Ddos?

[Tagor]

I've got a lot of HTTPD processes running:

Quote:

nobody 21387 0.1 2.6 105268 11524 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21389 0.0 2.6 105260 11364 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21390 0.0 2.5 105260 10988 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21402 0.1 2.6 105268 11524 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21403 0.2 2.5 105260 10988 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21412 0.0 2.5 105292 11004 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21417 0.0 2.5 105260 10992 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21424 0.0 2.5 105288 11008 ? S 13:48 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21533 0.0 2.5 105288 11000 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21545 0.0 2.5 105280 11004 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21662 0.0 2.5 105260 10988 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21664 0.0 2.5 105260 10988 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21665 0.0 2.5 105260 10980 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21667 0.0 2.5 105292 10996 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21668 0.6 3.2 107608 14044 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21669 0.0 2.5 105260 10992 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21670 0.0 2.6 105260 11360 ? S 13:49 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21671 0.0 0.0 0 0 ? Z 13:50 0:00 [httpd] <defunct>
nobody 21672 0.0 2.5 105260 11004 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21673 0.0 2.5 105260 10964 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 21675 0.0 2.5 105260 10980 ? S 13:50 0:00 /usr/local/apache/bin/httpd -DSSL

They are from various ip's:
my.server:http->94.Red-88-6-176.staticIP.rima-tde.net:3449 (ESTABLISHED)

Is there a way to stop this? Or is there a way to find out for what website this DDOS attack is?

[chirpy]

Are you sue they're not genuine accesses to the server? You're better off looking at the Apache Status page within WHM.

[Tagor]

Strange, you are right. They are normal accesses. Can you tell me then why the load is so high? I didn't have that problem on a older 32 bit CPU.

[chirpy]

Difficult to say. You may need to look into apache tuning in httpd.conf which can often bring down httpd loads to more manageable levels. In particular you could turn off KeepAlives.

[Tagor]

Quote:

Originally Posted by chirpy

Difficult to say. You may need to look into apache tuning in httpd.conf which can often bring down httpd loads to more manageable levels. In particular you could turn off KeepAlives.

I read KeepAlives will cause slow speeds, is that correct?

[chirpy]

Not necessarily. It's a trade off between server performance and perceived performance. If you're finding that server performance is being degraded because of high web usage, then switching off keepalives can help bring the server performance under control to the level where it provides a perceived perfmance gain to the end user. If, however, there are no performance problems on the server, then there's no point in disabling keepalives as then it would give a perceived performance hit.