Litesped 3.3.24 trial and high load

Discussion in 'Install/Configuration' started by Bono, Jan 21, 2009.

  1. mistwang

    mistwang LiteSpeed Staff

    The best way to deal with bot net is combine LiteSpeed with firewall like iptables, when you set connection soft/hard limit properly, litepseed will log those IP that reaches those limits, those IPs are mostly member of the bot net or people trying to abuse your server. LiteSpeed does block them automatically, however, block them at firewall is better.

    A script called "fail2ban" is nice tool which can automate this for you. it can parse the LiteSpeed log file and extract offending IPs, block them automatically. CSF has similar feature, what you need to do is to configure a regular expression to match log entry.
  2. Bono

    Bono New Member

    I have returned this value to default PHP_LSAPI_CHILDREN=35, it works better now, ddos is not so hard.

    Yes, i have firewall but in this case it doesn't help much, connection soft limit is 30, and hard 50. Dynamic Requests/second is 2 and static 20.
    On my site during hardest attack was 1400 people online. We got almost the same server.

    But with dynamic and static values it looks like load is higher, atm is around 8.
  3. mistwang

    mistwang LiteSpeed Staff

    Under attack, you can try
    connection soft limit 10, and hard 30. Dynamic Requests/second is 1 and static 20.
    Under normal condition, use your current limit.
  4. anewday

    anewday Moderator

    What about the grace period? Your soft and hard limits are too high for a ddos-prone server.
  5. Bono

    Bono New Member

    Do you have any tip how can i do that with CSF? Usually i cought attackers with this tool http://nix101.com/category/antiddos/ but this time they are not using SYN FLOOD.


    Load looks better after applying those settings, just i dont know if it was because of settings or ddoser stopped the attack. I guess i will find out soon enough.
    Last edited: Jan 21, 2009
  6. anewday

    anewday Moderator

    So, how did it go later?
  7. Bono

    Bono New Member

    It is quiet now, DDOS attack is over and i switched to new server Xeon 3220 with 4GB of ram.

    one last question is it possible to run PHP as user but without PHP suEXEC enabled? If i enable suEXEC then Xcache doesn't work, but i would like to have both if possible like on apache.

Share This Page