From owner-freebsd-security@FreeBSD.ORG Thu Mar 6 11:28:29 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7EFEE1065673 for ; Thu, 6 Mar 2008 11:28:29 +0000 (UTC) (envelope-from kamolpat@dmaccess.net) Received: from irgb12.truemail.co.th (irgb12.truemail.co.th [203.144.173.228]) by mx1.freebsd.org (Postfix) with ESMTP id 26A518FC19 for ; Thu, 6 Mar 2008 11:28:27 +0000 (UTC) (envelope-from kamolpat@dmaccess.net) X-TRUEINTERNET: TRUE X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgAAAMtcz0d8ePDJ/2dsb2JhbAAIq30 X-IronPort-AV: E=Sophos;i="4.25,455,1199638800"; d="scan'208";a="310369983" Received: from ppp-124-120-240-201.revip2.asianet.co.th (HELO [192.168.1.100]) ([124.120.240.201]) by irp4.truemail.co.th with ESMTP; 06 Mar 2008 17:58:20 +0700 Message-ID: <47CFCE4C.7010200@dmaccess.net> Date: Thu, 06 Mar 2008 17:58:20 +0700 From: "kamolpat@dmaccess.net" User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-security@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 06 Mar 2008 12:24:09 +0000 Cc: Subject: DDOS problem from Bangkok, Thailand X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2008 11:28:29 -0000 Dear Security team, I'm Kamolpat Pornatiwiwat, Sys admin of DMaccess Co., Ltd. I'm got the problem, My FreeBSD 6.0 got Dos attacked. What should I do? At the present, I decide to stop apache and leave only mail feature on functioning. Any guide/recommend/solution will be appreciated. More detail about my server: ====================== FreeBSD 6.0 apache-1.3.34_4 php5-5.1.2_1 MySQL 5.0.20 php.ini ====== ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; max_execution_time = 30 ; Maximum execution time of each script, in seconds max_input_time = 60 ; Maximum amount of time each script may spend parsing r memory_limit = 32M (at the beginning it is 8M, I change to 32MB since the cause of httpd-error.log, however, it still the error as the following showed on httpd-error.log FILE:/var/log/httpd-error.log ===================== Allowed memory size of 33554432 bytes exhausted .... happend like this all over the log Thanks in Advanced, Kamolpat Pornatiwiwat, Sys admin DMaccess Co., Ltd.