I have around 800 time-wait connections
here's a typical connection from china:
tcp 0 0 72.18.203.114:80 222.213.72.22:3059 TIME_WAIT
This is pretty annoying because my server load is at 50% all the time because of chinese TIME_WAIT connections messing up my server at port 80.
I read something about MSL (?) and tcp_time_wait_interval but I don't know if that will do what I want.
Our customer is been banned and we have receive notify (we use csf)
The email received:
----------------------------------------------------
Time: Sun May 18 08:52:53 2008
IP: 81.22.77.88 (**)
Connections: 491
Blocked: permanently
Connections:
tcp 0 0 72.39.255.200:20 81.22.77.88:5201 TIME_WAIT
tcp 0 0 72.39.255.200:20 81.22.77.88:5457 TIME_WAIT
tcp 0 0 72.39.255.200:20 81.22.77.88:5456 TIME_WAIT
tcp 0 0 72.39.255.200:20 81.22.77.88:5200 TIME_WAIT
tcp 0 0 72.39.255.200:20 81.22.77.88:5203 TIME_WAIT
tcp 0 0 72.39.255.200:20 81.22.77.88:5459 TIME_WAIT
.....
.....
----------------------------------------------------
IP is the same x all 491 connection, but change port
Exactly what mean?
I have slow connections via https because I have so many connections on apache that are sitting with TIME_WAIT status using my connections
View 1 Replies View Relatedi have problem in time_wait it's very high
netstat -an|grep ":80"|awk '/tcp/ {print $6}'|sort| uniq -c
13 ESTABLISHED
15 FIN_WAIT1
2 FIN_WAIT2
1 LAST_ACK
2 LISTEN
10 SYN_RECV
1026 TIME_WAIT
I've one main web server, the problem is that many people (now including myself) are often receiving "Connection timed out" messages in their web browser when trying to visit websites. This web server is a CentOS 5 machine and the HTTP server in use is Apache 2.2.
Of course, I've considered contacting server admin people who will look at this sort of thing on a one-off price or manage my servers at a periodic billing rate - but I'd much prefer to see what others have to say here first... hopefully learn some new stuff. It isn't a huge problem right now, but it can be annoying browsing the websites because a refresh would be required to connect again. I've learnt everything I know about Linux etc myself so far, through the likes of WebHostingTalk.. now is time for me to learn about TCP, HTTP, Apache and more if anybody has any ideas about this problem.
When running netstat, I'm seeing a rather large amount of TIME_WAIT's, I'm thinking this could have something todo with the connection time outs?
Here is my netstat output for TCP: [url]- notice all of the HTTP TIME_WAIT's for gangsternation.net? (also, a couple of other sites with less traffic)
apparently the sysctl commands / config does not work for VPS's. any way to reduce the time_wait period? got nearly 900 connections in that state!
View 0 Replies View RelatedMy PR4 site has been hacked by chinese hackers.
They fortunately did not do anything exceptionally terrible, but the site was down, they altered the serps results and now my inbox ( operating from Squirelmail ) is now receiving even more spam than before.
A network expert suggested that my server would now be being used for sending spam.
And my company, who will remain nameless atm seem to claim that no server is safe from hackers under any circumstances.
I would like to copy to you the companies response to my questions and I would hope for a word or two of inspiration and encouragement from you?
The second string in each question is the server companies response.
1.Please quote me for checking to see if the server is being used for spam and blocking this from happening.
We could certainly check and see if you server is currently sending out any spam and try to identify where it is originating from. Depending on the issue a fix may be required by your developers
2.Running a check on the sites code to see if there has been any amendments to the coding on the site
We can check and see if there has been any FTP access and look at file modification dates, this would hopefully pick up and issues.
3.Making sure the server is safe and that all China ip ranges are banned.
Whilst we cannot ban all Chinese ranges as we do not know all ranges China uses we can lock FTP and SSH access to certain ranges only, you would need to provide these ranges.
4.Applying a second level of security to stop a spammer from hacking the system ( However I am sure I already have anti virus and spy ware on the server )
I’m not sure you do have any anti-virus/spyware on your server, it is certainly not something we install. I don’t really believe either of those tools would stop someone hacking the server either, Linux server don’t really get affected by that. We could run a rootkit checker which checks for backdoors and modification of the operating system files. We would also suggest making sure the scripts are secure and any web interface (admin area) logins have secure passwords and are also IP restricted.
For the work above we would charge 1 hour support at £150 per hour ex vat.
I host a vBulletin forum on a US server. I've been getting a lot of signups from one particular spammer, wanting to post about gold harvesting for WoW. I've blocked his IP's, however he keeps using proxies.
He constantly signs up under the name "Array"... Is there a way I can block him for good? I can't moderate user sign-ups, as I'm mostly away from my computer and can't moderate them all the time.
I have a windows server 2003 with plesk 8.2 , one of my client wants his website's pages in chinese language , how that can be done.
View 5 Replies View Relatedhow to bypass Chinese internet filters? They seem to filter a lot of the western web sites in China, sites like hotmail, gmail and etc seem to be filtered more then sites such as sohu.com, 163.com and qq.com
I do not think proxies work well either,
is it possible to configure so, that it would be possible to receive only in Latin and Cyrillica written mails? No Chinese, Japanese, etc. characters, I mean.
View 0 Replies View RelatedSometimes my server surcharge load average increase at 60 , and all my configuration are OK
when i type :
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
i have : ...
I tried to update a plugin at my blog its a wordpress blog, as soon as the update was started that site on the server stopped working, (later on i closed the upgradation window), after few minutes website start working automatically, Now in my opinion I think that update process is still running in background thats why connections are creating continuously to that website IP.
[root@server ~]# netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
1001 serverIPhere
its even touching 1500, I tried to contact my server support but unfortunately they can investigate the issue, instead they told me to check with the following command.
netstat -plan |grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c
which is not an answer to my question. Can anybody please tell me why those connections are making to that website's IP? I don't think its a Ddos attack, because it was just started when i updated the plugin.
Could someone comment on the kind of load a VPS service can handle? If I were to run an HTTP server how many connection/sec would be realistic.
View 3 Replies View RelatedHow many simulteanous connections to the site do alot of webhosting company usually allow with shared hosting packages. I was wondering because4 some companies say pay $$ a month get 300gb of bandwith a month. Can they limit the bandwith by limiting your simulteanous connections? I am asking because I just found out my host only allows 50 per hosting package that is on a shared server. To me that seems to be very little.
View 1 Replies View RelatedWARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:
Error [No response to TCP packets].
APF is installed on the server, how do I allow TCP DNS connections? I already added port 53 to ingress/egress for TCP and UDP.
I run this a few times a day:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
and get outputs like (just the bottom here, IPs removed):
8 IP #1
8 IP #2
8 . . .etc
8
9
9
9
9
9
10
10
11
12
13
14
15
18
19
25
26
32
32
91
The server runs gallery2, how many connections does an IP need just to browse the gallery? I'd like to block wget etc, but don't want to hurt search engine optimization (SEO). Is there a compromise, like limiting IPs to 5 connections, so the site still gets crawled, just slower?
DDoS deflate is installed: [url]
which permabans IPs with 150+ connections
Also what are the commands to block and unblock these IPs,
Firewall TCP Out Connections
My server started lagging up and I processed my configserver firewall logs and founds tons of TCP out connections. How can I track down which user was making these connections, if possible?
i have a vps, and im current use lighttpd, but i want move to litespeed Standard. And i see they limit Max Concurrent Connections =150 on standard version.
but what is Max Concurrent Connections? where can i find it.
and is it the number connection via port 80 (netstat -nt | grep :80 | wc -l)?
Has anyone worked with the cable companies on internet connections for hosting? Eg. Comcast, TW.
I worked with a sales rep for Comcast a few years ago on a solution for our offices. He worked out a line that would give us 3+mbits up speed for less then the price of a T1.
It also included a dedicated line to our offices. Would using a cable line be a bad idea for a hosting connection?
Most of them are from Google and Yahoo...
Server is being heavily loaded beause of this.
I guess blocking crawlers is not the most brilliant
I signed up for a hosted account with gator and I don't understand something. They tell me it's a policy change for security reasons but the simultaneous SSH connections has been limited to 2. That's just nuts. Is there a real reason why someone would limit this? i need two for editors, one for shell and one for mysql. Minimum of 4. What security concern could cause them to pick 2 as the number?
I just don't get it.
Here's what they said to me.
info: Please wait for a HostGator operator to respond.
Channel Sanderson: Hi. We're working on our website and have run into a small snag. It seems we can only have two open SSH connections at a time this week. We were able to open more a couple weeks ago. Is this something that you can change?
Kella J.: Ok, the issue is.. You are only alllowed 2, no matter what..
Channel Sanderson: I believe we are not understanding each other. We're not trying to connect 10 times in a minute. We just need more connections. 2 is insufficient. We need a minimum of 4 simultaneous connections to our server.
Kella J.: I am sorry, I checked with my admin.. he said there is only a limit of 2, period..
Channel Sanderson: This is an unnecessary limitation in my view and badly limits my ability to do what I need to do.
Just logged in my cPanel, and Apache Server Status shows
Parent Server Generation: 7
Server uptime: 2 hours 52 minutes 5 seconds
Total accesses: 701666 - Total Traffic: 63.7 GB
CPU Usage: u1610.22 s255.4 cu0 cs0 - 18.1% CPU load
68 requests/sec - 6.3 MB/second - 95.2 kB/request
400 requests currently being processed, 0 idle workers
I told customer service and said my website (a big forum) have 4000 people now, I felt very slow, could the slowness caused by this max apache connection setting?
I got reply: "400 seems to be as high as Apache can go. Your httpd.conf settings currently show 500 max connections enabled. If Apache is stopping at 400 then this is it's hard limit for maximum connections. Also If it was able to go even higher you would eventually run into memory issues on the server that would cause the server to crash."
Can anyone tells me if "400 requests currently being processed, 0 idle workers " is a problem or could it be the cause of the slowness. I imagin if more people request connection, and apache can't deal with that much, it has to let those request wait in the queue, therefore caused slowness or time-out.
The seem server could deal with 8000 people online before, no any problem at all and speed was quite fast. I don't know what i should do now.
I've had a problem a couple of times where there is a bad ftp connection to a host. A trace reveals that there is a node timing out. What is a good way to work around this. Web based ftp client or other solution?
View 0 Replies View RelatedHow can I Limit connections per IP in IIS6?
For example 10 connection per IP is allowed in a minute.
my server always have problem about the mysql connection:
Discuz! info: Can not connect to MySQL server
Time: 2004-5-14 8:55am
Script: /index.php
Error: Too many connections
Errno.: 1040
Similar error report has beed dispatched to administrator before.
i find the solution:
add "set-variable = max_connections=1000" in my.cnf file
but didnt find the file my.cnf,my control panel is directadmin,
My PHP application is starting to reach max mysql server user connections limit (currently set to 60). I listed mysql process list in phpmyadmin and found there lot of queries with status "LOCKED" these hang there for a long time(not always just sometimes - twice a day) and then connection limit is reached. It causes load average about 40 for as long as 10 - 20 minutes
I think it may be bacause of query structure. There are some queries with many inner joins...
Here is typical situation from phpmyadmin's process list:
1. select ... from table_1
inner join table_2
inner join table_3
inner join table_4
inner join table_5
This show status : "Copying to tmp table" in phpmyadmin
2. update table_2 set ....
This shows status: Locked
3. select ... from table_2
This shows status: Locked
Seems then when temp table is being created the table_2 is locked and it cannot make update to table_2. or maybe it's locked because of just that update on table_2.
I want to avoid of creating temp tables... Can it help if I'll make separate selects without large table joins ?
My site is hosted on Dreamhost and gets over 1 million hits a day. The site is highly optimized, so it can handle the load easily without slowing the server down. Most pages have a loading time of under 0.2 seconds.
However, Dreamhost is telling me now that I'm using up too many "connections" and have limited my connections to 150 every 3 seconds (or so they say). Now 503 errors are coming up left and right, and its highly annoying to me and my users. Oh, and Dreamhost has mentioned several times that I'm oh such a very good candidate to upgrade to $400/mo dedicated hosting (from $8/mo currently).
So my question is, is this connection restriction really a valid concern of Dreamhost or are they just trying to milk me for money because my site is popular?
on setting up some sort of firewall who only allows 10 connections from the same ip to avoid spamming, abuse on the server.
How should i do this?