Too much connections from 127.0.0.1

[maxo-tt]

hello people. i have one big problem that cant fix with myself. searched google but nothing found...

so time to time(not usualy the same time or same interval) i'm getting about 300 connection from 127.0.0.1 and apache hangs till i restart it...

i use this command to count connections per ip.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

may it be ddos attack? if so, how it may be connections from localhost?

that's my apache2 config. any idea?

Timeout 30
TraceEnable Off
ServerSignature Off
ServerTokens ProductOnly
FileETag None
StartServers 10
<IfModule prefork.c>
MinSpareServers 5
MaxSpareServers 30
</IfModule>
ServerLimit 600
MaxClients 600
MaxRequestsPerChild 0
KeepAlive Off
KeepAliveTimeout 2
MaxKeepAliveRequests 100

system:
WHM 11.34.1 (build 5)
Centos 6.3
Apache/2.2.23

server: 2X xeon x5570 Ram: 24GB

 

[JaredR.]

Are you by chance using any kind of caching or proxy system, anything like nginx?

 

[maxo-tt]

no, nothing at all. i have just installed cpanel and nothing more... almost everything default... just installe some security modules from EasyApache and increased some apache settings...

p.s

apache loaded modules:

Loaded Modules:
 core_module (static)
 authn_file_module (static)
 authn_default_module (static)
 authz_host_module (static)
 authz_groupfile_module (static)
 authz_user_module (static)
 authz_default_module (static)
 auth_basic_module (static)
 include_module (static)
 filter_module (static)
 deflate_module (static)
 log_config_module (static)
 logio_module (static)
 env_module (static)
 expires_module (static)
 headers_module (static)
 unique_id_module (static)
 setenvif_module (static)
 version_module (static)
 proxy_module (static)
 proxy_connect_module (static)
 proxy_ftp_module (static)
 proxy_http_module (static)
 proxy_scgi_module (static)
 proxy_ajp_module (static)
 proxy_balancer_module (static)
 ssl_module (static)
 mpm_prefork_module (static)
 http_module (static)
 mime_module (static)
 status_module (static)
 autoindex_module (static)
 asis_module (static)
 info_module (static)
 suexec_module (static)
 cgi_module (static)
 negotiation_module (static)
 dir_module (static)
 actions_module (static)
 userdir_module (static)
 alias_module (static)
 rewrite_module (static)
 so_module (static)
 qos_module (shared)
 frontpage_module (shared)
 bwlimited_module (shared)
 auth_passthrough_module (shared)
 fastinclude_module (shared)
 suphp_module (shared)
 security2_module (shared)

maybe you talking about apache2 proxy module?

they were activated by default. i'll disable it...

 proxy_module (static)
 proxy_connect_module (static)
 proxy_ftp_module (static)
 proxy_http_module (static)
 proxy_scgi_module (static)
 proxy_ajp_module (static)
 proxy_balancer_module (static)

 

[JaredR.]

I was not referring to Apache's mod_proxy. I was referring to nginx and other third-party caching and proxy systems that do not come with cPanel but our customers sometimes install.

mod_proxy needs to be enabled in order for cPanel's proxy subdomains (whm.domain.tld, cpanel.domain.tld, webmail.domain.tld) to work, which is why it is enabled by default. I apologize for any confusion, but it is not what I was trying to ask about.

We would be happy to take a look to see if anything in cPanel is causing the connections from 127.0.0.1, if you submit a ticket.

 

[maxo-tt]

yes, i've disabledmod_proxy but the same again...

i noticed that mod_prefork causes this hang. 2 days ago i've switched to mod_worker, and got good uptime. no crash.

then i returned to prefork, and apache started crash. now using worker.. but worker needs more resource ....

i'll submit a ticket asap.

i did it
Request Id:3595683


p.s
i did custom script that checks apache and restarts if hang. sends also mail. works so...

if ( wget --timeout=7 --tries=1 http://localhost/robots.txt )

thats log to see hang interval