Apache2 being exploited I think

So I’m using Ubuntu 14.02 on a Server with 6 core Xeon and 16 gig of RAM Apache 2.4

From time to time my CPU spikes to 100% and the server is unusable for Web traffic.

To me it seems like Im under DDOS or some other exploit like Slow Lori or something else I’m not sure.

I’ve read several articles about hardening Apache2 and defeating Slow Lori Attacks but this persists.

Ill turn off apache and the cpu goes to nothing, so I know its apache related – static content loads instantly. It could be a bad script somewhere but I dont know how to find it – I feel like I’m being targeted since I run a business (shared hosting about 20 websites) some of which are pretty critical.

I’ve looked at some Cloudflare type solutions but with 20 webhosts its hard to know what to protect and it costs by the domain.

I already have LDF / CSF installed and ive tried a few different apache mods for various DDOS protections too

Looking for some advice from the community.

Otherwise I may just change my damn public IP :frowning:

Any tools out there to test apache2 for stress and common exploits anyone would recommend?



First off I’d just look at your apache logs and try to determine what is happening. Logs are your friends. Changing your IP is unlikely to help

I’d start just by reading the apache logs and trying to find out what is going on. I doubt changing your IP will be a lot of help. You may just have a client with some sort of wildly badly configured web site - need to find out where the pain is first.

I thought that apache might be misconfigured I trimmed down a lot of the mods I have enabled as well.

The logs dont have anything meaningful, what .confs should I post if you woudln’t mind taking a look at them?