So I’m using Ubuntu 14.02 on a Server with 6 core Xeon and 16 gig of RAM Apache 2.4
From time to time my CPU spikes to 100% and the server is unusable for Web traffic.
To me it seems like Im under DDOS or some other exploit like Slow Lori or something else I’m not sure.
I’ve read several articles about hardening Apache2 and defeating Slow Lori Attacks but this persists.
Ill turn off apache and the cpu goes to nothing, so I know its apache related – static content loads instantly. It could be a bad script somewhere but I dont know how to find it – I feel like I’m being targeted since I run a business (shared hosting about 20 websites) some of which are pretty critical.
I’ve looked at some Cloudflare type solutions but with 20 webhosts its hard to know what to protect and it costs by the domain.
I already have LDF / CSF installed and ive tried a few different apache mods for various DDOS protections too
Looking for some advice from the community.
Otherwise I may just change my damn public IP 
Any tools out there to test apache2 for stress and common exploits anyone would recommend?
Thanks!
David