server load is normal but number of apache hits to the server.

prashantp786j

Active Member
Jan 16, 2009
28
0
51
Hi,

we have a server with only 8 domains and 16 gb ram. server load is normal but there are number of apache hits to the server. apache is optimized already as per the RAM.
There are number of IP connections around 200+.
CSF Firewall is installed on the server.

How to overcome this issue, apart from mod_evasive?

Any suggestions to this highly appreciated.
 

LucasRolff

Well-Known Member
Community Guide Contributor
May 27, 2013
141
84
78
cPanel Access Level
Root Administrator
Have you checked what the IPs actually try to do? If they're contacting any websites, or just making connections to the server, by using tcpdump, or netstat --inet -nlap
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

It will be difficult for you to control a DOS attack without a third-party firewall or network-level solution designed to block the attack. The following thread is designed for high server loads, but may also be useful for you to review.

Troubleshooting high server loads on Linux servers

I have moved this over to the security forum, as you may receive more input there for this type of issue.

Thank you.
 

prashantp786j

Active Member
Jan 16, 2009
28
0
51
Hi Mick,

Thanks for the response and giving the right direction to control the server load..

This server is getting number of apache hits for a domain only and those hits are lot in few seconds. Due to which apache goes down and site gets unable access.
 
Last edited:

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
As Michael said, a third party solution may be required if the attack you are seeing is anything but the simplest. IF it is very simple, then you may be able to achieve a little succor using CSF. For example see http://configserver.com/free/csf/readme.txt section 16. Port Flood Protection

if the site is unimportant to you in the grand scheme of things and the account is on a dedicated IP then null routing this by dropping it from the system is an option, however as you only have eight accounts on the box I'm imagining this is unlikely as an option.

NB: Many thanks for giving me the opportunity to use the word succor :p