No, no lo es
- - - Actualizado - - -
Te explico, por razones de seguridad no voy a indicar la ip real de mi vps, interpreto ip 127.0.0.1, he probado en asignar la regla que indicas iptables -I INPUT -s 164.132.238.24 -j DROP y ambas ip desde csf -d 164.132.103.24 pero sigue igual con el ataque.
El VPS lo tengo alojado en OVH y es vergonzoso que clientes de la misma plataforma me estén atacando mi propio vps, ya me puse en contacto con ellos vía teléfono, email abuse me están dando largas, se tiran la pelota uno al otro y sin solución.
Aquí ip reales de los atacantes:
PHP:
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33514 CLOSE_WAIT 30748/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50000 CLOSE_WAIT 30238/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33449 CLOSE_WAIT 30681/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50732 ESTABLISHED -
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50653 ESTABLISHED 30968/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50702 ESTABLISHED 31019/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33688 ESTABLISHED 30928/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33466 CLOSE_WAIT 30698/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33629 CLOSE_WAIT 30869/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33379 CLOSE_WAIT 30609/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33361 CLOSE_WAIT 30591/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33784 ESTABLISHED 31026/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50069 CLOSE_WAIT 30172/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50727 ESTABLISHED 31043/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50650 ESTABLISHED 30965/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33496 CLOSE_WAIT 30729/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33542 ESTABLISHED 30776/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33633 CLOSE_WAIT 30873/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50136 CLOSE_WAIT 30477/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33369 CLOSE_WAIT 30599/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33730 ESTABLISHED 30970/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33568 CLOSE_WAIT 30803/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50621 CLOSE_WAIT 30936/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33630 CLOSE_WAIT 30870/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33775 ESTABLISHED 31017/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33687 ESTABLISHED 30927/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33353 CLOSE_WAIT 30583/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33337 CLOSE_WAIT 30567/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50293 CLOSE_WAIT 30598/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50629 ESTABLISHED 30944/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50178 TIME_WAIT -
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33644 CLOSE_WAIT 30884/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50692 ESTABLISHED 31009/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33550 CLOSE_WAIT 30785/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33419 CLOSE_WAIT 30651/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50281 CLOSE_WAIT 30586/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33632 CLOSE_WAIT 30872/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.238.24:33677 CLOSE_WAIT 30917/httpd
tcp 0 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50706 ESTABLISHED 31023/httpd
tcp 1 0 ::ffff:127.0.0.1:7080 ::ffff:164.132.103.24:50256 CLOSE_WAIT 30561/httpd
Tengo el firewall CSF me envia notificación por correo electrónico, fichero llamado netstat.txt y dentro del mismo lo que indico más arriba abreviado.
No se que tipo de ataque están utilizando, pero consiguen dejar durante media hora o más la maquina off con subidas de cpu a full
Saludos