Is there a way to protect apache server from overload? For example Nginx has a module called SysGuard when system load or memory use goes too high all subsequent requests will be redirected to the URL specified by the 'action' parameter.
Today i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances.
Is there any good way to protect Apache against it ?
We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.
Here is the copy of text I found on one site about mod_evasive:
Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…
Is there any solution for such type of attack with Keep Alive disabled?
i want to kill apache/http and restart it again automatically. i need this because sometime we are not in front of the server to fix an overload issue immediately, which can affect a server very badly. i believe many of us already face this kind of situation and hope there is some kind of script or way to do this.
I have heard a lot of cases when customers used forbidden PHP scripts on shared servers and as a result their accounts were suspended due to the server overload. I am just wondering what scripts it is desirable not to use within shared hosting packages?
I have heard a lot of cases when customers used forbidden PHP scripts on shared servers and as a result their accounts were suspended due to the server overload. I am just wondering what scripts it is desirable not to use within shared hosting packages?
I have a fairly busy server, and received a High Load warning from my firewall monitoring software. Showing a high 5 minute load average alert of 13.89.
I'm presuming extra memory and a more powerful CPU would be required to sort this out?
Time: Thu Jul 3 12:22:06 2008 1 Min Load Avg: 42.90 5 Min Load Avg: 13.89 15 Min Load Avg: 5.82 Running/Total Processes: 51/359
Output from ps: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ...
I have been receiving these a couple time a day lately and not sure what to do or how to go about checking what might be overloading the server. IF this looks familiar to anyone, I'd appreciate some helpful tips. I'm still a novice, but can muddle my way around the server if given enough guidance. Here is the email I've been getting:
"IMPORTANT: Do not ignore this email. This is cPanel stats runner on host.myserverhost.com! While processing the log files for user xxxxxxx, the cpu has been maxed out for more than a 6 hour period. The current load/uptime line on the server at the time of this email is 19:20:10 up 2 days, 7:06, 0 users, load average: 15.17, 13.24, 8.00 You should check the server to see why the load is so high and take steps to lower the load. If you want stats to continue to run even with a high load; Edit /var/cpanel/cpanel.config and change extracpus to a number larger then 0 (run /usr/local/cpanel/startup afterwards to pickup the changes)."
I guess my question is, how would I go about determining what is causing the excess load? Seems to happen even when not many folks are on my site.
I'm on a low-end dedicated server that I run 2 decent sized blogs on. I'm getting several traffic spikes a day where the load goes through the roof and I think I need my server optimized.
My server admin says I need a bigger server and he has never steered me wrong but this is ridiculous:
My blogs use Wordpress as its blogging platform....I know they hog server resources and I've recently installed Super cache so that seems to help.
I average about 5,000 pageviews a day and I would think even a low-end box should handle this but maybe I am wrong.
I will be storing personal customer information in mysql, so security is driving all my requirements. I was thinking the architecture will be :-a dedicated web server within a DMZ and placed behind a firewall and border router.
a dedicated database server inside the internal network behind another firewall, All running Linux
building out and management of the servers to be done by hosting provider or third party Please feel free to comment on this setup.
QuestionsIs a reverse proxy a benefit for security.
Am I right in saying that a reverse proxy hides the OS and server details from prying eyes and provides another layer of security
if a reverse proxy server is a benefit, is it normally the default architecture at most reputable hosts.
I have few scripts, but hackers again upload at some way c99, and hack some SMF forums at server. Server like server they cannot hack, but user account they can. So please tell me what you advice?
I have dedicated server at GoDaddy and I am hosting very important web service for our company. We have only one HDD on server and no FTP backup. What is the best method to protect data and whole server from HDD crash? Is it enough to add second HDD?
i did make a big message on here but it deleted when i back spaced
my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.
i have vps 512 MB ram From HostForWeb working Fine! in 160 websites! Hosted But! in swvps.com with 2 gig ram! Low Working! OverLoad and CPU Usage is Red Alert But HostForWeb VPS with 512 MB Ram good Working I Dont Know Why SWvps.com Is Low with 2 gig ram for me?
I am not sure if my dedicated server is being attacked or if it is legitimate traffic. I need help figuring out the difference and if it is an attack, how to prevent it, and if it is legitimate traffic, how to configure the server to handle the load.
SoftwareCentOS 5.3-32 Apache2 MySQL 5 PHP 5 When I do ps aux|grep httpd|wc -l I get the count of current connected clients of 259 which is always maxing out my MaxClients of 256. I had increased it to 512, and it maxed out, I had increased it to 1024 and it maxed out, and lastly I had setup to 2048 and it works, but slows the entire server down.