have not got a lot to spend but i will pay someone to help out with an issue i have. Im on a webfusion VPS server and its currently got 5 sites on there. But the numtcpsock is maxing out every few mins which in turn is making the sites freeze up all day. Now, I have realtime visitor software on all the sites, so i can see how many people are on ALL sites. But even when theres only 2-3 people on, the numtcpsock is maxing out The numtcpsock is set to 166 (cannot be changed) surely this should not max out with only this amount of people on ? Could there be something else causing the numtcpsock to max out ?
See a snapshot of my server netstats and top commands http://drupload.com/viewer.php?file=06j8u6lt3kre3f87uk18.jpg http://drupload.com/viewer.php?file=pa5tguw4h4s3xgcl0qku.jpg anyone shead any light from this ??? At the moment there is 5 people on the sites and 156 tcp connections - that really does not make sense!
run this command as root: iptables -I INPUT -s 114.236.61.253 -j DROP This will drop any packets coming from given source. This should cure it. Unless they change ip.
Its not just one ip that has several connections, it seems to happen alot with different ip's that will just be a quick fix for the one ip and not resolve the issue
Do you have any firewall installed on the server ? If not then I would suggest to install either CSF or APF. Kailash
Ok. If it happens with many ip's it is probably done with a botnet. If the botnet is large there is not luch you can do. If it is quite small it would be easy to fix. I developed a script for my server which automatically bans an ip with too many connections. It works against moderately sized skiddie attacks. I can share it with you.
Some browsers, for instance Opera, allow the user to set the number of connections the browser will attempt to make to the server at one time. From the browser point of view, this allows a browser to download the images, CSS, etc that makes up the page faster since there's X connections transfering files at one time instead of 1. I believe some browsers, for instance Internet Explorer, have their own non-configurable limit on connections. For example sake, I use Opera and the max number of connections my browser attempts to make to a single server is 8, which is Operas' default. That means that evey time I request a page from your server, as many as 8 connections will be made to either download new resources or check last-modified timestamps for others. I could easily set this limit to as high as 128 in Opera, meaning I by myself, could deplete the majority of your slots in one request if there were enough resources to download, I don't know the limit for Firefox off-hand, but I imagine it's similar. Now, if you've got KeepAlive turned on, those connections are going to sit around waiting for me to request something else over them for KeepAliveTimeout seconds, which by default I believe is 15 seconds. You could turn KeepAlive off to get rid of lingering connections all together, or, you can set KeepAliveTimeout to 1-2 seconds so Apache can attempt to reuse connections for the multiple small images your forum appears to have in the theme without holding on to them for too long.