Im not exactly sure why this is happening, but on average of about 4 or 5 days our dedicated server has had some httpd processes(usually around 4) take up over 90% of the CPU. Heres a screenshot of it just starting, as you can see PID 4056 has 99.8% while the rest are looking a-ok. Its really giving our forum a beating. The server has to be rebooted every 5 days or so. Any help would be greatly appreciated. FinderPop :: View topic - Maxing out CPU usage?::
Nothing in the console out of the ordinary (at least nothing 'not responding' like last time), although I guess there might be some funkiness going on
http://fnarr.net/fp/viewtopic.php?p=225HOME |
One more thing you can do is to put this in your httpd.conf file:
LimitRequestLine 200
This can be placed only at server level, not in the .htaccess file
This will refuse any requests with more than 200 characters in URL.
If you don't have any pages that can possibly have URLs longer than 200 this will be very helpful for protecting against code red and other crap.
You could set this number even lower if you want.
Code red requests are usually over 300 characters, so they will just be refused.
I thought code red only affects IIS servers and Apache servers on Linux are safe from Code red.
Is this a correct information?
cat /etc/httpd/logs/access grep -c default.ida
Checks the apache access logs, I'm guessing you haven't been in a room with no way of recieiving news, so I'm guessing you already know about Code Red, this will check how many times code red has hit your box, if its a highnumber, you know why you have server problems..
If its a shared server, check perl/php script that may have looped and are bringing the server down....
Originally posted by The Prohacker
Code Red scans IPs, so if your one of the IPs being scanned you could get hit thousands of times, and no matter what that will mess with any server *nix or windows..
Err well the request is a get which returns a 404 so there is no overhead apart from apache children and logging. I don't see your point- we had 70,000 code reds in three days and the server hardly noticed
Is this server just for your forum, or is it shared?
And have you checked to see if code red scans have done this? You can check by running:
cat /etc/httpd/logs/access grep -c default.ida
Code Red scans IPs, so if your one of the IPs being scanned you could get hit thousands of times, and no matter what that will mess with any server *nix or windows..
The server has other sites running off of it but none are using php or the forum software. Nor are they of signifigant size in comparison to the site that is running vb.
And have you checked to see if code red scans have done this? You can check by running:
cat /etc/httpd/logs/access grep -c default.ida
Im not exactly sure what you mean by this.
 Red Hat's Rough Recovery From CFO Exit
 Windows Live Finds a New, Pre-installed Home |
HOME