24000 Httpd Connections Over My Server
Mar 17, 2007
As you can see.. there are LOT of connections, checked the network traffic with the NOC, and there is no attack to this server, also, load average is just fine ( fine to handle thos 24000 connections ) :
Code:
top - 16:22:06 up 1 day, 4:10, 1 user, load average: 2.35, 1.92, 1.80
Tasks: 486 total, 3 running, 483 sleeping, 0 stopped, 0 zombie
Cpu(s): 18.1% us, 15.8% sy, 0.0% ni, 57.8% id, 8.0% wa, 0.3% hi, 0.0% si
Mem: 2074864k total, 2057424k used, 17440k free, 28292k buffers
Swap: 2048276k total, 536k used, 2047740k free, 1254496k cached
Code:
[root@server.com~]netstat -an | grep :80 | awk '{ print $5 }' | awk -F: '{ print $1 }' | sort | uniq -c | sort -n
1 165.98.162.70
1 189.131.41.44
1 189.148.21.71
1 189.162.12.79
1 190.40.197.20
1 190.40.221.8
1 190.42.165.10
1 190.56.52.170
1 190.82.40.239
1 190.83.16.78
1 190.86.112.232
1 196.218.61.109
1 200.0.251.141
1 200.107.182.157
1 200.117.132.42
1 200.127.9.187
1 200.127.93.33
1 200.26.154.213
1 200.45.154.172
1 200.45.95.106
1 200.55.33.114
1 200.64.167.167
1 200.65.120.103
1 200.65.224.31
1 200.65.90.116
1 200.81.215.68
1 200.86.145.51
1 200.91.196.101
1 201.13.148.63
1 201.216.210.81
1 201.217.21.18
1 201.221.165.235
1 201.223.163.188
1 201.223.58.53
1 201.225.168.66
1 201.229.227.19
1 201.232.67.214
1 201.252.177.89
1 201.42.47.152
1 201.66.167.80
1 208.35.120.69
1 213.230.57.171
1 213.99.203.36
1 217.15.46.97
1 41.250.35.182
1 62.57.223.4
1 64.12.116.198
1 66.50.4.169
1 70.157.51.76
1 80.103.194.241
1 80.103.244.9
1 80.35.105.72
1 81.167.76.64
1 81.172.59.38
1 81.184.125.159
1 81.42.136.159
1 83.175.216.139
1 83.34.75.215
1 83.40.177.122
1 83.56.243.100
1 83.61.202.162
1 84.172.114.77
1 84.76.47.159
1 84.78.51.134
1 85.59.105.82
1 85.59.44.144
1 85.84.196.176
1 87.217.248.132
1 87.9.3.227
1 88.13.59.80
1 88.14.151.83
1 88.243.44.243
1 88.6.193.57
1 89.52.119.106
1 91.5.25.69
2 148.240.103.239
2 148.240.106.145
2 189.160.98.131
2 189.164.91.133
2 190.24.64.111
2 190.5.196.42
2 195.159.192.94
2 195.160.204.167
2 200.122.26.161
2 200.255.166.196
2 200.58.31.210
2 200.65.200.61
2 200.81.220.213
2 200.82.241.167
2 201.20.119.160
2 201.228.198.9
2 201.228.81.192
2 201.240.236.4
2 201.243.14.219
2 62.83.224.234
2 69.134.194.23
2 80.58.205.32
2 81.36.149.153
2 82.158.193.220
2 83.29.165.39
2 83.33.149.36
2 84.202.151.213
2 85.201.148.63
2 87.19.141.251
3 189.162.4.190
3 190.40.133.222
3 190.6.165.21
3 190.65.7.162
3 200.116.118.133
3 217.216.179.124
3 62.141.241.95
3 83.147.147.5
3 84.18.27.169
3 84.32.123.132
3 84.43.139.236
3 88.226.253.180
3 88.7.73.248
4 189.149.5.151
4 189.158.190.132
4 190.20.81.151
4 200.124.163.127
4 88.244.203.111
5 201.240.15.181
8 212.163.9.11
38 201.143.175.190
46 190.82.179.24
24537
85 % of this apache requests, are in TIME_WAIT state as:
Code:
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:85.48.70.56:49910 TIME_WAIT
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:81.44.96.178:10681 TIME_WAIT
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:200.106.71.33:15028 TIME_WAIT
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:200.106.71.33:15028 TIME_WAIT
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:66.201.171.211:20470 TIME_WAIT
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:81.37.198.134:29218 TIME_WAIT
tcp 0 0 ::ffff:SERVERIP:80 ::ffff:83.52.36.230:28849 TIME_WAIT
Also, dmesg shows this.
Code:
ip_conntrack: table full, dropping packet.
printk: 643 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 844 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 665 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 755 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 667 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 735 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 664 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 760 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 666 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 606 messages suppressed.
ip_conntrack: table full, dropping packet.
printk: 723 messages suppressed.
ip_conntrack: table full, dropping packet.
ip_tables: (C) 2000-2002 Netfilter core team
ip_conntrack version 2.1 (8192 buckets, 65536 max) - 340 bytes per conntrack
printk: 257 messages suppressed.
I already tried to ha handle this using: echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max, but the problem stills.
Im using a plain redhat es 4 server, latest kernel-smp, apache 2.x with mod_evasive.
View 6 Replies
ADVERTISEMENT
Apr 13, 2007
When I SSH'd into my box, I received this message:
example.pl is on this server. HTTPD connections have been limited to restrict this script from overloading server. All servers that have hosted this file need to have extremely limited http connections or have this file removed. It is poorly written and intense on CPU/memory.
How do I go and allow example.pl to be run on my server again? I use it solely for personal sites, so I wish to not have this file blocked and be allowed to run. I've searched for almost an hour now so I figured I would go ahead and post to see if any more experienced members could assist.
View 3 Replies
View Related
Feb 6, 2007
i am using seperate server for sql .But my httpd server failed many time when i checked maximum number of httpd connection then my sql server using too many connection what is the reason of this problem . Is my sql server using as a slave in a ddos attack or sql server need http connection?
View 2 Replies
View Related
Jun 24, 2009
There use to be a thread on here but because of the wht hack, it didn't get saved...so now I can't go back to it.
It was a command in ssh that printed out a number of connections. Like 12,000 or something.
View 4 Replies
View Related
Mar 23, 2007
Im Searching for a good server at a real cheap price. I also need a new network connection (wireless) <<< do anyone know were i connect my new connection too because im using aol and tired of missing business calls so thank you also this is my Home Computer not a a office Computer.
View 0 Replies
View Related
Oct 29, 2013
Webserver is restarted all TCP connections randomly. we are not able to get any error into errorlog file.
Webserver close all TCP connection and start created new TCP connection for new request.
AcceptFilter http none
AcceptFilter https none
Also, conf file is saying that
Defaults Values are:
EnableMMAP On
EnableSendfile Off
Not sure what's wrong with server.
We have installed "Apache 2.4.6-x86 server" on Win 2008 R2 Standard server (64-Bit).
Also, we are using mod_jk module for connecting to tomcat server "tomcat-connectors-1.2.37-windows-i386-httpd-2.4.x.zip".
View 4 Replies
View Related
Nov 29, 2008
Whats the best dedicated server provider in Germany with connections to the east to Asia...?
I need a server around 300 Euros / month
RAID, daily backup, cPanel, Redhat
View 11 Replies
View Related
Jan 24, 2007
OS: Linux, on Apache 2.0
=======
Would you know and kindly tell me if there's a way to limit X number of connections per hosted site?
Because I don't want someone with high traffic forum unfairly stealing most connections for himself, which makes other sites suffer in performance.
View 1 Replies
View Related
Apr 7, 2014
I am interested to know number of current connections in my Apache server
Server version: Apache/2.2.15 (UNIX)
OS : Solaris 5.10
View 5 Replies
View Related
Apr 19, 2009
My httpd server continuosly failing i have to set or restart it manually how can i set auto incase if its restart failed.
View 11 Replies
View Related
Aug 12, 2008
I will be running Plesk.
I only need 1 user, Administrator with full Remote Desktop Connection access.
But I need to be able to serve websites using Plesk.
View 2 Replies
View Related
Jun 18, 2014
Since the update I have a problem with my Firewall. I need to set "Allow all incoming connections" under "Server => Firewall" in order to connect over FTP with TLS (explicit). This was working before the update without allowing all incoming connections. How to fix this in the Plesk panel?
View 2 Replies
View Related
Jun 5, 2009
as default,we may install all the feature on the server,
but i find some shared hosting server provider install web httpd on the front,
and mysql on another one,
could you share your experience about how do you do now?
View 9 Replies
View Related
Dec 15, 2007
24 hours ago something wired happend..
For some reason httpd is causing high serverload.
ATM : 22:44:17 up 22:17, 2 users, load average: 6.23, 6.12, 8.88
U
Will keep gooing up and httpd need to be restartet when serverload comes up to 30.
The traffic on the server is normal, no changes is made on the server.
View 5 Replies
View Related
Jan 28, 2015
My Customers and I have Problems connecting to IMAP-Server. By moving through IMAP Folders I get the Massage "Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server"
I know this Article: [URL] ... and all the other related to this issue.
[Code].....
View 9 Replies
View Related
Mar 13, 2008
my server will revert to its old host name and stop working. Old host name was (in) and the new one is (zonto). Then, the server will eventually crash HTTPD. There is enough ram, there is small cpu usage. HTTPD is restarted and then it says it can't connect to local host blah blah. I checked EVERYWHERE, the new host name is set. Is there a host name issue some where else? I change it via the hostname command and changed all of the files.
View 14 Replies
View Related
Nov 22, 2007
I am not being able to restart the server, or MySQL or httpd via SSH.
PHP Code:
root@server [~]# /etc/init.d/httpd fullstatusLooking up localhostMaking HTTP connection to localhostAlert!: Unable to connect to remote host.lynx: Can't access startfile http://localhost/server-statusroot@server [~]#
PHP Code:
root@server [~]# /etc/init.d/mysql reload/etc/init.d/mysql: line 244: kill: (3375) - No such processtouch: cannot touch `/var/lib/mysql/server.lubnan.us.pid': Read-only file system
View 14 Replies
View Related
May 5, 2007
For my website I have a server which houses all of my gallery IMAGES of my user profiles. There are over 100,000 images on the server and it's only purpose is to provide those images with http.
However, the http server also has PHP installed, and it's only purpose is for uploading new images. Therefore users eventually get redirected to the images server where they can upload the image.
This all works, but in the future I want to remove the PHP side to the server. I also want to change the whole server program from Apache to Lighthttpd. This is because, lighthttp is a very low overhead web server program, but also provides very little features.
So I was wondering, if I was to do so, and since PHP is not installed, then I would have to make the upload pages on the main http server (which has PHP and Apache). Then I would have to make the main server send the uploaded image to the the lighthttp server via some sort of the scp system call, via PHP. I know that this IS possible, but when it comes down to security holes and so on, would this method really be worth it?
Generally I want to have the lighthttp setup only because it eliminates having to have any dynamic content. Obviously this can also be done with apache (removing dyanmic content), but lighthttp may be more efficient for static content.
View 3 Replies
View Related
Feb 28, 2008
I have a server that has server load showing at 25-40 (once it was even 53!), running like that for hours. The server has 4 cpus - and yet the sites on the server seem to run fine when I check them. What I'm wondering is, what exactly is load in this context; and how can load run so high like that without the server crashing?
According to top, the load is caused by httpd processes running under user 'nobody', that often take up double digit CPU percentage.
Does Apache always run under 'nobody'?
Is there any way to trace an httpd processes - which account it's for, or which physical script or URL is calling it?
And for top itself, the TIME field on one server of mine is in the format xx:xx (e.g. 3:25), on another it's TIME+ and in the format xx:xx.xx (e.g. 30:02.77). What exactly does this mean? I would asume it's minutes:seconds and minutes:seconds:hundredths, but while watching top it doesn't seem to correlate with that.
View 11 Replies
View Related
Mar 23, 2008
a topic long time ago that my server load is frequently high.
I'm talking about something like this
Server Load 158.86
Memory Used 28.2 %
Swap Used 99.57 %
[url]
The only way to solve this problem is to identify the load earlier and kill all httpd process. What I did was
#killall -9 httpd
#killall -9 httpd
#killall -9 httpd
x 30~40 times until no pid process found & the server load is back to normal.
On previous thread, I tried to update mysql & php and it works,
Right now again I am experiencing high server load again...
I'm very sure it's caused by httpd but I am still unable to find out the real cause of the problem and which account user is the culprit for causing this high load.
Can someone assist me by telling me where/how to begin with?
View 4 Replies
View Related
Feb 20, 2007
My Dedicated server is being slow - hopefully someone can give a helping hand
Processor: AMD Single CPU Dual Core Athlon 4200
Memory: 2048MB RAM
Primary Hard Drive: 160GB
Operating System : CentOS 4.x X86_64 Bit
Control Panel: CPanel
uplink port: 100
Apache version 1.3.37
php 4.4.4
View 9 Replies
View Related
Nov 25, 2007
When i go to my website or any page under the domain it's just white. Blank nothing, nada.
"Failed to receive status information from Apache. Unable to connect to local httpd server."
This error message appears when i click on "apache status".
Is this because of the network issue? Or is it because of something I did myself?
I did a google search and came up on some solution, I did them and nothing.
View 2 Replies
View Related
Nov 7, 2007
We have a VPS Server from one of the most reputable VPS Provider. We have 384 Guaranteed RAM and 1GB Burst. We have Dual Core AMD Opteron(tm) Processor 265 - 1795.503 MHz with 1024 KB cached allocated to our VPS.
It is only hosting 2 average forums (10-15 concurrent users in total) and 30 small websites, low traffic websites.
The problem we are having is, almost 3 times a week, the cPanel, named and apache services keeps stopping. I am monitoring our server when this is happen and prior to the event its only using about 300MB RAM and low CPU..
What could be causing this problem? Do I need to upgrade our RAM?
View 2 Replies
View Related
May 17, 2014
Our server is running; Plesk 11.0.9 and CentOS 5.7 it has a Q8200 CPU @ 2.33GHz and 2GB of RAM. Now there are just two websites on the server plus a couple of redirects/forwarding domains, although lots of domains are still on the server but turned off in Plesk. Both websites are OSCommerce sites and I just need to keep these sites going until the end of the year when we will switch to our new Joomla based website.
We have seen an increasing number of server crashes and after various checks of the logs, fitting a new BIOS battery, check of the hardware by EasySpace who host the server, installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software), I have traced it down to some external Http activity that is taking all of my CPU time and RAM. Here is a screen capture of the Htop listing and when I killed these processes the CPU and RAM went back to normal. The problem is that I usually have to restart the HTTPD service and sometimes things get so bad that the server crashes and I have to request a power cycle.
View 8 Replies
View Related
Sep 1, 2007
I trying:
Code:
[root@serwer /]# httpd restart
/usr/sbin/httpd restart: httpd not running, trying to start
/usr/sbin/httpd restart: httpd could not be started
Code:
[root@serwer /]# /etc/rc.d/init.d/httpd configtest
Syntax OK
Help
View 7 Replies
View Related
Feb 20, 2008
I have a cPanel server with 4GB RAM
My server hangs time to time, once or twice a day. This is the last status when it happens.
Server Load 75.90 (2 cpus)
Memory Used 92 %
Swap Used 65.78 %
When I was still inside SSH when it happens, the processes I can see inside "top" are a lot of httpd processes.
So I "killall -9 httpd", I had to do it 30~40 times
#killall -9 httpd
#killall -9 httpd
#killall -9 httpd
x 30~40 times until no pid process found & the server load is back to normal.
Before that, I check httpd fullstatus, they look very normal, same goes to what I see inside WHM Apache status & cpu usage status.
At first I thought it was a memory problem after consulting with a server admin, so I replaced all 4GB new ram stick (such a waste)
View 12 Replies
View Related
Dec 22, 2008
Sometimes my server surcharge load average increase at 60 , and all my configuration are OK
when i type :
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
i have : ...
View 8 Replies
View Related
Dec 21, 2008
I tried to update a plugin at my blog its a wordpress blog, as soon as the update was started that site on the server stopped working, (later on i closed the upgradation window), after few minutes website start working automatically, Now in my opinion I think that update process is still running in background thats why connections are creating continuously to that website IP.
[root@server ~]# netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
1001 serverIPhere
its even touching 1500, I tried to contact my server support but unfortunately they can investigate the issue, instead they told me to check with the following command.
netstat -plan |grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c
which is not an answer to my question. Can anybody please tell me why those connections are making to that website's IP? I don't think its a Ddos attack, because it was just started when i updated the plugin.
View 10 Replies
View Related
May 19, 2008
Could someone comment on the kind of load a VPS service can handle? If I were to run an HTTP server how many connection/sec would be realistic.
View 3 Replies
View Related
