[Tanya] Cara Memblok Connections Aneh dari Luar

Discussion in 'Web Hosting' started by pasaisea, 11 Aug 2016.

Tags:
Thread Status:
Not open for further replies.
  1. pasaisea

    pasaisea Beginner 2.0

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Dear Tuan, website saya yang saya hosting di web server linux ubuntu bikinan saya sendiri mengalami banyak masalah too many connections hari ini. Saya cek melalui netstat -t ada banyak koneksi aneh

    tcp6 1 0 websitesaya.co.id:http 98-142-172-163.re:37854 CLOSE_WAIT
    tcp6 1 0 websitesaya.co.id:http 98-142-172-163.re:34962 CLOSE_WAIT
    tcp6 1 0 websitesaya.co.id:http 98-142-172-163.re:51678 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:44102 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http vmi80876.contabo.:46980 CLOSE_WAIT
    tcp6 0 531 websitesaya.co.id:http ks.kgovps.com:35146 LAST_ACK
    tcp6 0 0 websitesaya.co.id:http 98-142-172-163.re:55052 CLOSE_WAIT
    tcp6 1 0 websitesaya.co.id:http 157-171-172-163.r:36082 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:33698 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:59778 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:51166 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http vmi80876.contabo.:49693 CLOSE_WAIT
    tcp6 0 0 websitesaya.co.id:http 98-142-172-163.re:52406 CLOSE_WAIT
    tcp6 1 0 websitesaya.co.id:http 157-171-172-163.r:53266 CLOSE_WAIT
    tcp6 0 639 websitesaya.co.id:http 98-142-172-163.re:58032 LAST_ACK
    tcp6 1 0 websitesaya.co.id:http ks.kgovps.com:59676 CLOSE_WAIT
    Dan masih banyak lagi dari IP yang itu lagi itu lagi

    IP nya aneh-aneh gitu mas 98-142-172-163.re, 157-171-172-163.r, gimana cara ngeblock nya ya? Sudah pasang CSF Firewall tetep aja kayak gini. Saat ini website saya down jadinya.
     
  2. argon

    argon Poster 2.0

    Messages:
    106
    Likes Received:
    41
    Trophy Points:
    28
    Webserver-nya pake apa? Pengaruh ke cpu load-nya seberapa besar?
     
  3. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Batasi koneksi di web server config dengan 'max_connections' atau yang semacam.
     
  4. arieonline

    arieonline Expert 1.0

    Messages:
    887
    Likes Received:
    127
    Trophy Points:
    43
    CLOSE_WAIT ya? sepertinya itu SYN flood attacks
     
  5. pasaisea

    pasaisea Beginner 2.0

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Pake Webmin mas. Kalo lagi peak bisa 90%-100%

    Kalau saya pake max_connections sql dia error "too many sql connections". Jadi yang bener2 pengunjung ga bisa masuk, ud keburu sama yg koneksi ga jelas2 itu duluan yg make.
     
  6. arieonline

    arieonline Expert 1.0

    Messages:
    887
    Likes Received:
    127
    Trophy Points:
    43
  7. pasaisea

    pasaisea Beginner 2.0

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Gimana cara mengatasinya ya mas? :20: Bingung nih harus bagaimana lagi padahal udah pake CSF firewall. Masalahnya ga bisa ngeblock IP yang aneh kayak 98-142-172-163.re Pasti tulisannya IP not found. Nah loh gimana nih
     
  8. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Bukan di mysql tapi di webserver (misalnya apache).

    Karena pakai webmin, ini jadi 'urusan' si @GPLHosting :19:
     
  9. valent

    valent Apprentice 1.0

    Messages:
    216
    Likes Received:
    37
    Trophy Points:
    28
    itu default reverse ip (ptr) dari dc sepertinya, jadi pembacaannya dibalik saja. lalu masukkan ke entry di iptables atau csfnya untuk memblokir ip tersebut.
    ada baiknya langsung block 1 range (cidr) saja daripada 1 per satu

    98-142-172-163.re => 163.172.142.98

    kalau mau diblokir semua berarti 163.172.0.0/16
    ini blok ip addressnya vps/cloud scaleway
     
  10. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Aslinya 98-142-172-163.re adalah 98-142-172-163.rev.cloud.scaleway.com dimana IP-nya 'dibalik' jadi 163.172.142.98
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...