam IP adrese koje se nacesce pojavljuju u listu baniranih IP adresa ali ih ima jos tona. sad ih je puno vise od 100?!? manuelno ubacivanje nema smisla…

[quote=Bo]ogranici broj konekcija sa iptables-om http://www.google.ba/search?q=iptables+limit+connections ili napravi skriptu koja na osnovu “izvoda” iz netstat-a blokira adrese sa losim zahtjevima ili adrese koje se ponavljaju previse puta…

ili mozda provjeri situaciju, otvori stranicu i uprati access logove i netstat, da mozda nije sta mjenjano na stranici, da nije ostao neki lose definisani loop ili sl. posto moze i to da bidne laHko

Ako se nastavi i sutra, javi pa ce pomognemo.[/quote]
to je nesto sto ja ne znam raditi. ceprkam po WHM/cPanel-u, nesto sto razumijem sta radim.

medjutim, moja stranica js uvijek nije dostupna. restartovao sam apache, reboot sam cijeli server nadaju ci se da cu otkaciti napdaca ali nista. opet je “preuzeo” web stranicu.

mozes postaviti output netstat -tuna|grep “:80” i zadnjih 100 linija iz access.log (tail -100 /var/log/apache2/… ) za tu stranicu ?

-bash-3.2# netstat -tuna|grep “:80”
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 67.208.112.68:80 125.25.145.92:28253 SYN_RECV
tcp 0 0 67.208.112.68:80 222.166.160.40:42934 SYN_RECV
tcp 0 0 67.208.112.68:80 121.184.73.149:2314 SYN_RECV
tcp 0 0 67.208.112.68:80 189.182.189.163:2365 SYN_RECV
tcp 0 0 67.208.112.68:80 201.240.83.42:13704 SYN_RECV
tcp 0 0 67.208.112.68:80 121.243.32.243:55855 SYN_RECV
tcp 0 0 67.208.112.68:80 122.167.95.227:13186 SYN_RECV
tcp 0 0 67.208.112.68:80 200.111.235.19:50999 SYN_RECV
tcp 0 0 67.208.112.68:80 189.152.216.131:58989 SYN_RECV
tcp 0 0 67.208.112.68:80 117.192.169.244:4529 SYN_RECV
tcp 0 0 67.208.112.68:80 117.192.169.244:1254 SYN_RECV
tcp 0 0 67.208.112.68:80 117.199.212.70:3939 SYN_RECV
tcp 0 0 67.208.112.68:80 189.254.209.130:49152 SYN_RECV
tcp 0 0 67.208.112.68:80 41.250.210.117:62322 SYN_RECV
tcp 0 0 67.208.112.68:80 121.1.45.2:4862 SYN_RECV
tcp 0 0 67.208.112.68:80 187.153.104.37:58356 SYN_RECV
tcp 0 0 67.208.112.68:80 117.192.169.244:4447 SYN_RECV
tcp 0 0 67.208.112.68:80 60.51.123.209:3953 SYN_RECV
tcp 0 0 67.208.112.68:80 62.150.135.13:1915 SYN_RECV
tcp 0 0 67.208.112.68:80 124.13.152.115:1689 SYN_RECV
tcp 0 0 67.208.112.68:80 201.240.83.42:13035 SYN_RECV
tcp 0 0 67.208.112.68:80 190.142.68.66:3322 SYN_RECV
tcp 0 0 67.208.112.68:80 195.222.43.138:44323 SYN_RECV
tcp 0 0 67.208.112.68:80 190.45.58.70:59475 SYN_RECV
tcp 0 0 67.208.112.68:80 201.144.90.162:44523 SYN_RECV
tcp 0 0 67.208.112.68:80 190.205.244.37:1532 SYN_RECV
tcp 0 0 67.208.112.68:80 79.125.136.247:2466 SYN_RECV
tcp 0 0 67.208.112.68:80 201.240.83.42:11862 SYN_RECV
tcp 0 0 67.208.112.68:80 81.34.58.26:4243 SYN_RECV
tcp 0 0 67.208.112.68:80 213.35.213.238:60729 SYN_RECV
tcp 0 0 67.208.112.68:80 218.248.12.97:7980 SYN_RECV
tcp 0 0 67.208.112.68:80 201.240.83.42:14015 SYN_RECV
tcp 0 0 67.208.112.68:80 124.104.246.34:1316 SYN_RECV
tcp 0 0 67.208.112.68:80 117.192.169.244:4937 SYN_RECV
tcp 0 0 67.208.112.68:80 201.240.83.42:14065 SYN_RECV
tcp 0 0 67.208.112.68:80 41.250.210.117:62395 SYN_RECV
tcp 0 0 67.208.112.68:80 121.243.32.243:55016 SYN_RECV
tcp 0 0 67.208.112.68:80 189.254.209.130:49143 SYN_RECV
tcp 0 0 67.208.112.68:80 122.167.118.42:16890 SYN_RECV
tcp 0 0 67.208.112.68:80 222.166.160.210:14381 SYN_RECV
tcp 0 0 67.208.112.68:80 201.240.83.42:14001 SYN_RECV
tcp 0 0 67.208.112.68:80 118.172.215.22:50223 SYN_RECV
tcp 0 0 67.208.112.68:80 62.150.212.92:53155 SYN_RECV
tcp 0 0 67.208.112.68:80 200.72.132.170:1523 SYN_RECV
tcp 0 0 67.208.112.68:80 62.150.172.46:63182 SYN_RECV
tcp 0 0 67.208.112.68:80 122.168.91.229:2828 SYN_RECV
tcp 0 0 67.208.112.68:80 122.174.100.119:16719 SYN_RECV
tcp 0 0 67.208.112.68:80 189.165.148.247:1342 SYN_RECV
tcp 0 0 67.208.112.68:80 59.164.14.24:13762 SYN_RECV
tcp 0 0 67.208.112.68:80 201.223.65.139:18984 SYN_RECV
tcp 0 0 67.208.112.68:80 41.250.210.117:62324 SYN_RECV
tcp 0 0 67.208.112.68:80 190.160.73.167:4457 SYN_RECV
tcp 0 0 67.208.112.68:80 186.16.93.178:61690 SYN_RECV
tcp 0 0 67.208.112.68:80 222.166.160.87:57167 SYN_RECV
tcp 0 0 67.208.112.68:80 222.166.160.146:47419 SYN_RECV
tcp 0 0 67.208.112.68:80 222.166.160.158:27830 SYN_RECV
tcp 0 0 67.208.112.68:80 41.250.210.117:62300 SYN_RECV
tcp 0 0 67.208.112.68:80 190.234.136.125:12948 SYN_RECV
tcp 0 0 67.208.112.68:80 200.82.146.5:1311 SYN_RECV
tcp 0 0 67.208.112.68:80 189.254.209.130:49133 SYN_RECV
tcp 0 563 67.208.112.68:80 124.122.179.160:2957 LAST_ACK
tcp 198 0 67.208.112.68:80 222.166.160.38:34757 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.171:30792 CLOSE_WAIT
tcp 1 27360 67.208.112.68:80 93.87.246.4:1347 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 203.87.176.202:1997 LAST_ACK
tcp 0 553 67.208.112.68:80 203.87.176.202:1996 LAST_ACK
tcp 683 0 67.208.112.68:80 188.2.72.31:30392 ESTABLISHED
tcp 211 0 67.208.112.68:80 41.250.210.117:62133 CLOSE_WAIT
tcp 0 0 67.208.112.68:80 200.60.183.16:1139 ESTABLISHED
tcp 0 553 67.208.112.68:80 222.166.160.196:20523 LAST_ACK
tcp 0 0 67.208.112.68:80 60.53.64.171:2868 ESTABLISHED
tcp 158 0 67.208.112.68:80 121.242.55.254:3281 CLOSE_WAIT
tcp 0 1 67.208.112.68:80 200.121.139.2:17434 FIN_WAIT1
tcp 0 553 67.208.112.68:80 117.199.212.70:3518 LAST_ACK
tcp 198 0 67.208.112.68:80 189.165.148.247:1331 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.223:26412 FIN_WAIT1
tcp 0 553 67.208.112.68:80 125.166.65.48:2849 LAST_ACK
tcp 0 1 67.208.112.68:80 188.2.72.31:30371 LAST_ACK
tcp 158 0 67.208.112.68:80 120.141.97.137:2962 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 124.125.20.233:4720 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 124.125.20.233:4721 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 124.125.20.233:4722 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.188:26696 LAST_ACK
tcp 158 0 67.208.112.68:80 222.166.160.229:58143 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.126:22405 FIN_WAIT1
tcp 0 553 67.208.112.68:80 190.26.78.104:15553 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.26:21731 LAST_ACK
tcp 0 553 67.208.112.68:80 190.26.78.104:15555 LAST_ACK
tcp 158 0 67.208.112.68:80 60.51.123.209:3937 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 125.166.65.48:3631 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.6:11257 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 123.20.187.105:1026 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 122.177.238.217:2627 LAST_ACK
tcp 0 0 67.208.112.68:80 122.177.238.217:2630 ESTABLISHED
tcp 0 553 67.208.112.68:80 222.166.160.166:34912 FIN_WAIT1
tcp 158 0 67.208.112.68:80 201.246.40.175:3248 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 123.20.187.105:1028 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 59.177.34.46:15731 CLOSE_WAIT
tcp 0 1 67.208.112.68:80 188.2.72.31:30362 LAST_ACK
tcp 158 0 67.208.112.68:80 60.51.123.209:3921 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 59.177.34.46:15732 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.85:41114 LAST_ACK
tcp 0 553 67.208.112.68:80 125.166.65.48:1566 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.182:13433 LAST_ACK
tcp 0 1 67.208.112.68:80 121.245.216.233:3854 FIN_WAIT1
tcp 0 553 67.208.112.68:80 222.166.160.65:52108 LAST_ACK
tcp 158 0 67.208.112.68:80 222.166.160.235:18726 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.217:24331 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 201.243.96.121:1342 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.205:11806 LAST_ACK
tcp 0 0 67.208.112.68:80 121.245.216.233:3861 ESTABLISHED
tcp 158 0 67.208.112.68:80 222.166.160.169:10110 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 125.166.65.48:4362 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.189:55397 LAST_ACK
tcp 158 0 67.208.112.68:80 201.246.40.175:3247 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 122.167.146.227:2318 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 125.166.65.48:4366 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 122.167.146.227:2316 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.253:27743 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 125.166.65.48:2930 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.92:49663 FIN_WAIT1
tcp 198 0 67.208.112.68:80 117.241.177.170:1867 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.1:27813 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 125.166.65.48:2932 LAST_ACK
tcp 0 553 67.208.112.68:80 83.34.25.238:3193 FIN_WAIT1
tcp 158 0 67.208.112.68:80 186.14.40.46:2468 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.200.13.11:1376 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.135:24623 FIN_WAIT1
tcp 0 553 67.208.112.68:80 118.101.134.67:44297 LAST_ACK
tcp 0 1 67.208.112.68:80 122.177.238.217:2604 FIN_WAIT1
tcp 0 553 67.208.112.68:80 117.199.212.70:3297 LAST_ACK
tcp 0 553 67.208.112.68:80 190.39.204.240:5807 LAST_ACK
tcp 0 553 67.208.112.68:80 85.61.10.5:3972 LAST_ACK
tcp 0 553 67.208.112.68:80 186.104.83.74:4551 LAST_ACK
tcp 158 0 67.208.112.68:80 122.163.18.37:1315 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 190.78.252.252:1785 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 122.167.44.141:3254 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 210.48.144.60:2092 LAST_ACK
tcp 0 553 67.208.112.68:80 210.48.144.60:2093 LAST_ACK
tcp 158 0 67.208.112.68:80 125.62.209.124:1313 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.236:53334 FIN_WAIT1
tcp 198 0 67.208.112.68:80 59.164.9.138:1689 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 59.164.9.138:1688 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 201.211.101.140:3461 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.82.6.212:11065 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.75.249.39:1582 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 79.125.136.247:2438 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.228:62567 FIN_WAIT1
tcp 198 0 67.208.112.68:80 200.67.42.212:25659 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 200.67.42.212:25658 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 190.79.98.162:26895 LAST_ACK
tcp 211 0 67.208.112.68:80 122.174.101.79:4357 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 59.182.85.90:15413 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 186.104.83.74:4605 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 190.232.215.85:28135 LAST_ACK
tcp 158 0 67.208.112.68:80 222.166.160.119:27900 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.207:21572 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 59.162.252.110:4286 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 125.166.65.48:4959 LAST_ACK
tcp 158 0 67.208.112.68:80 122.163.158.2:1974 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 125.60.237.218:2177 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 190.186.81.115:2579 LAST_ACK
tcp 0 553 67.208.112.68:80 123.237.81.162:2697 LAST_ACK
tcp 158 0 67.208.112.68:80 222.166.160.181:45091 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 59.164.101.17:14912 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 201.223.141.55:3060 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 201.223.141.55:3063 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 201.223.141.55:3062 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 201.223.141.55:3065 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 201.223.141.55:3064 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 190.79.98.162:26901 LAST_ACK
tcp 158 0 67.208.112.68:80 222.166.160.164:20792 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.82:58929 FIN_WAIT1
tcp 0 553 67.208.112.68:80 222.166.160.109:52749 FIN_WAIT1
tcp 0 553 67.208.112.68:80 222.166.160.65:52512 LAST_ACK
tcp 0 553 67.208.112.68:80 125.166.65.48:3504 LAST_ACK
tcp 198 0 67.208.112.68:80 200.44.124.106:1883 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 186.14.48.188:3297 CLOSE_WAIT
tcp 0 0 67.208.112.68:80 121.243.32.243:55619 ESTABLISHED
tcp 158 0 67.208.112.68:80 222.166.160.175:60357 CLOSE_WAIT
tcp 0 563 67.208.112.68:80 222.166.160.77:61729 LAST_ACK
tcp 158 0 67.208.112.68:80 222.166.160.11:41830 CLOSE_WAIT
tcp 0 0 67.208.112.68:80 121.243.32.243:55892 ESTABLISHED
tcp 0 1 67.208.112.68:80 121.243.32.243:55637 FIN_WAIT1
tcp 0 1 67.208.112.68:80 118.95.13.236:8907 FIN_WAIT1
tcp 0 0 67.208.112.68:80 121.245.216.233:3762 ESTABLISHED
tcp 211 0 67.208.112.68:80 190.72.47.242:2533 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 115.240.186.44:2838 LAST_ACK
tcp 211 0 67.208.112.68:80 190.72.47.242:2532 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.72.47.242:2534 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 60.49.66.198:29894 LAST_ACK
tcp 0 0 67.208.112.68:80 123.201.51.39:53410 TIME_WAIT
tcp 0 553 67.208.112.68:80 200.111.63.122:62803 LAST_ACK
tcp 198 0 67.208.112.68:80 122.162.80.230:1107 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.200.24.247:2151 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 200.35.232.214:19293 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.200.24.247:2150 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.47:10856 FIN_WAIT1
tcp 0 553 67.208.112.68:80 60.48.252.179:2366 LAST_ACK
tcp 158 0 67.208.112.68:80 200.35.232.214:19294 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.200.24.247:2153 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 190.200.24.247:2152 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 118.95.13.41:3379 LAST_ACK
tcp 198 0 67.208.112.68:80 123.201.7.11:2956 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.19:61504 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.162:62193 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.201:15262 FIN_WAIT1
tcp 211 0 67.208.112.68:80 119.82.95.157:62668 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 118.95.13.236:8930 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 117.195.229.78:3125 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.197:30621 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.140:31700 FIN_WAIT1
tcp 0 1 67.208.112.68:80 121.245.216.233:3738 FIN_WAIT1
tcp 211 0 67.208.112.68:80 118.95.13.236:8929 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.12:52816 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 117.199.212.70:3187 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.69:22628 FIN_WAIT1
tcp 198 0 67.208.112.68:80 117.199.212.70:3445 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 121.245.216.233:3816 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.4:21036 LAST_ACK
tcp 158 0 67.208.112.68:80 117.193.147.62:1346 CLOSE_WAIT
tcp 0 8214 67.208.112.68:80 194.68.142.52:62416 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.39:23310 FIN_WAIT1
tcp 0 553 67.208.112.68:80 125.166.65.48:1791 LAST_ACK
tcp 211 0 67.208.112.68:80 59.97.40.85:2090 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 59.92.246.150:2315 CLOSE_WAIT
tcp 0 1 67.208.112.68:80 222.166.160.154:17056 LAST_ACK
tcp 0 553 67.208.112.68:80 125.25.102.141:3534 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.248:62146 LAST_ACK
tcp 0 0 67.208.112.68:80 121.243.32.243:55320 ESTABLISHED
tcp 0 1 67.208.112.68:80 212.120.199.76:10442 FIN_WAIT1
tcp 0 0 67.208.112.68:80 121.243.32.243:55321 ESTABLISHED
tcp 0 553 67.208.112.68:80 222.166.160.19:60972 LAST_ACK
tcp 0 553 67.208.112.68:80 222.166.160.6:10810 FIN_WAIT1
tcp 0 553 67.208.112.68:80 190.41.155.21:2723 LAST_ACK
tcp 211 0 67.208.112.68:80 190.13.189.14:2747 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 222.166.160.234:61419 LAST_ACK
tcp 0 553 67.208.112.68:80 118.172.208.4:63352 LAST_ACK
tcp 0 553 67.208.112.68:80 122.163.19.141:2877 LAST_ACK
tcp 0 553 67.208.112.68:80 190.41.155.21:2724 LAST_ACK
tcp 198 0 67.208.112.68:80 222.166.160.56:52797 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 190.82.128.160:39551 LAST_ACK
tcp 158 0 67.208.112.68:80 190.95.95.143:1409 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 117.195.229.78:1377 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 190.45.240.84:2434 LAST_ACK
tcp 0 553 67.208.112.68:80 190.78.36.137:2294 LAST_ACK
tcp 211 0 67.208.112.68:80 186.16.93.178:61674 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 122.161.98.198:4115 LAST_ACK
tcp 211 0 67.208.112.68:80 186.16.93.178:61673 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 124.195.198.243:4071 CLOSE_WAIT
tcp 0 553 67.208.112.68:80 58.68.8.189:48620 LAST_ACK
tcp 198 0 67.208.112.68:80 190.39.98.222:1413 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 190.39.98.222:1412 CLOSE_WAIT
tcp 198 0 67.208.112.68:80 124.195.198.243:4073 CLOSE_WAIT
tcp 211 0 67.208.112.68:80 201.248.23.71:2992 CLOSE_WAIT
tcp 158 0 67.208.112.68:80 222.166.160.156:64640 CLOSE_WAIT

ovo je zadnjih ne znam koliko redova iz acces log file-a - nisam ga mogao naci gdej se nalazzi, ali sam ga uspio donloadirati sa cPanel-om

122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
123.201.132.4 - - [26/Nov/2009:03:44:04 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
123.201.132.4 - - [26/Nov/2009:03:44:04 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
123.201.132.4 - - [26/Nov/2009:03:44:04 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
222.166.160.127 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
190.77.94.133 - - [26/Nov/2009:03:44:05 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
222.166.160.98 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
122.161.164.119 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
189.224.71.106 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
189.224.71.106 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
201.211.161.5 - - [26/Nov/2009:03:44:06 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1”
222.166.160.197 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
201.210.120.32 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
189.224.71.106 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
189.151.31.87 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
189.224.71.106 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
123.201.132.4 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
123.201.132.4 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
123.201.132.4 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
123.201.132.4 - - [26/Nov/2009:03:44:07 -0500] “GET /prilog.php HTTP/1.1” 302 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”

bio bih ti zahvalan kada bi mi “procitao sta pise” u ovim tabelama

pokusaj malo profiltrirat promet ako je moguce:

#iptables -A INPUT -p tcp --syn -m limit --limit 10/s -j ACCEPT #iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 10/s -j ACCEPT #iptables -A INPUT -p tcp --syn –j DROP #iptables -A INPUT -p icmp --icmp-type echo-request –j DROP
znam da trazis preko PHP-a, a ja ti suknem naredbu

Pa ionako preko PHP-a nema načina da se to zaustavi …

drop pravilo uvijek ide na kraj da ne bi sebe blokirao, nemoj se zeznut

Za pocetak (veoma radikalan) blokiraj obe indijske A klase …

[code]iptables -A INPUT -s 122.0.0.0/8 --dport 80 -j DROP
iptables -A INPUT -s 123.0.0.0/8 --dport 80 -j DROP

netstat -tuna|grep “67.208.112.68:80”|awk ‘{print $5}’|cut -d":" -f1|sort -n|uniq -c|sort -n[/code]
ce ti pokazati sa kojih adresa dolazi najveci broj konekcija

Takodje provjeri sa kojih adresa dolazi najvise SYN_RECV … pronadji pattern i blokiraj samo pazi sa blokiranjem kompletnih A klasa

isti line kao prethodni, samo umjesto 67…:80 unesi “SYN_RECV”

Napisao bih ti dynamic firewall skriptu, ali zurim na autobus

ima…

Možeš napraviti skriptu prilog.php koja dodaje $_SERVER[‘REMOTE_ADDR’] na blok listu preko iptables. Samo kroz /etc/sudoers dozvoliš korisniku pod kojim se pokreće skripta (ovisno o konfiguraciji, Apache korisnik ili vlasnik fajla) da pozove /sbin/iptables. Naravno to je privremena mjera

Yup, i onda sretno blokiras svakog korisnika koji otvori prilog.php :\

Pa da u međuvremenu skloniš link na prilog.php sa drugih stranica
Jer očito je da botovi napadaju samo taj URL

i gledam ja sta pisete, i gledam, i gledam… i, dzaba reufe, nista ne kontam.
promijenio sam ime prilog.php u nesto drugo, medjutim nista bolje se ne desava.
ovo gore sto ste napisali, sa hrpom hijeroglifa -ovo -ono uvijek sam imao paranoju da dajem naredbe a da nemam pojma sta radim.
a, sto je najgore, zbog vremenske razlike niko od vas mi nije dostupan pa da preko telefona, natenane…

mislio sam da “privremeno” promijenim hosting, d anadjem neki shared hosting, dok ovo ne prodje. mmozda administratori malo aktivnije se zabave oko mog problema. mada ce najvjerovatnije meni reci da kupim prnje

na istom virutalnom serveru ima jos jedna web stranica. ni ona nije dostupna zbog guzve u “kaznenom prostoru” ali sam pogledao acces log od te domene i sve je ok, regularnno. znaci DDOS je baziran na imenu domene, odnosno cilj je konkretan link. sto znaci prelaskom na drugu hosting kompaniju se nece nista promijeniti? mozda “zatisje” dan-dva i ako opet odluce za napad - opet sam zijanio?

hosting kompanija gdje sada imam virtual server, uporno mi pokusava uvaliti bolji plan, da napravim upgrade sa 512MB na 1GB. to je kao neophodno. kao, 512MB nedovoljno za trafic koji imam (prosjecno 2.500 unique posjetilaca dnevno). i kaze da WHM/cPanel pojede solidan dio RAM-a i CPU-a.
interesuje me kako da skontam jel’ 512MB dovoljno i da je ovo samo uvaljivanje ili je mozda cak i 2GB nedovoljno za ovoliku posjetu?

mozda je njihovo maslo da te prisile da uzmes veci paket :S