[Phpwm] Problems with live Silverstripe website (httpd spawing proceses, high CPU)

Pete Graham petegraham1 at gmail.com
Thu Aug 19 16:36:11 UTC 2010


The site does have a customer base in India, in fact their is an
Indian version of the site with specific information for this customer
base.

We've been analysing the access logs further, there's some very
strange behaviour in there. 165 IPs have made in excess of 200
requests. It starts OK, with the server answering 200's and then some
attempts fail ... returning 500's. We don't think it's a malicious
DoS, as the user starts by doing a perfectly normal browse of the
site. We've been trying to analyse was was the last request made
before going AWOL, but can't find a pattern.

Something like mod_dosevasive could be useful to block these bursts of
traffic but I'd like to get to the bottom of what's causes them in the
first place.

Apologies that this tread is pretty off topic now as it's not really
PHP related now.

Pete

On 19 August 2010 17:18,  <phil at infolinkelectronics.co.uk> wrote:
>> Hi,
>>
>> I had my systems admin friend help me out on this one. He modified the
>> Apache configuration: tuned the prefork mpm. Re-activated keepalive,
>> with stricter settings. Also he noticed some IP in India was
>> requesting 1000 pages a minute sometimes so blacklisted the IP,
>> amongst other things.
>>
>> Site seems to behaving itself much more now, thankfully.
>>
>> Pete
>
> Pete,
> If the site doesn't have a customer base in India I'd consider blocking more
> than just a single IP, else you'll think you've fixed it and they'll just
> pop back later on a different one!
>
> Phil
>
> _______________________________________________
> Phpwm mailing list
> Website : http://www.phpwm.org
> Twitter : http://www.twitter.com/phpwm
> Facebook: http://www.facebook.com/group.php?gid=2361609907
>
> Post to list: Phpwm at mailman.lug.org.uk
> Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm
>



More information about the Phpwm mailing list