The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache too many process

Discussion in 'EasyApache' started by jameshsi, Jan 23, 2007.

  1. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Hi!
    I just found my site shows very slow, and go to apache status in WHM to see the process went to 150, and many comes from some IPs from China, I got 2 thoughts:

    1. Ban all the IPs from China, using APF firewall.

    2. Is it possibile to use BFD+APF to ban those IPs try to continue to link my site's images ( I already set Hotlink Protection , but they just keep coming and coming), or try to keep post comments.

    Anyway, I need to find a way to lower down the apache process below to 150. Anyone can help ?


    Thanks.
     
  2. nwilkens

    nwilkens Well-Known Member

    Joined:
    May 4, 2006
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Monroe MI
    cPanel Access Level:
    DataCenter Provider
    From: http://www.redrage.net/index.php?iptables_asia_drops=y

    I'm sure you can adapt this for apf, or you can use this in conjunction for the time being.. Also, you may not want to log all of this, if it is coming too quickly..

    I haven;t validated the address range either..

    I am sure there are a number of other tactics, but this may help.


    ------------------------------------------------------
    ## Blocking Networks from the Asia Pacific Region.

    iptables -A INPUT -s 58.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT JAPAN: "
    iptables -A INPUT -s 58.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 58.0.0.0/7 -j DROP

    iptables -A INPUT -s 220.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT JAPAN: "
    iptables -A INPUT -s 220.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 220.0.0.0/7 -j DROP

    iptables -A INPUT -s 222.0.0.0/8 -j LOG --log-prefix "FIREWALL HIT JAPAN: "
    iptables -A INPUT -s 222.0.0.0/8 -j DROP
    iptables -A OUTPUT -d 222.0.0.0/8 -j DROP

    iptables -A INPUT -s 126.0.0.0/8 -j LOG --log-prefix "FIREWALL HIT JAPAN: "
    iptables -A INPUT -s 126.0.0.0/8 -j DROP
    iptables -A OUTPUT -d 126.0.0.0/8 -j DROP

    iptables -A INPUT -s 60.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT CHINA: "
    iptables -A INPUT -s 60.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 60.0.0.0/7 -j DROP

    iptables -A INPUT -s 218.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT CHINA: "
    iptables -A INPUT -s 218.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 218.0.0.0/7 -j DROP

    iptables -A INPUT -s 122.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT THAILAND: "
    iptables -A INPUT -s 122.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 122.0.0.0/7 -j DROP

    iptables -A INPUT -s 124.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT KOREA: "
    iptables -A INPUT -s 124.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 124.0.0.0/7 -j DROP

    iptables -A INPUT -s 121.0.0.0/8 -j LOG --log-prefix "FIREWALL HIT Austrailia: "
    iptables -A INPUT -s 121.0.0.0/8 -j DROP
    iptables -A OUTPUT -d 121.0.0.0/8 -j DROP

    iptables -A INPUT -s 169.208.0.0/12 -j LOG --log-prefix "FIREWALL HIT Austrailia: "
    iptables -A INPUT -s 169.208.0.0/12 -j DROP
    iptables -A OUTPUT -d 169.208.0.0/12 -j DROP

    iptables -A INPUT -s 202.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT Austrailia: "
    iptables -A INPUT -s 202.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 202.0.0.0/7 -j DROP

    iptables -A INPUT -s 210.0.0.0/7 -j LOG --log-prefix "FIREWALL HIT Austrailia: "
    iptables -A INPUT -s 210.0.0.0/7 -j DROP
    iptables -A OUTPUT -d 210.0.0.0/7 -j DROP
     
  3. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page