Webapps : process in a loop / hundreds of connections from server-ip

iworx

iworx

Verified User
Joined
Nov 21, 2006
Messages
98
Location
Belgium
I got a warning today of high cpu usage of one of my servers. The culprit seemed to be the 'webapps' user hitting the server with hundreds of simultaneous requests.
It went away by itself after a few minutes - but I can't find out why or how this happened.

Is there any logging related to this process? I know it's the user for the roundcube / phpmyadmin apps but I can't seem to find any logging related to those that should show why all these connections were created.
 
CSF can/should take care normally , it provides a way to limit concurrent connections to specific ports.
As an example, the following may be added to the configuration file to limit port 80 and port 443 to 5 connections.
Code: 
CONNLIMIT = "80;5,443;5"
do you have CSF enabled ?
 
Active8 said:
CSF can/should take care normally , it provides a way to limit concurrent connections to specific ports.
As an example, the following may be added to the configuration file to limit port 80 and port 443 to 5 connections.
Code: 
CONNLIMIT = "80;5,443;5"
do you have CSF enabled ?
Click to expand...

Unless they're using cloudflare.

iworx said:
I got a warning today of high cpu usage of one of my servers. The culprit seemed to be the 'webapps' user hitting the server with hundreds of simultaneous requests.
It went away by itself after a few minutes - but I can't find out why or how this happened.

Is there any logging related to this process? I know it's the user for the roundcube / phpmyadmin apps but I can't seem to find any logging related to those that should show why all these connections were created.
Click to expand...

Probably automated scripts scanning your website or in this case webapps for possible exploits, the issue is some of them are rather aggressive, in some cases I saw 100+ requests per sec, now if each of those causes page load, or even worse page load where php/db/... is also included, it would add up quickly in terms of CPU usage.
 
I have CSF enabled - but this was originating from the server IP address which makes it a bit useless. I think I forgot to mention that during the initial post. It was the server IPv4 with over 600 connections. So really seemed to loop/do something funky hence the log question.
 
You must log in or register to reply here.
Back
Top