[Phpwm] Problems with live Silverstripe website (httpd spawing proceses, high CPU)

Adi aditya.r.d at gmail.com
Thu Aug 19 17:17:16 UTC 2010


So have also checked the analytics that you use for any usage patterns,
maybe someone is hotlinking images from your website to some high traffic
website. Or maybe your ste got picked up by some high traffic news site. You
would atleast know if there is a genuine traffic spike as analytics tools
would not be able to pick up bot traffic other than the once they know
already.

Might give some clue.

On Thu, Aug 19, 2010 at 10:06 PM, Pete Graham <petegraham1 at gmail.com> wrote:

> The site does have a customer base in India, in fact their is an
> Indian version of the site with specific information for this customer
> base.
>
> We've been analysing the access logs further, there's some very
> strange behaviour in there. 165 IPs have made in excess of 200
> requests. It starts OK, with the server answering 200's and then some
> attempts fail ... returning 500's. We don't think it's a malicious
> DoS, as the user starts by doing a perfectly normal browse of the
> site. We've been trying to analyse was was the last request made
> before going AWOL, but can't find a pattern.
>
> Something like mod_dosevasive could be useful to block these bursts of
> traffic but I'd like to get to the bottom of what's causes them in the
> first place.
>
> Apologies that this tread is pretty off topic now as it's not really
> PHP related now.
>
> Pete
>
> On 19 August 2010 17:18,  <phil at infolinkelectronics.co.uk> wrote:
> >> Hi,
> >>
> >> I had my systems admin friend help me out on this one. He modified the
> >> Apache configuration: tuned the prefork mpm. Re-activated keepalive,
> >> with stricter settings. Also he noticed some IP in India was
> >> requesting 1000 pages a minute sometimes so blacklisted the IP,
> >> amongst other things.
> >>
> >> Site seems to behaving itself much more now, thankfully.
> >>
> >> Pete
> >
> > Pete,
> > If the site doesn't have a customer base in India I'd consider blocking
> more
> > than just a single IP, else you'll think you've fixed it and they'll just
> > pop back later on a different one!
> >
> > Phil
> >
> > _______________________________________________
> > Phpwm mailing list
> > Website : http://www.phpwm.org
> > Twitter : http://www.twitter.com/phpwm
> > Facebook: http://www.facebook.com/group.php?gid=2361609907
> >
> > Post to list: Phpwm at mailman.lug.org.uk
> > Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm
> >
>
> _______________________________________________
> Phpwm mailing list
> Website : http://www.phpwm.org
> Twitter : http://www.twitter.com/phpwm
> Facebook: http://www.facebook.com/group.php?gid=2361609907
>
> Post to list: Phpwm at mailman.lug.org.uk
> Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/phpwm/attachments/20100819/98c29d96/attachment.htm>


More information about the Phpwm mailing list