one of my friend say that if i install an apache module which one limit the users conection can help me to protect from ddos.
becaus one of my users domain is under ddos and i think that if i limit his conection, if sombody wants to do ddos and open conection foraxample up 30 he is attacker and ban.
is it right and how i can do it and limit a one user?
How can I Limit connections per IP in IIS6?
For example 10 connection per IP is allowed in a minute.
on setting up some sort of firewall who only allows 10 connections from the same ip to avoid spamming, abuse on the server.
How should i do this?
How is this done? from what I gether, there's nothing built into apache which can do this which I personally think is a bit silly as it seems like a common thing. Can anyone offer any help (for apache 2).
View 5 Replies View RelatedI have a powerful 8 core 8gb ram web server with scsi raid drives running RedHat EL 4. This server handles 2,000 - 3,000 HTTP requests per second via Litespeed httpd without strain (over 60%+ CPU idle time during peak load, under 1% IO wait). As the traffic volume continues to increase I've encountered a strange problem, the symptoms of which are as follows:
- About 1/4 or 1/3 of new connections are not answered by the server - they time out.
- All connections that are answered have exactly 3 seconds added to the time it takes to establish connection with the server (can be seen as "Connecting to ..." phase in FireFox). HTTP response times were tested by Pingdom from multiple locations all over the world.
- The problem is either "on" or "off", it is not gradual.
- Server ping is unaffected during the problem - no delay and no packet drops.
- The problem does not happen during off-peak hours of the day.
If litespeed httpd settings are tweaked to keep as many connections as possible in keepalive state for as long as possible, the problem is avoided, while tens of thousands of connections are kept in keepalive state.
Possible causes that were tested and eliminated: PHP/MySQL load (problem applies to static files exactly the same), CPU / IO / RAM, network uplink, hardware firewall, DNS.
This makes me think that there is some kind of bottleneck of how many NEW connections per second the server can accept. By maxing out keepalive quantity and duration I'm reducing the number of new connections per second. This is a temporary fix that will only work up to a certain point.
After investigation, litespeed staff verified that my litespeed configuration was correct and after some testing said that nothing in litespeed was responsible for this limiting factor. Litespeed process uses relatively little CPU and can definitely handle more volume.
Following sysctl.conf values were increased substantially to see if that will make a difference: tcp_max_syn_backlog, tcp_max_tw_buckets, tcp_max_orphans, netdev_max_backlog, somaxconn, file-max. This didn't produce any results. Disabling syncookies didn't help either. dmesg doesn't have any notices of limits being hit or throttles being applied.
Litespeed staff suggests that likely some limit in linux kernel is being reached. The strange 3 second delay does seem like an "intelligent" DDOS protection strategy of some sort. Perhaps this is some kind of kernel level DDOS protection?
Some limit connection mods can limit max connections per vhost, any mod can limit connections to apache server per IP?
View 3 Replies View Relatedwindows 2003
limit connections per ip to a port
im currently using routix netcom
it can limit the connections( NOT bandwidth) only but not per ip
another firewall which limit connections per ip
When I SSH'd into my box, I received this message:
example.pl is on this server. HTTPD connections have been limited to restrict this script from overloading server. All servers that have hosted this file need to have extremely limited http connections or have this file removed. It is poorly written and intense on CPU/memory.
How do I go and allow example.pl to be run on my server again? I use it solely for personal sites, so I wish to not have this file blocked and be allowed to run. I've searched for almost an hour now so I figured I would go ahead and post to see if any more experienced members could assist.
any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?
And total connections to the box to 100?
OS: Linux, on Apache 2.0
=======
Would you know and kindly tell me if there's a way to limit X number of connections per hosted site?
Because I don't want someone with high traffic forum unfairly stealing most connections for himself, which makes other sites suffer in performance.
how i can limit http and mysql connection limit on per domain basis.
View 2 Replies View RelatedI've been having trouble the past few days with someone who's been "attacking" my site so to speak by continuously downloading very large files with as many connections as (he) can open. I operate a large downloads site for computer games, this person has selected the largest files (like 400-500MB). Not sure of the real intent other than to clog up my bandwidth capacity. Also he appears to be using proxies since as soon as I ban one, another shows up seeminly from China.
Anyway, I have mod_bw and I've limited the number of connections in the downloads area to 2. While that works ok, his tool uses threads like a download manager would and he's using up 30-40 child threads for his 2 file downloads.
So 2 questions,
Is there anyway to not only limit file downloads to 2, but limit the number of connections per request? Many of my visitors do use download managers and I'd like for them to continue using them but use a reasonable number of threads like 6 or 8, but not 30.
Also, is there a way to restrict access to someone using a proxy?
I need to do this:
(1) domain1.com limit to 10 connections per IP per 30 seconds but allow if accessing file beginning with x.php such as x.php?981 x.php?o19
(2) domain2.com limit to 10 connections per IP per 30 seconds only if accessing file beginning with x.php but allow if accessing file beginning with y.php y.php?981 y.php?o19 .....
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
Sometimes my server surcharge load average increase at 60 , and all my configuration are OK
when i type :
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
i have : ...
I tried to update a plugin at my blog its a wordpress blog, as soon as the update was started that site on the server stopped working, (later on i closed the upgradation window), after few minutes website start working automatically, Now in my opinion I think that update process is still running in background thats why connections are creating continuously to that website IP.
[root@server ~]# netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
1001 serverIPhere
its even touching 1500, I tried to contact my server support but unfortunately they can investigate the issue, instead they told me to check with the following command.
netstat -plan |grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c
which is not an answer to my question. Can anybody please tell me why those connections are making to that website's IP? I don't think its a Ddos attack, because it was just started when i updated the plugin.
Could someone comment on the kind of load a VPS service can handle? If I were to run an HTTP server how many connection/sec would be realistic.
View 3 Replies View RelatedHow many simulteanous connections to the site do alot of webhosting company usually allow with shared hosting packages. I was wondering because4 some companies say pay $$ a month get 300gb of bandwith a month. Can they limit the bandwith by limiting your simulteanous connections? I am asking because I just found out my host only allows 50 per hosting package that is on a shared server. To me that seems to be very little.
View 1 Replies View RelatedWARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:
Error [No response to TCP packets].
APF is installed on the server, how do I allow TCP DNS connections? I already added port 53 to ingress/egress for TCP and UDP.
I run this a few times a day:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
and get outputs like (just the bottom here, IPs removed):
8 IP #1
8 IP #2
8 . . .etc
8
9
9
9
9
9
10
10
11
12
13
14
15
18
19
25
26
32
32
91
The server runs gallery2, how many connections does an IP need just to browse the gallery? I'd like to block wget etc, but don't want to hurt search engine optimization (SEO). Is there a compromise, like limiting IPs to 5 connections, so the site still gets crawled, just slower?
DDoS deflate is installed: [url]
which permabans IPs with 150+ connections
Also what are the commands to block and unblock these IPs,
Firewall TCP Out Connections
My server started lagging up and I processed my configserver firewall logs and founds tons of TCP out connections. How can I track down which user was making these connections, if possible?
i have a vps, and im current use lighttpd, but i want move to litespeed Standard. And i see they limit Max Concurrent Connections =150 on standard version.
but what is Max Concurrent Connections? where can i find it.
and is it the number connection via port 80 (netstat -nt | grep :80 | wc -l)?
Has anyone worked with the cable companies on internet connections for hosting? Eg. Comcast, TW.
I worked with a sales rep for Comcast a few years ago on a solution for our offices. He worked out a line that would give us 3+mbits up speed for less then the price of a T1.
It also included a dedicated line to our offices. Would using a cable line be a bad idea for a hosting connection?
Most of them are from Google and Yahoo...
Server is being heavily loaded beause of this.
I guess blocking crawlers is not the most brilliant
I signed up for a hosted account with gator and I don't understand something. They tell me it's a policy change for security reasons but the simultaneous SSH connections has been limited to 2. That's just nuts. Is there a real reason why someone would limit this? i need two for editors, one for shell and one for mysql. Minimum of 4. What security concern could cause them to pick 2 as the number?
I just don't get it.
Here's what they said to me.
info: Please wait for a HostGator operator to respond.
Channel Sanderson: Hi. We're working on our website and have run into a small snag. It seems we can only have two open SSH connections at a time this week. We were able to open more a couple weeks ago. Is this something that you can change?
Kella J.: Ok, the issue is.. You are only alllowed 2, no matter what..
Channel Sanderson: I believe we are not understanding each other. We're not trying to connect 10 times in a minute. We just need more connections. 2 is insufficient. We need a minimum of 4 simultaneous connections to our server.
Kella J.: I am sorry, I checked with my admin.. he said there is only a limit of 2, period..
Channel Sanderson: This is an unnecessary limitation in my view and badly limits my ability to do what I need to do.
Just logged in my cPanel, and Apache Server Status shows
Parent Server Generation: 7
Server uptime: 2 hours 52 minutes 5 seconds
Total accesses: 701666 - Total Traffic: 63.7 GB
CPU Usage: u1610.22 s255.4 cu0 cs0 - 18.1% CPU load
68 requests/sec - 6.3 MB/second - 95.2 kB/request
400 requests currently being processed, 0 idle workers
I told customer service and said my website (a big forum) have 4000 people now, I felt very slow, could the slowness caused by this max apache connection setting?
I got reply: "400 seems to be as high as Apache can go. Your httpd.conf settings currently show 500 max connections enabled. If Apache is stopping at 400 then this is it's hard limit for maximum connections. Also If it was able to go even higher you would eventually run into memory issues on the server that would cause the server to crash."
Can anyone tells me if "400 requests currently being processed, 0 idle workers " is a problem or could it be the cause of the slowness. I imagin if more people request connection, and apache can't deal with that much, it has to let those request wait in the queue, therefore caused slowness or time-out.
The seem server could deal with 8000 people online before, no any problem at all and speed was quite fast. I don't know what i should do now.
I've had a problem a couple of times where there is a bad ftp connection to a host. A trace reveals that there is a node timing out. What is a good way to work around this. Web based ftp client or other solution?
View 0 Replies View Relatedmy server always have problem about the mysql connection:
Discuz! info: Can not connect to MySQL server
Time: 2004-5-14 8:55am
Script: /index.php
Error: Too many connections
Errno.: 1040
Similar error report has beed dispatched to administrator before.
i find the solution:
add "set-variable = max_connections=1000" in my.cnf file
but didnt find the file my.cnf,my control panel is directadmin,
My PHP application is starting to reach max mysql server user connections limit (currently set to 60). I listed mysql process list in phpmyadmin and found there lot of queries with status "LOCKED" these hang there for a long time(not always just sometimes - twice a day) and then connection limit is reached. It causes load average about 40 for as long as 10 - 20 minutes
I think it may be bacause of query structure. There are some queries with many inner joins...
Here is typical situation from phpmyadmin's process list:
1. select ... from table_1
inner join table_2
inner join table_3
inner join table_4
inner join table_5
This show status : "Copying to tmp table" in phpmyadmin
2. update table_2 set ....
This shows status: Locked
3. select ... from table_2
This shows status: Locked
Seems then when temp table is being created the table_2 is locked and it cannot make update to table_2. or maybe it's locked because of just that update on table_2.
I want to avoid of creating temp tables... Can it help if I'll make separate selects without large table joins ?