The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Holding F5 on browser overloads whole server

Discussion in 'Security' started by coldplug, Nov 20, 2011.

  1. coldplug

    coldplug Member

    Joined:
    Oct 26, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello all!

    I found an issue with overloading server by simple holding down F5 in browser (flooding with refresh) on joomla website. All four CPU cores go immediately to 100% and average load goes to VERY high number.

    So, the question is - what can be done to prevent these types of abusing from happening? In fact I don't know if this is question for Optimization or Security forum, because I'm not sure if my maybe incorrect mysql server configuration is cause of this overload or it is (as I think) just php/CPU issue.

    I have csf/lfd installed if that can help to block these types of flood, but also, I think that even without firewall the system should be able to face out this simple load from just one browser. It is VPS running on OpenVZ, 4-core Xeon (Sandy Bridge), full CPU burst available, 2GB ram guaranteed, 4GB in burst.

    Thanks for any suggestion.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If this is only happening on Joomla, then it would be a Joomla issue. Have you reproduced it on another type of software application?

    Of note, you can always set Apache settings for Timeout, KeepAlive Timeout, MaxKeepAliveRequests in WHM > Apache Configuration > Global Configuration area. You could also definitely set up brute force protection using CSF's LFD product, which is a third-party product that we are not affiliated with directly.
     
  3. coldplug

    coldplug Member

    Joined:
    Oct 26, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thanks!

    Yes it looks like joomla's problem; I will install one fresh joomla and see if that happens also there. But...

    I have about 20 accounts there, and I cannot always control what scripts they execute. So of course I would like to do my best to protect the system from unintentional (and intentional) abusing.

    Do you have some recommendation on these so the server could be able to hold loads like this requests flooding better?

    Thanks again!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Personally, I prefer not to provide recommendations on Apache settings. You might read the following guide and determine if you consider the advice there helpful:

    Apache Performance Tuning

    I have a presentation that I did on Apache and PHP Optimization, but that presentation only discusses the default values rather than providing direct recommendations. It is at the following location:

    Apache & PHP Optimization | cPanel Video Site
     
Loading...
Similar Threads - Holding browser overloads
  1. sehh
    Replies:
    2
    Views:
    592

Share This Page