Accéder au contenu principal

Load Averages HIGHT

Apache problem can affect the entire server.
 



 With the Apache problem, this seems to have been encountered less frequently but it has occurred several times in the last few days.

 
# grep 'MaxRequestWorkers' /usr/local/apache/logs/error_log
[Tue Nov 18 17:27:00.590507 2025] [mpm_prefork:error] [pid 3243:tid 3243] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Wed Nov 19 11:28:39.530182 2025] [mpm_prefork:error] [pid 3231:tid 3231] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Fri Nov 21 20:03:31.287851 2025] [mpm_prefork:error] [pid 3054:tid 3054] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
 
The current Apache limits are shown below, which are also set to the default values.
 
# grep -Ei "(MaxRequestWorkers|ServerLimit)" /etc/apache2/conf/httpd.conf
ServerLimit 256
MaxRequestWorkers 150
 
The following articles provide more information of what you can do to resolve this problem.
 
MaxRequestWorkers and DDoS
How can I tell if Apache is experiencing a DDoS attack?
 
You can resolve it by raising the Apache limits, but you will want to do this in increments as well. If you notice that problems are still occurring after modifying the limits, you may need to review the logs to see if any offending IPs are attacking the server. I have provided a list of the top IP connections to your server with the IP itself and the number of connections today.
 
# grep -iR "21\/Nov\/2025" /etc/apache2/logs/domlogs/ | awk -F: '{print $2}' | awk {'print $1'} | sort -rn | uniq -c | sort -rn | head -n 20
  28712 191.101.42.41
  17892 128.199.119.83
  11128 154.73.92.52
  11055 48.210.83.7
   7784 41.111.168.17
   7710 48.210.228.230
   6496 185.104.184.204
   4470 185.208.158.157
   4237 172.190.142.176
   3262 154.121.43.255
   3216 197.200.41.236
   3162 172.207.169.113
   3012 172.177.121.115
   2910 20.37.101.92
   2898 193.142.146.65
   2603 20.10.27.223
   2584 74.176.50.59
   2534 74.176.50.101
   2278 134.149.18.28
   1912 51.89.204.24
 
If any of these IPs are problematic, you can try blocking the connections, but I suggest you first start with the PHP-FPM adjustments or disable PHP-FPM for the problem sites.

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Open Media Vault NAS change password

Known Root Password Login to the OMV using the root user and the current password via SSH or Console enter the following command passwd root The new password is now active. Unknown Root Password, but Admin Access to OMV GUI is Available In this scenario we still can help ourselves with the GUI. The method we use is, that we create a cron job for the root user which then resets the password. Navigate to System -> Cron Jobs Press the +Add button UN-tick the enabled box, so that the cronjob does not run automatically. put into the command field the following line, replace newpasswd with your password: echo "root:newpasswd" | chpasswd press okay select the newly created cron job Click the run button. in the opening window click the start button. It will shortly deactivate and activate again. open ssh or console and login as root with your new password. Root and Admin Password Unknown If you do not know the root password, you need to boot with a Li...
Enregistrer un commentaire
Lire la suite

Joomla! Anti-Malware Scan Script

  Le fichier jamss.php Il faut le mettre sur la racine du site web et ouvrir le fichier via le navigateur https://github.com/btoplak/Joomla-Anti-Malware-Scan-Script--JAMSS-/blob/master/jamss.php <?php /**  * JAMSS - Joomla! Anti-Malware Scan Script  * @version 1.0.7  *  * @author Bernard Toplak [WarpMax] <bernard@orion-web.hr>  * @link http://www.orion-web.hr  *  * This script should be used for searching the infected or malware/backdoor  * files in Joomla! installations.  *  * ALL COMMENTS AND SUGGESTIONS ARE WELCOME!  *  *  * @license http://opensource.org/licenses/gpl-3.0.html GNU Public License, version 3 (GPL-3.0)  * This program is free software; you can redistribute it and/or modify it under  * the terms of the GNU General Public License as published by the Free Software  * Foundation; either version 3 of the License, or (at your option) any later  * version.  *  * Th...
Enregistrer un commentaire
Lire la suite

cPanel DDOS attack - Mitigate Slowloris Attacks - mod_qos

Apache mod_evasive Mod_evasive is a module available for the Apache HTTP server that can automatically block attacks by rate-limiting any IP that sends too many requests in a short time. Start by installing the module from WHM’s  EasyApache 4  interface. Select the  Currently Installed Packages  profile, search for  mod_evasive  in the  Apache Modules  section, and then install it. The default settings are good for most servers, but you can tweak them further by editing the configuration file  /etc/apache2/conf.d/300-mod_evasive.conf . You can also whitelist specific IP addresses or classes, so legitimate requests are not blocked. Configure CSF to block attacks While  mod_evasive  works very well, it only protects the Apache webserver. In order to harden other services as well, you can install the free  ConfigServer Security & Firewall  (CSF), which also includes a WHM plugin. As the  root  user, install CSF ...
Enregistrer un commentaire
Lire la suite