Dealing with too many open connections

[maestroc]

I run a VPS with a handful of hosting clients. All of the sites on the server are Joomla sites. I have CSF/LFD installed. If a user is doing some intensive back end Joomla work it is opening up lots of connections to the server and apparently not closing them. Once the connection count gets up to 700 the firewall kicks in and bans them for 30 minutes. It does it regardless of whose account is being used, even completely banning me from SSH. Adding IP addresses to the permitted file is not really an option as most of the client (including myself) have dynamic home IP's. I don't think I want to raise the open connection limit any higher for security reasons (unless someone has another opinion on that).

I realize that this specific temp-ban error is due to CSF/LFD but am posting here to see if anyone can shed light on what the root cause of the error might be or if there is a setting somewhere in my configuration that might fix it.

Does anyone know what I might have configured wrong in my cpanel/WHM system that might be allowing all of these Joomla connections to stay open? Most often this occurs when a person is simply working on an article, repeatedly saving the file then popping out to the front end to view the changes, then going back to make more edits. This morning I got banned though just working on basic maintenance tasks like checking for updates through the backend of Joomla.

If you think this has nothing to do with cpanel/WHM please give me a suggestion of where to go to get help on this problem. Thank you very much for any insight you might be able to provide.

-MaestroC

 

[cPanelMichael]

Hello

Could you elaborate on the type of connections that remain open? For instance, is it a connection to MySQL or Apache?

Thank you.

 

[maestroc]

Hello

Could you elaborate on the type of connections that remain open? For instance, is it a connection to MySQL or Apache?

Thank you.

I feel stupid having to ask this but how can I find that out?

 

[cPanelMichael]

For instance, you mentioned the connection count reaching 700. Where are you seeing those statistics? Note that the following thread, while intended for servers with a high load, may also have some useful information for situations like this:

Troubleshooting High Load On Linux Servers

Thank you.

 

[maestroc]

After I (or someone else) gets temp banned I wait 30 minutes or so and can then get back in. I go in through WHM and find that in the CSF logs it says this for my IP address:

Jan 7 11:39:45 vps lfd[32426]: (CT) IP xx.xxx.xxx.x (US/United States/my.local.isp) found to have 462 connections - *Blocked in csf* for 1800 secs [CT_LIMIT]

I have since that time raised the CT_LIMIT up to 700, but got banned again just the other day.

 

[Serra]

You can add your account as an ignore user, so you will not ever be blocked. In ldf, put yourself in pignore as:

user:<username>

 

[maestroc]

You can add your account as an ignore user, so you will not ever be blocked. In ldf, put yourself in pignore as:

user:<username>

Would doing that also remove the DDOS or brute force protection from that account or would it just prevent the open connection blocks?

 

[maestroc]

Anyone have a solution or at least an idea on how to solve this issue with the server keeping connections open? It just happened again to me. I was adding a new article to my blog, trying to select an image to add to the post (there are over a hundred in the folder) when the system banned me again for having too many open connections to my IP address. System said I had over 700 open connections... All I was doing was working on a single article...

 

[WebJIVE]

Are you using Google Chrome? If so, I have seen the same thing and the one thing in common is chrome is being used.

 

[maestroc]

Are you using Google Chrome? If so, I have seen the same thing and the one thing in common is chrome is being used.

I was using Chrome, yes.

Anyone have any idea why this might be the cause and how I might fix it for the future? I don't really want to tell clients (or myself) to switch to a different browser...

Thank you for the insight on this! At least having a potential cause is better than none at all.

 

[robb3369]

In Chrome, go to settings (or chrome://settings/), click on "Advanced Settings" and uncheck "Predict network actions to improve page load performance"

Also, on the server, check to see how your keep-alives are set on the server side: Home >> Service Configuration >> Apache Configuration >> Global Configuration

 

[maestroc]

In Chrome, go to settings (or chrome://settings/), click on "Advanced Settings" and uncheck "Predict network actions to improve page load performance"

Also, on the server, check to see how your keep-alives are set on the server side: Home >> Service Configuration >> Apache Configuration >> Global Configuration

I'll give it a try with Chrome. I turned the setting off for me. Although I asked one of my clients and she was saying that she only uses Safari but yet she was getting locked out as well. No idea if Safari has a similar setting or not.

I also went in and checked the configuration. Keep-Alive is set to Off. I am guessing that that is that the way it should be?

Sincerely,
MaestroC

 

[robb3369]

The cPanel default for Keep-Alive is off. I'm sure other folks will chime in, but depending on server resources and how many concurrent connections you have, I'd try turning it on and see if your problem goes away. Use a site like gtmetrix.com to make loading measurements to compare speed results between keep-alives on and off.

Remember that HTTP is "connection-less" meaning a web connection is opened, data transferred and then the connection closed... Keeping the same thread "alive" means that it can be re-used to transfer more data between the server and the web browser.

 

[tank]

This might be a dumb question. How are your Joomla websites accessing the database? Check the config file for me. Is it through the IP address or the internal IP address (localhost).

 

[maestroc]

Changing the Predict Network Actions setting in Chrome did not fix the problem. I was just working on adding an article to Joomla and as I was saving it it banned me.

In response to Tank's question the database is setup through localhost.

I have not yet tried turning on the Keep Alive that robb3369 suggested but I will do so once I get back into the system.

-MaestroC

 

[jr9300]

Hi MaestroC,

Just curious if you had any luck in dealing with this issue. Coincidentally, I'm having the same problem. One of my clients says that their site goes down for 20 or so minutes when editing a Joomla blog, but we don't notice this downtime on our end and we think that it's related to the "too many connections" issue and temporary blocking.

Please let me know what, if anything, worked for you. Thank you.

 

[maestroc]

Please let me know what, if anything, worked for you. Thank you.

It is starting to appear that the initial source of the problem actually lies with the Joomla default media manager. If you open the Insert Image window while editing an article and you happen to have hundreds of images sitting in that folder Joomla is opening a connection to retrieve the thumbnail of each individual image. Now, suppose you want to add several images in succession to the same article. Each time you open the media manager to select another image it still goes out and hits the server again, requesting all the thumbnails again. In my case I find that if I try to add three images to the same document in the span of a minute or so (or if I do anything similar to this process regarding the image folder) I get hit with the temporary ban.

Not sure if there is some way to mitigate this problem from the cpanel end, but it appears so far at least that this is not even on the radar of the Joomla development team.

If you have your images folder organized with many subfolders it does not appear to be a problem, but an alternative solution that some people have reported is to not use the default Joomla media manager when editing articles and instead use the image manager built into a different editor component such as JCE. I have not experimented with this yet but it makes sense.

-MaestroC

 

[sahostking]

I'm going to look into this aswell. I noticed it happens on one of our servers aswell but not on any others so bit stumped.

 

[esc_sports]

Hi,

Did any of you find a solution to this? We are having the same trouble but it seems to be effecting users in IE. We run an ecommerce site and customers are getting blocked after about 6 clicks of the site.

We have lots of products and therefore lots of images and thumbnails - did you find out if this was the issue?

Appreciate any of your thoughts on this.

 

[esc_sports]

Sorry - meant to say - it's a Joomla/Virtuemart site.