500+ Connections To Port 80
May 27, 2007
Someone attacked my server yesterday with a script or something. I ran # netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
and it showed me that one client made more than 500 connections to port 80, causing a load higher than 50. I disabled thread and content viewing for guests on my vbulletin forum, and the load went back to 1.5. I analyzed the apache logfile, but it doesn't show any suspicious activity for that client.
How did he manage to make more than 350 connections to my server? With a script or something? I've APF firewall installed in monolythic kernel mode with the standard rules.
How can i prevent such events in the future?
View 6 Replies
ADVERTISEMENT
May 28, 2009
I have problems configuring some ports and rules on CSF on a cPanel server.
Port 37500 is used by a Java web app, so, i opened both tcp incoming and outgoing ports:
Code:
TCP_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,37500"
TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,2087,2089,2703,37500"
Then.. to allow access from the server IP and localhost, added this at csf.allow:
Code:
tcp:in:d=37500:s=127.0.0.1
tcp:in:d=37500:s=my.server.ip.address
csf.ignore:
Code:
127.0.0.1
my.server.ip.address
And to deny all access to the server on that specific port (except for the ones I whitelisted before), added this to csf.deny:
Code:
tcp:in:d=37500:s=0.0.0.0/0
Result = no one can connect to the server on that port, not even from the web app itself, it's not connecting to the port 37500.
How can I configure port 37500 to accept local connections (from the web server) and deny all external connections?
View 6 Replies
View Related
Aug 1, 2007
When I check on port 80 connections, I get a list of few IPs with more than 100 connections.
I need to know which website / specific file being downloaded / URL is the IP accessing to? How can I do that?
View 3 Replies
View Related
Apr 12, 2007
any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?
And total connections to the box to 100?
View 6 Replies
View Related
Aug 8, 2013
I'm runnung a server with Apache2 (Apache/2.2.16 (Debian 6.0))
I would like Apache2 listen on port 8080 for IPv4 and on port 80 for IPv6.
This is what I have now:
/etc/apache2/ports.conf
View 4 Replies
View Related
Feb 19, 2008
Currently I am using Linux + cPAnel and using the port 25 for email sevrer. Currently we facing 1 problem is, some user's ISP is not support port. May I know how can I add additional port into server and allow users to send mail by different port?
View 1 Replies
View Related
Jun 21, 2009
I have an office internal website and I opened a port in the gateway of my office (7080) to this website (server )'s 80 port. That makes this website open to public as office has static IP. And then when I view the site from home . it's fine. But when I tried to login, the site is using a pop-up, I guess it's http authentciation, login, I was redirected to a url without my port number any more, that stops my access to the site as obviously I would.
How can I keep my connection/port number ...?
View 2 Replies
View Related
Jun 18, 2008
about the NIC and switch,
there are giga port vs mega port,
in your experience,do they really be different?
View 14 Replies
View Related
Jun 10, 2007
I recently changed my SSH port, but locked myself out when my APF firewall was installed.
Where would I got to add a custom port inside the APF's config file?
View 3 Replies
View Related
Dec 22, 2008
Sometimes my server surcharge load average increase at 60 , and all my configuration are OK
when i type :
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
i have : ...
View 8 Replies
View Related
Dec 21, 2008
I tried to update a plugin at my blog its a wordpress blog, as soon as the update was started that site on the server stopped working, (later on i closed the upgradation window), after few minutes website start working automatically, Now in my opinion I think that update process is still running in background thats why connections are creating continuously to that website IP.
[root@server ~]# netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
1001 serverIPhere
its even touching 1500, I tried to contact my server support but unfortunately they can investigate the issue, instead they told me to check with the following command.
netstat -plan |grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c
which is not an answer to my question. Can anybody please tell me why those connections are making to that website's IP? I don't think its a Ddos attack, because it was just started when i updated the plugin.
View 10 Replies
View Related
May 19, 2008
Could someone comment on the kind of load a VPS service can handle? If I were to run an HTTP server how many connection/sec would be realistic.
View 3 Replies
View Related
Mar 6, 2007
How many simulteanous connections to the site do alot of webhosting company usually allow with shared hosting packages. I was wondering because4 some companies say pay $$ a month get 300gb of bandwith a month. Can they limit the bandwith by limiting your simulteanous connections? I am asking because I just found out my host only allows 50 per hosting package that is on a shared server. To me that seems to be very little.
View 1 Replies
View Related
Apr 19, 2007
WARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:
Error [No response to TCP packets].
APF is installed on the server, how do I allow TCP DNS connections? I already added port 53 to ingress/egress for TCP and UDP.
View 7 Replies
View Related
Dec 20, 2007
I run this a few times a day:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
and get outputs like (just the bottom here, IPs removed):
8 IP #1
8 IP #2
8 . . .etc
8
9
9
9
9
9
10
10
11
12
13
14
15
18
19
25
26
32
32
91
The server runs gallery2, how many connections does an IP need just to browse the gallery? I'd like to block wget etc, but don't want to hurt search engine optimization (SEO). Is there a compromise, like limiting IPs to 5 connections, so the site still gets crawled, just slower?
DDoS deflate is installed: [url]
which permabans IPs with 150+ connections
Also what are the commands to block and unblock these IPs,
View 2 Replies
View Related
Oct 29, 2008
Firewall TCP Out Connections
My server started lagging up and I processed my configserver firewall logs and founds tons of TCP out connections. How can I track down which user was making these connections, if possible?
View 12 Replies
View Related
Apr 21, 2009
i have a vps, and im current use lighttpd, but i want move to litespeed Standard. And i see they limit Max Concurrent Connections =150 on standard version.
but what is Max Concurrent Connections? where can i find it.
and is it the number connection via port 80 (netstat -nt | grep :80 | wc -l)?
View 3 Replies
View Related
May 6, 2009
Has anyone worked with the cable companies on internet connections for hosting? Eg. Comcast, TW.
I worked with a sales rep for Comcast a few years ago on a solution for our offices. He worked out a line that would give us 3+mbits up speed for less then the price of a T1.
It also included a dedicated line to our offices. Would using a cable line be a bad idea for a hosting connection?
View 4 Replies
View Related
Mar 16, 2008
Most of them are from Google and Yahoo...
Server is being heavily loaded beause of this.
I guess blocking crawlers is not the most brilliant
View 6 Replies
View Related
May 2, 2008
I signed up for a hosted account with gator and I don't understand something. They tell me it's a policy change for security reasons but the simultaneous SSH connections has been limited to 2. That's just nuts. Is there a real reason why someone would limit this? i need two for editors, one for shell and one for mysql. Minimum of 4. What security concern could cause them to pick 2 as the number?
I just don't get it.
Here's what they said to me.
info: Please wait for a HostGator operator to respond.
Channel Sanderson: Hi. We're working on our website and have run into a small snag. It seems we can only have two open SSH connections at a time this week. We were able to open more a couple weeks ago. Is this something that you can change?
Kella J.: Ok, the issue is.. You are only alllowed 2, no matter what..
Channel Sanderson: I believe we are not understanding each other. We're not trying to connect 10 times in a minute. We just need more connections. 2 is insufficient. We need a minimum of 4 simultaneous connections to our server.
Kella J.: I am sorry, I checked with my admin.. he said there is only a limit of 2, period..
Channel Sanderson: This is an unnecessary limitation in my view and badly limits my ability to do what I need to do.
View 13 Replies
View Related
Sep 15, 2008
Just logged in my cPanel, and Apache Server Status shows
Parent Server Generation: 7
Server uptime: 2 hours 52 minutes 5 seconds
Total accesses: 701666 - Total Traffic: 63.7 GB
CPU Usage: u1610.22 s255.4 cu0 cs0 - 18.1% CPU load
68 requests/sec - 6.3 MB/second - 95.2 kB/request
400 requests currently being processed, 0 idle workers
I told customer service and said my website (a big forum) have 4000 people now, I felt very slow, could the slowness caused by this max apache connection setting?
I got reply: "400 seems to be as high as Apache can go. Your httpd.conf settings currently show 500 max connections enabled. If Apache is stopping at 400 then this is it's hard limit for maximum connections. Also If it was able to go even higher you would eventually run into memory issues on the server that would cause the server to crash."
Can anyone tells me if "400 requests currently being processed, 0 idle workers " is a problem or could it be the cause of the slowness. I imagin if more people request connection, and apache can't deal with that much, it has to let those request wait in the queue, therefore caused slowness or time-out.
The seem server could deal with 8000 people online before, no any problem at all and speed was quite fast. I don't know what i should do now.
View 14 Replies
View Related
Jun 20, 2008
I've had a problem a couple of times where there is a bad ftp connection to a host. A trace reveals that there is a node timing out. What is a good way to work around this. Web based ftp client or other solution?
View 0 Replies
View Related
May 15, 2008
How can I Limit connections per IP in IIS6?
For example 10 connection per IP is allowed in a minute.
View 0 Replies
View Related
Apr 2, 2008
my server always have problem about the mysql connection:
Discuz! info: Can not connect to MySQL server
Time: 2004-5-14 8:55am
Script: /index.php
Error: Too many connections
Errno.: 1040
Similar error report has beed dispatched to administrator before.
i find the solution:
add "set-variable = max_connections=1000" in my.cnf file
but didnt find the file my.cnf,my control panel is directadmin,
View 6 Replies
View Related
Jan 16, 2008
My PHP application is starting to reach max mysql server user connections limit (currently set to 60). I listed mysql process list in phpmyadmin and found there lot of queries with status "LOCKED" these hang there for a long time(not always just sometimes - twice a day) and then connection limit is reached. It causes load average about 40 for as long as 10 - 20 minutes
I think it may be bacause of query structure. There are some queries with many inner joins...
Here is typical situation from phpmyadmin's process list:
1. select ... from table_1
inner join table_2
inner join table_3
inner join table_4
inner join table_5
This show status : "Copying to tmp table" in phpmyadmin
2. update table_2 set ....
This shows status: Locked
3. select ... from table_2
This shows status: Locked
Seems then when temp table is being created the table_2 is locked and it cannot make update to table_2. or maybe it's locked because of just that update on table_2.
I want to avoid of creating temp tables... Can it help if I'll make separate selects without large table joins ?
View 3 Replies
View Related
Jan 7, 2007
My site is hosted on Dreamhost and gets over 1 million hits a day. The site is highly optimized, so it can handle the load easily without slowing the server down. Most pages have a loading time of under 0.2 seconds.
However, Dreamhost is telling me now that I'm using up too many "connections" and have limited my connections to 150 every 3 seconds (or so they say). Now 503 errors are coming up left and right, and its highly annoying to me and my users. Oh, and Dreamhost has mentioned several times that I'm oh such a very good candidate to upgrade to $400/mo dedicated hosting (from $8/mo currently).
So my question is, is this connection restriction really a valid concern of Dreamhost or are they just trying to milk me for money because my site is popular?
View 22 Replies
View Related
May 31, 2008
on setting up some sort of firewall who only allows 10 connections from the same ip to avoid spamming, abuse on the server.
How should i do this?
View 3 Replies
View Related
Jan 19, 2007
is a way to understand whats the bext max apache settings for me?
Maybe to look over httpd-status requests currently being processed and the number of idle servers or the number of strokes?
Or probably the best way is to use some benchmark application but then i am not sure how to test my config?
View 4 Replies
View Related
Nov 2, 2007
I currently have two 30/10 MB connections and I am hosting a MMO Gaming server on one of them. I have seen some topics on some forums but never really had the need to do this but now since I am getting quite a few users It would be best for me to start looking for a way to upgrade my connection. This is the fastest connection in my area. Anyways I remember hearing about a router that could combine two connections. And I was wondering could this work hosting a gaming server? I think i remember someone saying that i could setup a domain to route the server to connect to both the ips allowing twice the amout of people to connect to the server with out (connection) lag. I was wondering if this is true.
And if someone would link me to your unrecommended hardware that would be great.
View 11 Replies
View Related
Mar 28, 2007
I plan on installing dos_evasive as it can temporarily kill/ban an IP that makes over X amount of connections.
I ran netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n, and this is what I got:
10 218.111.214.231
10 219.95.251.185
10 222.124.226.228
10 58.187.167.20
10 61.94.234.75
10 62.168.125.217
10 82.160.42.74
10 87.116.131.18
10 89.41.71.178
11 200.193.24.226
11 218.186.9.1
11 219.93.199.121
11 220.235.171.64
11 59.128.43.234
11 60.53.77.34
11 63.109.246.234
11 83.20.72.102
11 83.237.102.75
11 84.234.144.107
11 88.226.100.145
11 88.240.137.82
12 195.229.236.216
12 203.79.252.192
12 212.90.248.182
12 220.132.87.2
12 80.130.75.239
12 82.114.184.16
12 83.26.18.242
12 85.30.223.227
12 86.108.127.28
12 87.109.49.69
12 88.247.64.131
13 200.52.193.228
13 202.155.71.40
13 222.124.172.177
13 82.116.129.110
14 195.93.21.1
14 41.251.65.79
14 80.5.154.95
14 81.10.80.75
14 82.224.40.111
14 86.17.117.193
15 196.218.42.134
15 201.19.134.99
15 212.200.185.213
15 217.171.180.249
15 218.208.196.224
15 222.124.101.183
15 80.134.70.222
15 85.160.97.238
15 88.232.120.183
16 200.188.254.9
16 200.52.193.236
16 212.118.15.140
16 81.192.124.52
16 83.14.145.170
16 85.138.71.91
16 87.207.16.154
16 89.113.75.141
17 61.196.234.202
17 82.89.37.29
17 86.135.231.183
18 80.232.249.45
18 82.114.184.206
18 88.101.26.210
19 163.121.149.170
19 194.29.137.41
19 194.44.45.13
19 195.242.99.125
19 196.202.14.244
19 196.218.117.135
19 202.158.121.223
19 81.67.245.180
19 84.255.141.132
20 200.52.193.229
20 219.83.5.20
20 88.229.128.50
20 89.245.120.136
21 196.218.143.124
21 203.130.201.196
21 63.170.84.176
21 66.249.72.173
21 72.14.207.191
21 81.192.135.224
21 82.66.227.150
21 84.29.1.151
22 155.143.244.17
22 195.207.101.112
22 202.153.240.168
22 61.94.125.143
22 85.101.146.161
23 124.106.151.75
23 88.149.99.7
24 82.77.27.129
24 88.16.34.231
25 160.39.145.94
25 202.153.240.70
25 216.125.127.12
26 196.205.97.92
26 200.104.157.183
26 202.163.117.8
26 213.180.127.198
26 60.50.95.39
26 85.71.230.49
27 194.29.137.52
27 195.189.142.249
27 201.226.162.206
27 210.6.13.208
27 81.203.41.204
27 86.90.238.96
28 193.0.240.121
28 212.76.37.150
28 89.120.133.44
29 125.162.66.116
29 74.53.121.131
30 203.222.202.121
30 213.39.219.81
30 71.109.116.122
31 222.124.143.18
31 89.34.87.91
33 193.0.240.113
33 201.9.175.242
33 212.71.37.101
33 70.68.249.239
33 81.77.85.207
34 195.229.236.215
34 86.123.142.128
35 72.49.255.217
35 85.31.137.11
36 193.231.17.50
36 202.69.97.206
36 90.156.29.82
37 77.122.158.251
37 89.40.138.184
38 121.52.52.6
38 203.218.71.132
38 82.167.71.189
39 213.17.10.87
40 196.218.145.82
40 201.22.94.226
40 206.73.210.65
40 86.9.66.1
41 152.78.243.248
42 201.220.93.84
42 210.5.121.190
43 196.204.241.250
43 196.218.89.213
44 196.218.96.82
46 84.56.103.77
48 125.212.148.112
48 41.251.69.199
49 83.203.134.84
50 213.119.151.116
50 80.133.209.50
52 81.38.15.124
53 195.245.232.26
54 88.0.63.179
57 82.201.222.144
57 83.131.27.137
57 84.226.41.129
61 129.215.149.96
64 195.113.227.31
65 198.150.36.49
65 61.102.87.80
71 84.56.109.139
73 82.216.54.222
76 196.218.136.202
76 87.118.157.79
77 89.35.90.211
78 59.127.203.49
79 81.10.35.77
81 82.148.97.68
82 213.171.62.94
84 84.36.132.189
104 213.6.215.214
108 213.51.9.184
108 41.250.0.35
110 83.41.58.76
125 84.22.2.55
132 87.209.11.249
155 196.218.142.212
165 195.242.99.84
176 200.73.225.104
190 62.135.105.86
2946 195.242.99.102
server:/#
Does that look normal to you? Because I read somewhere that you should allow no more then 30 connections per IP. But most are taking much more then that.
View 8 Replies
View Related
Jan 7, 2007
I'm currently using MySQL 4.1.12 for Windows 2003, and I need to know how much possible connections can MySQL achieve? I'm currently around 650. I'm having 4 new servers online, and that will bring my total concurrent connections to 1000+.
how high it can go?
View 3 Replies
View Related
