The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dealing with too many open connections

Discussion in 'Security' started by maestroc, Jan 21, 2014.

  1. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    I run a VPS with a handful of hosting clients. All of the sites on the server are Joomla sites. I have CSF/LFD installed. If a user is doing some intensive back end Joomla work it is opening up lots of connections to the server and apparently not closing them. Once the connection count gets up to 700 the firewall kicks in and bans them for 30 minutes. It does it regardless of whose account is being used, even completely banning me from SSH. Adding IP addresses to the permitted file is not really an option as most of the client (including myself) have dynamic home IP's. I don't think I want to raise the open connection limit any higher for security reasons (unless someone has another opinion on that).

    I realize that this specific temp-ban error is due to CSF/LFD but am posting here to see if anyone can shed light on what the root cause of the error might be or if there is a setting somewhere in my configuration that might fix it.

    Does anyone know what I might have configured wrong in my cpanel/WHM system that might be allowing all of these Joomla connections to stay open? Most often this occurs when a person is simply working on an article, repeatedly saving the file then popping out to the front end to view the changes, then going back to make more edits. This morning I got banned though just working on basic maintenance tasks like checking for updates through the backend of Joomla.

    If you think this has nothing to do with cpanel/WHM please give me a suggestion of where to go to get help on this problem. Thank you very much for any insight you might be able to provide.

    -MaestroC
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    I feel stupid having to ask this but how can I find that out?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    For instance, you mentioned the connection count reaching 700. Where are you seeing those statistics? Note that the following thread, while intended for servers with a high load, may also have some useful information for situations like this:

    Troubleshooting High Load On Linux Servers

    Thank you.
     
  5. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    After I (or someone else) gets temp banned I wait 30 minutes or so and can then get back in. I go in through WHM and find that in the CSF logs it says this for my IP address:

    Jan 7 11:39:45 vps lfd[32426]: (CT) IP xx.xxx.xxx.x (US/United States/my.local.isp) found to have 462 connections - *Blocked in csf* for 1800 secs [CT_LIMIT]

    I have since that time raised the CT_LIMIT up to 700, but got banned again just the other day.
     
  6. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    You can add your account as an ignore user, so you will not ever be blocked. In ldf, put yourself in pignore as:

    user:<username>
     
  7. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Would doing that also remove the DDOS or brute force protection from that account or would it just prevent the open connection blocks?
     
  8. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Anyone have a solution or at least an idea on how to solve this issue with the server keeping connections open? It just happened again to me. I was adding a new article to my blog, trying to select an image to add to the post (there are over a hundred in the folder) when the system banned me again for having too many open connections to my IP address. System said I had over 700 open connections... All I was doing was working on a single article...
     
    #8 maestroc, Feb 8, 2014
    Last edited: Feb 8, 2014
  9. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    Are you using Google Chrome? If so, I have seen the same thing and the one thing in common is chrome is being used.
     
  10. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    I was using Chrome, yes.

    Anyone have any idea why this might be the cause and how I might fix it for the future? I don't really want to tell clients (or myself) to switch to a different browser...

    Thank you for the insight on this! At least having a potential cause is better than none at all.
     
  11. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  12. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    I'll give it a try with Chrome. I turned the setting off for me. Although I asked one of my clients and she was saying that she only uses Safari but yet she was getting locked out as well. No idea if Safari has a similar setting or not.

    I also went in and checked the configuration. Keep-Alive is set to Off. I am guessing that that is that the way it should be?

    Sincerely,
    MaestroC
     
  13. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    The cPanel default for Keep-Alive is off. I'm sure other folks will chime in, but depending on server resources and how many concurrent connections you have, I'd try turning it on and see if your problem goes away. Use a site like gtmetrix.com to make loading measurements to compare speed results between keep-alives on and off.

    Remember that HTTP is "connection-less" meaning a web connection is opened, data transferred and then the connection closed... Keeping the same thread "alive" means that it can be re-used to transfer more data between the server and the web browser.
     
  14. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    This might be a dumb question. How are your Joomla websites accessing the database? Check the config file for me. Is it through the IP address or the internal IP address (localhost).
     
  15. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Changing the Predict Network Actions setting in Chrome did not fix the problem. I was just working on adding an article to Joomla and as I was saving it it banned me.

    In response to Tank's question the database is setup through localhost.

    I have not yet tried turning on the Keep Alive that robb3369 suggested but I will do so once I get back into the system.

    -MaestroC
     
  16. jr9300

    jr9300 Registered

    Joined:
    Mar 7, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi MaestroC,

    Just curious if you had any luck in dealing with this issue. Coincidentally, I'm having the same problem. One of my clients says that their site goes down for 20 or so minutes when editing a Joomla blog, but we don't notice this downtime on our end and we think that it's related to the "too many connections" issue and temporary blocking.

    Please let me know what, if anything, worked for you. Thank you.
     
  17. maestroc

    maestroc Active Member

    Joined:
    Aug 23, 2012
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    It is starting to appear that the initial source of the problem actually lies with the Joomla default media manager. If you open the Insert Image window while editing an article and you happen to have hundreds of images sitting in that folder Joomla is opening a connection to retrieve the thumbnail of each individual image. Now, suppose you want to add several images in succession to the same article. Each time you open the media manager to select another image it still goes out and hits the server again, requesting all the thumbnails again. In my case I find that if I try to add three images to the same document in the span of a minute or so (or if I do anything similar to this process regarding the image folder) I get hit with the temporary ban.

    Not sure if there is some way to mitigate this problem from the cpanel end, but it appears so far at least that this is not even on the radar of the Joomla development team.

    If you have your images folder organized with many subfolders it does not appear to be a problem, but an alternative solution that some people have reported is to not use the default Joomla media manager when editing articles and instead use the image manager built into a different editor component such as JCE. I have not experimented with this yet but it makes sense.

    -MaestroC
     
  18. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    I'm going to look into this aswell. I noticed it happens on one of our servers aswell but not on any others so bit stumped.
     
  19. esc_sports

    esc_sports Registered

    Joined:
    Nov 13, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,

    Did any of you find a solution to this? We are having the same trouble but it seems to be effecting users in IE. We run an ecommerce site and customers are getting blocked after about 6 clicks of the site.

    We have lots of products and therefore lots of images and thumbnails - did you find out if this was the issue?

    Appreciate any of your thoughts on this.
     
  20. esc_sports

    esc_sports Registered

    Joined:
    Nov 13, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Sorry - meant to say - it's a Joomla/Virtuemart site.
     
Loading...

Share This Page