server load is normal but number of apache hits to the server.

[prashantp786j]

Hi,

we have a server with only 8 domains and 16 gb ram. server load is normal but there are number of apache hits to the server. apache is optimized already as per the RAM.
There are number of IP connections around 200+.
CSF Firewall is installed on the server.

How to overcome this issue, apart from mod_evasive?

Any suggestions to this highly appreciated.

 

[LucasRolff]

Have you checked what the IPs actually try to do? If they're contacting any websites, or just making connections to the server, by using tcpdump, or netstat --inet -nlap

 

[cPanelMichael]

Hello

It will be difficult for you to control a DOS attack without a third-party firewall or network-level solution designed to block the attack. The following thread is designed for high server loads, but may also be useful for you to review.

Troubleshooting high server loads on Linux servers

I have moved this over to the security forum, as you may receive more input there for this type of issue.

Thank you.

 

[prashantp786j]

Hi Mick,

Thanks for the response and giving the right direction to control the server load..

This server is getting number of apache hits for a domain only and those hits are lot in few seconds. Due to which apache goes down and site gets unable access.

 

[prashantp786j]

anyone has some words on this ?

 

[ThinIce]

As Michael said, a third party solution may be required if the attack you are seeing is anything but the simplest. IF it is very simple, then you may be able to achieve a little succor using CSF. For example see http://configserver.com/free/csf/readme.txt section 16. Port Flood Protection

if the site is unimportant to you in the grand scheme of things and the account is on a dedicated IP then null routing this by dropping it from the system is an option, however as you only have eight accounts on the box I'm imagining this is unlikely as an option.

NB: Many thanks for giving me the opportunity to use the word succor :p