The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server load high as i got many apache : /usr/local/apache/bin/httpd -k star

Discussion in 'Workarounds and Optimization' started by ASTRAPI, Nov 13, 2011.

  1. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Hello

    I got many /usr/local/apache/bin/httpd -k start -DSSL and the server load is going high up to 80 :(

    Any ideas how can i find what is giving so many /usr/local/apache/bin/httpd -k start -DSSL?

    I am using nginx plugin in front of Apache.

    When i stop apache the server load is 1.

    What is the latest version of Apache that easy apache installs?

    It seems that someone maybe use a denial of service exploit and i hope to get a new update soon so i can install it using easy apache.

    Thank you
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  3. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Re: Server load high as i got many apache : /usr/local/apache/bin/httpd -k

    Dedicated server with 24gb ram and 2x quad xeon wit only a forum inside.

    netstat -an | grep :80|wc -l
    1700

    netstat -an | grep :80 | grep -i syn | wc -l
    130

    netstat -an|grep :80|grep SYN|awk {'print $5'}|cut -d: -f 1|sort|uniq -c
    only one ip with 90 connections the rest are 2-3

    I am using deflate already and set it to 300 connections.

    Max clients are already high and not any messages related on error log.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: Server load high as i got many apache : /usr/local/apache/bin/httpd -k

    300 connections allowed per IP is a very high number of connections to allow per IP. Why do you have it set to allow 300 simultaneous connections per IP with ddos-deflate? A more reasonable value would be 30-50 at the most.

    You might also get an idea of the site if you can run WHM > Apache Status and get details on what site is being hit the most for connections. If that doesn't work, try running it in command line:

    Code:
    httpd fullstatus
     
  5. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Re: Server load high as i got many apache : /usr/local/apache/bin/httpd -k

    I set it on 300 because i am using DSO and prefork and i have many images on my forum index ...

    Is it wrong thought?

    I can see some connections spikes from a user like 20 50 150 and then back to 20 and is ok that's why ...
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: Server load high as i got many apache : /usr/local/apache/bin/httpd -k

    Did you check to see if it is a slowloris attack that is also discussed in the forum post I linked to? There's a command you can add to iptables to bump off slowloris type of attacks that is in that thread.

    If what is already being mentioned isn't sufficient to stem what is happening, you'll need to talk to your datacenter, NOC or provider to have them filter it at the network level. They benefit from getting any possible attack filtered as much as you do, since it could impact traffic on their network for other machines as well.
     
  7. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Re: Server load high as i got many apache : /usr/local/apache/bin/httpd -k

    /sbin/iptables -I INPUT -p tcp -m state --state NEW --dport 80 -m recent --update --seconds 15 --hitcount 10 -j DROP

    Can you please give more info about the seconds 15 as i don't want to get any delay on requests....

    Is there a way to add this command using csf firewall?

    I am using already there:

    SYNFLOOD

    SYNFLOOD = ā€œ1?

    SYNFLOOD_RATE = ā€œ30/sā€

    SYNFLOOD_BURST = ā€œ10?
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: Server load high as i got many apache : /usr/local/apache/bin/httpd -k

    It means if you have any connections open for 15 seconds that are at 10 connections for the same IP for each connection that it will be dropped. There's little reason for anyone to be hitting the machine for 15+ seconds with 10 simultaneous connections.

    You have a choice here. You can either stem the attack and take the chance some users are impacted but not most or you can not stem the attack and have the machine latent for everyone. Otherwise, you can go ahead and get ahold of your datacenter, NOC or provider as already suggested.
     
Loading...

Share This Page