some flaw in DA ?

[gcypher]

some flaw in DA

Hi

I am facing some big problems these days. the problem is mysql and apache are starting up alot of processes and finally will result in a 100+ load and my server will stop responding.
this is what i find lately .. doing a simple netstat

tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1210 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1211 TIME_WAIT
tcp 0 0 82.192.81.36:http 124.red-213-231-101.us:1928 FIN_WAIT2
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1212 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1213 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1215 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1232 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1224 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1225 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1226 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1227 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1228 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1229 TIME_WAIT
tcp 0 0 82.192.81.36:http 101.red-81-37-143.dyna:3247 FIN_WAIT2
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1230 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1231 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1216 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1217 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1218 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1219 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1220 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1221 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1222 TIME_WAIT
tcp 0 0 fast-xs.net:2222 d83-180-3-30.cust.tele:1223 TIME_WAIT
tcp 0 1080 fast-xs.net:14500 d83-180-3-30.cust.tele:1065 ESTABLISHED
Active UNIX domain sockets (w/o servers)







i also have seen this many connections from my own server ip !! all on http... i have been searching through any log i could find in /var/log/* but i canot come with a solution for this .. i also ran out of ideas so maybe one of you can give me some or might even know what this could be ??

thanks in advance

 

[nobaloney]

Not a flaw in DA ...

I don't see this as a flaw in DA.

DA doesn't make any changes at all to Apache or PHP.

So would I call it a flaw in Apache or in PHP?

No.

It's more likely than not your server is underpowered for the number of hits it's getting, and/or that the number of allowed concurrent httpd processes is set to high for your server. (Of course if you lower it you might get unacceptable httpd performance.)

We have the same problem and when we do we search the logs to find out who's attacking us. We block the IPs of all those hitting us with DOS attacks.

Of course distributed DOS attacks are much harder to protect against.

I'm guessing (it's only a guess but it's an educated guess) that there are a lot of viruses, worms, (whatever) running in a lot of windows machines, all being used as zombies, to attack a lot of servers.

Solutions:

On linux install APF+BFD (search these forums) to initiate automatic blocking of DOSing systems.

Add more memory to your server.

Fine tune the number of apache instances you allow. In the DA Knowledge Base DA recommends: edit /etc/httpd/conf/httpd.conf and increase the MaxClients setting to something like 200 or 300. If you have problems with DA you should fine tune whatever number you're using. (Don't forget to restart httpd after any changes to httpd.conf.)

Jeff

 

[gcypher]

Hi

I already run apf +bfd and works great,
Further i am going take your advice and upgrade my server mem to 1024. i think this should do the job for me.

I run a celeron 2.8 512mb, 80gb sata
on a fedora core 3, this has always ran stable until i started to notice alot of excessive http connection to either port 2222 (da) or 80(http), this really caused apache to output some error msg in the error_log during cpu load rising.

anyway thanks for your reply! it sorted some things out for me