[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    Re: [users@httpd] Apache in under attack.
From:       Jason Long <hack3rcon () yahoo ! com ! INVALID>
Date:       2021-01-17 8:54:54
Message-ID: 233953180.1447607.1610873694558 () mail ! yahoo ! com
[Download RAW message or body]

Is you mean below lines in "httpd.conf" file?
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio








On Thursday, January 14, 2021, 11:43:33 PM GMT+3:30, Richard <lists-apache@listmail.innovate.net> wrote: 





You should look at adding the %D and %T format strings to your httpd
access log configuration so that you can capture the amount of time
spent in delivery of a resource.


> Date: Thursday, January 14, 2021 11:48:55 +0000
> From: Jason Long <hack3rcon@yahoo.com.INVALID>
>
> Server have 4 CPU cores and 6GB of RAM.
> I pasted Apache configuration. In your opinion, which parts of
> servers must be examine?
> 
> 
> On Wednesday, January 13, 2021, 08:30:58 PM GMT+3:30, @lbutlr
> <kremels@kreme.com> wrote: 
> 
> 
>> On 12 Jan 2021, at 01:52, Jason Long <hack3rcon@yahoo.com.INVALID>
>> wrote:
>> 
>> It show me:
>> 
>> 13180 X.X.X.X
>>       1127 X.X.X.X 
>>       346 X.X.X.X 
>>       294 X.X.X.X 
>>       241 X.X.X.X 
>>       169 X.X.X.X 
>>       168 X.X.X.X
>>       157 X.X.X.X
>>       155 X.X.X.X
>>       153 X.X.X.X
> 
> Your server would not be getting bogged down by that few
> connections unless your hardware is very weak or you are hosting
> something insane.
> 
> I have a very lightly used web server that gets more than 40K hits
> a day running on a Celeron machine with a whole 4GB of RAM and my
> load average is in the 1.2 range consistently.
> 
> I wonder if there is not some configuration error.
> 
> Also, the URLs shown in your logs starting with /tag/ followed by a
> long series of hex digits, do those look like valid URLs for your
> server?
> 
> Do a dig -x on the IP that is hitting you 13,000 times and see
> where it is. You can try firewalling it, but if it's not some
> misconfigured server, the DOS will simply move to another IP.
> 
>> https://paste.ubuntu.com/p/PsxM8yPXPQ/
> 
> I haven't run F2B in quite a while, but is that a list of IPs that
> you are whitelisiing or does [Protect] mean "Protect FROM"?
> 
> But if 13,000 queries are crippling your web server, I think your
> real problem lies elsewhere than the 13,000 hits.
> 
> (You are loading almost double the modules that I am, by the way.
> It seems like an lot. Do you know why each of those modules is
> enabled?)

------------ End Original Message ------------




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]