The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server load is normal but number of apache hits to the server.

Discussion in 'Security' started by prashantp786j, May 29, 2013.

  1. prashantp786j

    prashantp786j Active Member

    Joined:
    Jan 16, 2009
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    we have a server with only 8 domains and 16 gb ram. server load is normal but there are number of apache hits to the server. apache is optimized already as per the RAM.
    There are number of IP connections around 200+.
    CSF Firewall is installed on the server.

    How to overcome this issue, apart from mod_evasive?

    Any suggestions to this highly appreciated.
     
  2. LucasRolff

    LucasRolff Member

    Joined:
    May 27, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Have you checked what the IPs actually try to do? If they're contacting any websites, or just making connections to the server, by using tcpdump, or netstat --inet -nlap
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It will be difficult for you to control a DOS attack without a third-party firewall or network-level solution designed to block the attack. The following thread is designed for high server loads, but may also be useful for you to review.

    Troubleshooting high server loads on Linux servers

    I have moved this over to the security forum, as you may receive more input there for this type of issue.

    Thank you.
     
  4. prashantp786j

    prashantp786j Active Member

    Joined:
    Jan 16, 2009
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Hi Mick,

    Thanks for the response and giving the right direction to control the server load..

    This server is getting number of apache hits for a domain only and those hits are lot in few seconds. Due to which apache goes down and site gets unable access.
     
    #4 prashantp786j, May 30, 2013
    Last edited: May 30, 2013
  5. prashantp786j

    prashantp786j Active Member

    Joined:
    Jan 16, 2009
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    anyone has some words on this ?
     
  6. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    As Michael said, a third party solution may be required if the attack you are seeing is anything but the simplest. IF it is very simple, then you may be able to achieve a little succor using CSF. For example see http://configserver.com/free/csf/readme.txt section 16. Port Flood Protection

    if the site is unimportant to you in the grand scheme of things and the account is on a dedicated IP then null routing this by dropping it from the system is an option, however as you only have eight accounts on the box I'm imagining this is unlikely as an option.

    NB: Many thanks for giving me the opportunity to use the word succor :p
     
Loading...

Share This Page