If the attack is coming from a single IP then you are in pretty good shape.

Do you have APF installed? If so, you can do the following command:

apf -d the_ip

That's it!

If not, you could also do a programming change to check the IP and block it from running any of your pages. Perhaps in a header script?

Actually, I have no idea what is going on. I know that it is a DDoS of some type, but I have no idea how to pinpoint the source. I have searched all over the place with no luck.

If anyone knows how to source the root of the issue, it would be greatly appreciated.

The only command I have found to give me any kind of result back is --

netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Running that I find no IPs that have more than 6 connections. So, it must be coming from multiple IPs. If I do the "top" command, I find that my database is taking up about 50% or more of my CPU resource and then all of the httpd requests are taking up the rest.

I am running the newest version of Cent OS. I have contacted my host but apparently this kind of thing is outside their realm of support. Useless host.

Going to be switching as soon as I can access my FTP and database again.