I've got server problems that I can't seem to be able to fix myself.
Everything started yesterday with the Courier-IMAP service going down. Then server load peaked and more services like httpd and mysql went up and down.
I've been looking at the problem myself and it looks like I'm being attacked (dDoS perhaps?). As soon as httpd is turned on the server load goes thru the roof. I believe it might be on mysql that the attacks are taking place. I've limited the max connections for mysql severely in [url removed, login to view] and the server load has gone down to around [url removed, login to view], but my sites are inaccessible most of the time because all the mysql connections are full. I've also changed settings in [url removed, login to view] to reduce the server load. Those settings are reducing my sites capacity with like 90% but I’ve done it just to keep it alive.
There were no problems yesterday and normal server load is at 0,5-1.0, so something bad is happening for sure.
When I do a "netstat -n | grep :80 |wc -l" there are between 1 000 - 3 000 connections.
I installed APF-firewall and dDoS deflate protection to see if I could stop the problems, so far I've banned around 800 IP# but the problem remains and more IP# are being banned every minute.
I don't know if this is relevant but the e-mails I get when an IP# has been banned looks like this:
Banned the following ip addresses on Thu Oct 25 13:36:09 CEST 2007
2220 with 2220 connections
I need someone who know that they can solve this problem to contact me asap.