Is there a way to protect apache server from overload? For example Nginx has a module called SysGuard when system load or memory use goes too high all subsequent requests will be redirected to the URL specified by the 'action' parameter.
View 1 Replies
the server is overloaded some times during a day.
There is one process of httpd witch use 80-90% of memory. Load increases to 90 or 200 :/
I installed strace and when the process appeared I run on that process and there is:
mmap(NULL, 364544, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25e60000
There is a lot of that entries.
Today i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances.
Is there any good way to protect Apache against it ?
We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.
Here is the config:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSLogDir "/var/log/httpd"
</IfModule>
Here is the copy of text I found on one site about mod_evasive:
Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…
Is there any solution for such type of attack with Keep Alive disabled?
What is the proper way. to password protect a directory for apache 2.4.7. Information i gather seems to not work.
View 4 Replies View Relatedcurrently i purchase a reseller. when i click in server status, i found out that the detail is as below:
cpsrvd up [green]
Server Load 5.41 (1 cpu) [red]
Memory Used 46.7 % [green]
Swap Used 9.51 % [green]
Disk /dev/sda1 (/boot) 13 % [green]
Disk /dev/sdb (/mount) 57 % [green]
Disk /dev/sda3 (/) 88 % [yellow]
i found that the server load is in red color, and the last item Disk/dev/sda3 is in yellow color. may i know what is the problem?
Im using Vmware on dedicated server:
each 2 Intel(R) Xeon(TM) CPU 3.00GHz
1- in vmware show:
2 CPUs x 2 Cores
but i check in SSH we have 7 core !
Code:
# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 6
model name : Intel(R) Xeon(TM) CPU 3.00GHz
stepping : 4
cpu MHz : 7680.000
cache size : 2048 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 6
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est cid cx16 xtpr lahf_lm
bogomips : 6012.44
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 6
model name : Intel(R) Xeon(TM) CPU 3.00GHz
stepping : 4
cpu MHz : 5120.000
cache size : 2048 KB
physical id : 1
siblings : 4
core id : 0
cpu cores : 2
apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 6
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est cid cx16 xtpr lahf_lm
bogomips : 5984.27
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 48 bits virtual
i want to kill apache/http and restart it again automatically. i need this because sometime we are not in front of the server to fix an overload issue immediately, which can affect a server very badly. i believe many of us already face this kind of situation and hope there is some kind of script or way to do this.
View 5 Replies View RelatedToday my server was down cause it was overloaded and when i restart my server its running how to stop such problem in the future
View 10 Replies View RelatedI have heard a lot of cases when customers used forbidden PHP scripts on shared servers and as a result their accounts were suspended due to the server overload. I am just wondering what scripts it is desirable not to use within shared hosting packages?
View 6 Replies View RelatedI have heard a lot of cases when customers used forbidden PHP scripts on shared servers and as a result their accounts were suspended due to the server overload. I am just wondering what scripts it is desirable not to use within shared hosting packages?
View 4 Replies View RelatedDebian Server Ubnormal CPU
View 3 Replies View Relatedhow can i find out what has caused my server to hang/overload once its rebooted?
I know that the SWAP maxed out but i am unsure why.
I have a fairly busy server, and received a High Load warning from my firewall monitoring software. Showing a high 5 minute load average alert of 13.89.
I'm presuming extra memory and a more powerful CPU would be required to sort this out?
Time: Thu Jul 3 12:22:06 2008
1 Min Load Avg: 42.90
5 Min Load Avg: 13.89
15 Min Load Avg: 5.82
Running/Total Processes: 51/359
Output from ps:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ...
I have been receiving these a couple time a day lately and not sure what to do or how to go about checking what might be overloading the server. IF this looks familiar to anyone, I'd appreciate some helpful tips. I'm still a novice, but can muddle my way around the server if given enough guidance. Here is the email I've been getting:
"IMPORTANT: Do not ignore this email.
This is cPanel stats runner on host.myserverhost.com!
While processing the log files for user xxxxxxx, the cpu has been maxed out for more than a 6 hour period. The current load/uptime line on the server at the time of this email is
19:20:10 up 2 days, 7:06, 0 users, load average: 15.17, 13.24, 8.00
You should check the server to see why the load is so high and take steps to lower the load. If you want stats to continue to run even with a high load; Edit /var/cpanel/cpanel.config and change extracpus to a number larger then 0 (run /usr/local/cpanel/startup afterwards to pickup the changes)."
I guess my question is, how would I go about determining what is causing the excess load? Seems to happen even when not many folks are on my site.
I'm on a low-end dedicated server that I run 2 decent sized blogs on. I'm getting several traffic spikes a day where the load goes through the roof and I think I need my server optimized.
My server admin says I need a bigger server and he has never steered me wrong but this is ridiculous:
My blogs use Wordpress as its blogging platform....I know they hog server resources and I've recently installed Super cache so that seems to help.
I average about 5,000 pageviews a day and I would think even a low-end box should handle this but maybe I am wrong.
Here's the server specs:
Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Celeron(R) CPU 2.40GHz
Processor #1 speed: 2394.661 MHz
Processor #1 cache size: 128 KB
Memory: 1033924k/1048016k available (2171k kernel code, 13360k reserved, 723k data, 172k init, 130512k highmem)
hda: ST380011A, ATA DISK drive
hdc: Lite-On LTN486S 48x Max, ATAPI CD/DVD-ROM drive
hda: max request size: 1024KiB
hda: 156250000 sectors (80000 MB) w/2048KiB Cache, CHS=16383/255/63, UDMA(100)
hda: cache flushes supported
hdc: ATAPI 48X CD-ROM drive, 120kB Cache, UDMA(33)
Memory:
total used free shared buffers cached
Mem: 1035148 993356 41792 0 151312 527008
-/+ buffers/cache: 315036 720112
Swap: 2040212 476700 1563512
Total: 3075360 1470056 1605304
how check which database / user MySQL overload the server?
View 2 Replies View Relatedhow to protect an linux dedicated server from bot attack. Im using linux server with cPanel, using CSF firewall + DOS Deflate.
View 5 Replies View Relatedhow to protect Windows server from Mpack?
View 1 Replies View RelatedHow to protect a folder in cpanel server without using slash
View 4 Replies View Relatedtoday i have DDos Attack in my server in port :80
what is the better way to secure my server from DDos Attack
Background (so you know what I am planning)
I will be storing personal customer information in mysql, so security is driving all my requirements. I was thinking the architecture will be :-a dedicated web server within a DMZ and placed behind a firewall and border router.
a dedicated database server inside the internal network behind another firewall,
All running Linux
building out and management of the servers to be done by hosting provider or third party
Please feel free to comment on this setup.
QuestionsIs a reverse proxy a benefit for security.
Am I right in saying that a reverse proxy hides the OS and server details from prying eyes and provides another layer of security
if a reverse proxy server is a benefit, is it normally the default architecture at most reputable hosts.
I got my game servers hosted on a windows server (with w2k3).
I want to know what software u guys advise me to use on it to protect it!
Someone told me that keep windows up to date wont get me any problem, but i just dont believe.
SO i want oppinion from wht members.
And since im here i want to report other thing... For an email service? Windows mail server, or something like exchange mail server?
Is it possible to do it through a standard FTP package?
View 2 Replies View RelatedI have few scripts, but hackers again upload at some way c99, and hack some SMF forums at server. Server like server they cannot hack, but user account they can. So please tell me what you advice?
View 6 Replies View RelatedI have dedicated server at GoDaddy and I am hosting very important web service for our company. We have only one HDD on server and no FTP backup. What is the best method to protect data and whole server from HDD crash? Is it enough to add second HDD?
View 8 Replies View Relatedhow to protect Linux Server from Ddos Attack (Botnet, Loic)
View 2 Replies View Relatedi did make a big message on here but it deleted when i back spaced
my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.
username: webforum
pass: password
i have vps 512 MB ram From HostForWeb working Fine! in 160 websites! Hosted
But! in swvps.com with 2 gig ram! Low Working! OverLoad and CPU Usage is Red Alert
But HostForWeb VPS with 512 MB Ram good Working I Dont Know Why SWvps.com Is Low with 2 gig ram for me?
I am not sure if my dedicated server is being attacked or if it is legitimate traffic. I need help figuring out the difference and if it is an attack, how to prevent it, and if it is legitimate traffic, how to configure the server to handle the load.
My server information is below:
HardwareIntel Xeon 3220-Quad Core [2.4GHz
8GB DDR2
SATAII 500GB
SoftwareCentOS 5.3-32
Apache2
MySQL 5
PHP 5
When I do ps aux|grep httpd|wc -l I get the count of current connected clients of 259 which is always maxing out my MaxClients of 256. I had increased it to 512, and it maxed out, I had increased it to 1024 and it maxed out, and lastly I had setup to 2048 and it works, but slows the entire server down.
I think my apache is killing my servers with crazy overload with logs... how do I turn this off?
View 2 Replies View Related
