Run this command:

netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

This is not exactly going to say YES your under attack, this code will return IP address that connected to your server and how many connection they made to your server.

By looking at the number connections you should know what are the chances of a client from that particular IP connecting to your server and require that many connections!

Above code will return results like this:

1
1 xxx.xxx.xxx.xxx
2 xxx.xxx.xxx.xxx
50 xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx = IP address

Number in the First column is the Number of connections established from that particular IP address. (NumberofConnections [SPACE] IP Address)

You will see that there is huge jump in number of connections from one or many IP’s (50 is for demonstration only how many is up to you). Many servers do not require having that many connections from a single IP. What to do next, is your choice, you could install security mods and setup firewalls to block these IP’s and so on. Do a little google search and you will find lots and lots of answers on “how to block DDoS attack?”

Now, Run this command to patch changes and restart Apache Server

* First of All This solution is for Linux based OS. I did it on centOS 4 x64 Running Plesk 9.2.1.

Well, If you every come across the FastCGI issue with Plesk Apache and looking for a solution, I’m sure following could help you a lot.

Problem / Solution:

• Problem occurs when you set-up a Domain to Run PHP in FastCGI Application mode in Plesk and Apache won’t restart / start.
• Reason for that is the Apache configuration file referring to Dynamic CGI Library that it’s actual.
• Solution is to change Apache Config and point to correct Library Location. But If you directly edit Apache config file, On next restart Plesk will overwrite it. So Edit Plesk Config file to reflect on Apache Config file.

1. Find FastCGI Path

First you need to Locate FastCGI. Location may vary based on Linux distributions your using. A Simple explanation is given on how to locate in : Simple Instruction on Where to look for FastCGI

They also telling you to Run “psa-php5-configurator-1.5.1-cos5.build92090422.13.noarch.rpm” to resolve this issue. Well, I couldn’t fin this RPM in my server. so resolved to directly editing method.

2. Edit Plesk config

Once you find your FastCGI location (in my case it was /usr/bin/php-cgi) edit Plesk Config File located at “/etc/psa/psa.conf” (this may vary as well).

I used VI edit through SSH.

vi /etc/psa/psa.conf

Find the Following Line (I found it at very bottom!):

CGI_PHP_BIN dynamic

and Replace it with:

CGI_PHP_BIN /usr/bin/php-cgi

Save the File and Exit VI edit

VI Editor Basic Commands: http://www.cs.colostate.edu/helpdocs/vi.html

3. patch Changes to Apache Config

Now, Run this command to patch changes and restart Apache Server

/usr/local/psa/admin/sbin/websrvmng -av

It worked for me well! Let me know what happen to you… You can always use the source: http://forum.parallels.com/showthread.php?t=89939&page=2 for more info and full reading.

My server at 1&1, Value for Price and Affordable Servers. have a look at : http://www.1and1.co.uk

How its happens:

After Hosting my site(s) with so many Web-hosting companies (Most of those cheap once) and Living in fear when and what will happen, I decided to Buy a VPS (Virtual Private Server) or a Dedicated Server. Good VPS cost you $$$ p/a. Cheap once cost you around $100-150 or $200. But they will give you same headache as Cheap Shared Hosting. 1 and 1 UK offering cheap dedicated server deals. It’s not much of a Server Spec but it sure can handle several websites and they give you TRUE root access and your OWN server to manage. Price also looking good compare to a Good VPS and credible hosting company.

1 and 1 offered Free Plesk 9.0.1 Control Panel with this Dedicated Server as a Standard control panel. I just finished checking firewall settings and even set-up 1 and 1 Free External Cisco Firewall and transfered all my sites to My New Server…

All working wonderfully. Then I logged into my Blog and started to write an Article and Upload a Image (I use Wordpress!). Image upload returned error that it does not have writing permission for the uploads directory. It usually happens when you move around and you forgot to set the correct permission (CHMOD). Through FTP I Changed permission to uploads folder and tried again. Nope, same error. Again logged into FTP and verified writing permission to uploads folder. It does have necessary permission and it also created a folder where image should be uploaded (Wordpress uses uploads/YYYY/MM structure to upload media contents). when I checked the permission for the root folder (YYYY), It does shows that it has writing permission but it’s owner shows as apache.

This is where I realized that default Apache mod_php is running that it uses apache user to writing / edit files. This will cause trouble when having multiple domains and users on a server. I also know that running PHP using FastCGI would resolve this issue and I remember seeing FastCGI option to run PHP in Plesk.

Logged into my Plesk Control Panel and Changed my Domain Settings to Run PHP as FastCGI Application and restarted Apache through Plesk Service Management. Apache started to give error and did not start. Now I went crazy and started to google what the hell is wrong with FastCGI and Plesk!

It seems they have this issue in earlier version as well due to wrong configuration and bug too. Many forums offered many different solutions, most common one is to Run Plesk php configurator rpm and and this would resolve the issue. Well, I don’t really want to make a mess with my server and If anything goes wrong, only thing I know is to re-image. Re-imaging server will result in loosing all my data and configurations so far!…

Finally, on Paralles forums I found a simpler solution. Forum Topic link and Solution In this article to make your life easier.