Urgent Help Please.

A

aljo1985

New Member
Messages
3
Reaction score
0
Points
0
Hey everyone..

some one has found a something that will just basically shut my website down and cause the server to crash.

In google chrome he just holds F5 and the web page refreshes fast as hell and will cause the number of apache processes to max out and apache will cut off.

Won't work any more.

I did this myself and got the SAME result saw the processes SHOOT up and the whole server go offline.

I really need some help fixing this..

I have Centos with webmin and virtualmin

I really dunno how to stop this.. I tried to install mod_evasive
Its not working
Even though its in the apache config.. I even put the DOSSiteCount to 10
Not working..

Please can some one help me fix this :(

Its really damaging.

---------- Post added at 08:23 PM ---------- Previous post was at 06:22 PM ----------

I been looking how to limit the number of connections per IP address and I tired everything.

All seems to fail.

I have tried using IP tables
http://www.cyberciti.biz/faq/iptables-connection-limits-howto/

I tried to install mod_evasive << It doesn't seem to be installed properly.
I also tried to install ipconnlimit << everything I try seems not to work..

I am totally missing something on installing these mods..

I would really appreciate some help on this.
 
masshuu

masshuu

Head of the Geese
Community Support
Enemy of the State
Messages
2,293
Reaction score
50
Points
48
Apache doesn't handle allot of requests well. You could tweak the server-pool settings to deal with this.
Alternatively if you don't need all of apache's functionality, you could switch to another web server(I don't understand why apache became "the" web server), there are others which don't require as much tweaking, but you need to know what your doing

I use a nginx + fastcgi + acp setup(which the main x10 site and forums use) I benchmarked it, depending on the php page, i can hit 1200 to 5000 requests a second(which will fully saturate my 100mbps port) with little load increase(I could still get in and ban an IP hammering me if need be)
Additionally i have hit 12,000 hits a second on a static file with no load increase(it in fact went down since it was up slightly from other benchmarks)

There are several other good webservers out there. Youtube use lighthttpd,
 
Last edited:
A

aljo1985

New Member
Messages
3
Reaction score
0
Points
0
masshuu said:
Apache doesn't handle allot of requests well. You could tweak the server-pool settings to deal with this.
Alternatively if you don't need all of apache's functionality, you could switch to another web server(I don't understand why apache became "the" web server), there are others which don't require as much tweaking, but you need to know what your doing

I use a nginx + fastcgi + acp setup(which the main x10 site and forums use) I benchmarked it, depending on the php page, i can hit 1200 to 5000 requests a second(which will fully saturate my 100mbps port) with little load increase(I could still get in and ban an IP hammering me if need be)
Additionally i have hit 12,000 hits a second on a static file with no load increase(it in fact went down since it was up slightly from other benchmarks)

There are several other good webservers out there. Youtube use lighthttpd,
Click to expand...

O.k. I understand what you are saying.. But I have no idea how I would actually do this.
What would it take for someone to teach me.

At the end of the day.. If I can't stop these attacks then the website is doomed.
So if I can get a solution I will take it.

Seriously any help would be worth ALOT!

---------- Post added 03-03-2011 at 01:03 AM ---------- Previous post was 03-02-2011 at 09:49 PM ----------

I been trying to install this mod_evasive properly but I am running into problems..

I am having trouble installing httpd-devel
I searched all over the net and still not found an answer.

Here is the problem I am having with it

Code: 
# yum install httpd-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: mirror.fdcservers.net
 * base: mirrors.gigenet.com
 * extras: mirror.unl.edu
 * updates: centos.mbni.med.umich.edu
Setting up Install Process
Package 1:httpd-devel-2.2.3-43.3.vm.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package httpd-devel.i386 0:2.2.3-43.el5.centos.3 set to be updated
--> Processing Dependency: httpd = 2.2.3-43.el5.centos.3 for package: httpd-devel
--> Finished Dependency Resolution
httpd-devel-2.2.3-43.el5.centos.3.i386 from updates has depsolving problems
  --> Missing Dependency: httpd = 2.2.3-43.el5.centos.3 is needed by package httpd-devel-2.2.3-43.el5.centos.3.i386 (updates)
Error: Missing Dependency: httpd = 2.2.3-43.el5.centos.3 is needed by package httpd-devel-2.2.3-43.el5.centos.3.i386 (updates)
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest

I dunno how to fix this dependency issue.
Please could some one help me get this working.
I have tried the running suggestions nothing is working :(
 
A

aljo1985

New Member
Messages
3
Reaction score
0
Points
0
O.k. I done some more mooching around.
Experimenting and installing different things

Now the error and reason its happening I know fully now.
The error it is throwing in error log for the domain is
Code: 
[Thu Mar 03 11:33:44 2011] [warn] (103)Software caused connection abort: mod_fcgid: ap_pass_brigade failed in handle_request function

Which means "The "Software caused connection abort" errors can be safely ignored. Those just mean that the user or bot connecting to your website ended the connection before the webpage was fully loaded. That can happen if the user hit the "Stop" button, or the bot moved onto another website."

Basically when there holding F5 its sending a new connection before closing it causing loads of them to spawn and max out CPU with tasks

I installed mod_security
This seems to put a "you are not allowed access to this / on this server"
When its performed but still throws the requests.

I also installed mod_evasive << this seems to do nothing

Well going back to mod_security
Its stopped some java script from working when activated
and also it does PROLONG the time it would take to cut off apache
but still is not a cure when I say prolong it can just last like 20 seconds longer

Is there a way to add a rule to this or something I can do in IP tables so that
If this occurs then drop the IP

Maybe something can be commanded in mod_security

I have followed all them steps up there
Only thing I didn't do was the sql change.
Which I wont be doing for some time yet.
 
You must log in or register to reply here.
Top