Mobile app version of vmapp.org
Login or Join
Heady270

: Does an increase in bandwidth usage and a down server indicate a DDoS attack? I have a dedicated server and it went down hours ago. Just wondering if this happened because of a DDoS attack.

@Heady270

Posted in: #DedicatedHosting #Linux

I have a dedicated server and it went down hours ago.

Just wondering if this happened because of a DDoS attack.

I got the bandwidth graph from my hosting provider, it clearly shows huge traffic before server stopped responding.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Heady270

2 Comments

Sorted by latest first Latest Oldest Best

 

@Angie530

You show an increase in traffic, but I don't know that I'd call this huge.

It's possible that there's an effective DOS involved, but no evidence here that it's malicious, or distributed. Either of those are possible, but it's more likely that this was either because of some inconsiderately written web crawler started working over your site, or because something on your site got genuinely popular for some reason.

I gather that the traffic dropped off, but your system did not recover? For how long?

A common scenario is that a system is not configured for high load, and when it gets more load, too many processes start up, and the system runs out of RAM, and starts swapping. In this situation, Performance can take a serious hit, but usually doesn't go to zero, and it may recover on its own (though you may not be prepared to wait for it). When swap space also runs out, the system starts killing processes. That often works, but sometimes a process that is killed is a critical one, and so your system does not recover.

Where you say the server stopped responding, do you mean web response only, or were you trying ssh, or something else? Ping?

10% popularity Vote Up Vote Down


 

@Phylliss660

Without the spike making 95th percentile 129 Mb, it looks like it would have been around 70 Mb - an 85% increase. That's significant, but the traffic alone isn't enough to determine the cause. You will need to bring the server back up (offline, if possible) and examine the log files to tell if it was a DDoS, as there could be other explanations depending on the services and content provided by that server.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme