The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best method for blocking too many PHP processes due to broken links and 404 errors

Discussion in 'Workarounds and Optimization' started by John1975, Sep 25, 2013.

  1. John1975

    John1975 Member

    Joined:
    Aug 22, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just migrated to a new VPS from shared and don't have many of the configs of the old system. I'm having a problem with a couple of IPs downloading images out of a folder. This is a normal thing we allow but two IPs are using the wrong folder ( one level above where they should be) and it's causing 50-100 PHP processes from 404 errors generated. Every time there's a 404 it calls an index.php and these are where all of the PHP processes are coming from. This in turn eats all memory and crashes mysql and spamd and the site goes down. We allow bulk image downloading of about 3500 images and it's never been an issue until on this server so obviously it's a config I don't have in place. I can see them trying it every morning at the same time and if I kill all PHP processes while they run through the bad URLs I can keep the server from crashing using "killall php".

    As an example they should be downloading from /home/<user>/public_html/images/backup/detailed. This is where all of the images are but instead two are trying to get them from /home/<user>/public_html/images/detailed and there are no images there. The 404s happen so fast (1-5 per second) it builds up too many PHP processes. They are downloading via script or a download manager. httpd processes are normal.

    What is the best method for dealing with this? I need to keep users out of this folder when downloading images but the cart requires /home/<user>/public_html/images/detailed to function because there are subfolders it uses for product images. How do I limit the PHP processes from eating up memory? I don't want to block the IP entirely because they are good customers. I haven't been able to get their info by IP to contact them and ask them to stop using the bad URLs plus I need to protect the server from this type of issue with anyone else.

    I am using suPHP with Apache suExec. If I remember right the user of the PHP proceses was nobody indicating they were spawned from Apache.

    Thanks
     
  2. John1975

    John1975 Member

    Joined:
    Aug 22, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I had to double check what I said. The PHP processes aren't user nobody. They are my main user as they should be.

    - - - Updated - - -

    If I hammer the page with refreshes I get the same effect. Multiple httpd and PHP processes. I guess it could be a combination of both causing the problem. I think it's the speed at which the errors ocurr. When they use the correct path it doesn't seem to be a problem.
     
  3. John1975

    John1975 Member

    Joined:
    Aug 22, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm starting to think that what I'm looking for is a way to limit the number of connections an IP can make in a set amount of time.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You may want to consider utilizing a third-party firewall such as CSF, or implementing some custom firewall rules to limit the connections.

    Thank you.
     
  5. John1975

    John1975 Member

    Joined:
    Aug 22, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm reading about CSF, APF, mod_throttle, and mod_limitipconn. Being that I have had flood attacks on MySQL also do you think CSF would be the best way to go here? Thank you for your reply.
     
  6. John1975

    John1975 Member

    Joined:
    Aug 22, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there no way to do this in the Apache config in WHM? What are the following directives there. I read what is wrote there but I still don't know if it will help this issue or be too encompassing.

    Server Limit
    Max Request Workers
    Max Connections Per Child
     
  7. John1975

    John1975 Member

    Joined:
    Aug 22, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Would MPM Prefork or Worker help in this case?

    - - - Updated - - -

    or Mod Security?
     
Loading...

Share This Page