Need help moving from apache
- Thread starter hostparlor
- Start date
Well i got it working.....god i love this...where do i write my testimonial because this is the greatest thing to happen to my hosting company EVER! My hosting company was being targetted by botnet attacks.....3 days of downtime and no source to find out how to stop it..... apache..blah!! I then just got done installing lite speed. ... it seems as soon as i did that everything was up and running faster then i have ever felt with apache! Something cool i think, if the botnet packets do seem to take down my main site, all of myother sites on the network are still up and running faster then lightening? All i have to say is you guys are geniuses i am defiantly paying for this after the 14 day trial is up!
Glad you made it work and it helps.
If would like to post a testimonial, www.webhostingtalk.com is the best place.
Thanks!
If would like to post a testimonial, www.webhostingtalk.com is the best place.
Thanks!
I take that back
[root@server ~]# sh ip
What port do you want to see connections on (ex. 80)
80
1 163.1.124.169
1 192.167.9.228
1 200.31.42.3
1 200.67.31.246
1 201.246.124.31
1 203.160.1.44
1 206.219.100.110
1 218.56.8.72
1 219.168.204.150
1 221.232.159.112
1 41.226.249.172
1 61.57.40.31
1 66.167.100.59
1 66.192.6.131
1 66.249.70.121
1 70.54.68.91
1 70.9.240.125
1 71.170.191.43
1 72.27.24.97
1 74.92.242.25
1 79.181.160.76
1 81.245.5.67
1 81.63.140.37
1 83.138.145.18
1 83.17.125.194
1 90.152.8.69
1 90.196.163.183
2 148.235.92.34
2 200.75.29.59
2 201.249.236.220
2 202.150.223.5
2 210.51.51.24
2 211.31.98.181
2 213.244.200.170
2 217.126.212.162
2 218.196.195.203
2 41.232.112.11
2 60.10.6.170
2 64.128.80.14
2 71.228.136.63
2 83.53.178.118
2 88.109.128.53
3 130.227.200.90
3 207.59.107.175
3 218.62.81.78
3 24.189.207.169
3 72.221.79.163
3 85.136.84.95
4 123.17.216.99
4 68.178.250.61
4 72.46.130.125
4 76.108.158.236
4 86.149.108.107
4 88.228.90.83
5 129.67.29.139
5 159.145.15.101
5 196.217.109.94
5 202.46.116.114
5 203.88.192.104
5 63.247.78.94
5 83.43.102.167
6 189.68.172.153
6 201.243.71.225
6 83.34.157.95
7 205.237.42.117
8 212.71.37.91
8 75.82.219.104
9 0.0.0.0
9 121.55.219.88
9 201.52.157.62
9 24.141.168.161
9 84.235.22.7
9 85.58.28.228
11 89.174.71.4
12 190.157.204.36
12 190.64.0.172
14 88.7.238.186
14 89.2.253.154
15 58.107.245.192
15 71.220.10.72
15 83.57.208.252
17 72.189.99.88
17 88.3.30.46
18 72.27.3.35
18 88.24.154.7
19 122.162.142.100
24 213.243.27.242
26 82.20.47.33
26 86.20.22.44
27 69.212.241.169
28 201.50.45.134
29 62.241.141.242
33 85.101.31.218
36 200.112.46.191
38 88.8.182.26
39 190.13.33.209
40 200.61.18.229
41 77.210.132.173
43 200.127.242.176
50 190.19.11.205
59 76.198.236.158
68 86.68.107.101
72 76.116.14.9
93 82.17.174.56
117 85.89.162.16
127 190.48.230.253
139 88.173.4.32
343 201.255.107.99
349 190.48.236.251
1193 190.48.33.41
-------------
server = down
[root@server ~]# sh ip
What port do you want to see connections on (ex. 80)
80
1 163.1.124.169
1 192.167.9.228
1 200.31.42.3
1 200.67.31.246
1 201.246.124.31
1 203.160.1.44
1 206.219.100.110
1 218.56.8.72
1 219.168.204.150
1 221.232.159.112
1 41.226.249.172
1 61.57.40.31
1 66.167.100.59
1 66.192.6.131
1 66.249.70.121
1 70.54.68.91
1 70.9.240.125
1 71.170.191.43
1 72.27.24.97
1 74.92.242.25
1 79.181.160.76
1 81.245.5.67
1 81.63.140.37
1 83.138.145.18
1 83.17.125.194
1 90.152.8.69
1 90.196.163.183
2 148.235.92.34
2 200.75.29.59
2 201.249.236.220
2 202.150.223.5
2 210.51.51.24
2 211.31.98.181
2 213.244.200.170
2 217.126.212.162
2 218.196.195.203
2 41.232.112.11
2 60.10.6.170
2 64.128.80.14
2 71.228.136.63
2 83.53.178.118
2 88.109.128.53
3 130.227.200.90
3 207.59.107.175
3 218.62.81.78
3 24.189.207.169
3 72.221.79.163
3 85.136.84.95
4 123.17.216.99
4 68.178.250.61
4 72.46.130.125
4 76.108.158.236
4 86.149.108.107
4 88.228.90.83
5 129.67.29.139
5 159.145.15.101
5 196.217.109.94
5 202.46.116.114
5 203.88.192.104
5 63.247.78.94
5 83.43.102.167
6 189.68.172.153
6 201.243.71.225
6 83.34.157.95
7 205.237.42.117
8 212.71.37.91
8 75.82.219.104
9 0.0.0.0
9 121.55.219.88
9 201.52.157.62
9 24.141.168.161
9 84.235.22.7
9 85.58.28.228
11 89.174.71.4
12 190.157.204.36
12 190.64.0.172
14 88.7.238.186
14 89.2.253.154
15 58.107.245.192
15 71.220.10.72
15 83.57.208.252
17 72.189.99.88
17 88.3.30.46
18 72.27.3.35
18 88.24.154.7
19 122.162.142.100
24 213.243.27.242
26 82.20.47.33
26 86.20.22.44
27 69.212.241.169
28 201.50.45.134
29 62.241.141.242
33 85.101.31.218
36 200.112.46.191
38 88.8.182.26
39 190.13.33.209
40 200.61.18.229
41 77.210.132.173
43 200.127.242.176
50 190.19.11.205
59 76.198.236.158
68 86.68.107.101
72 76.116.14.9
93 82.17.174.56
117 85.89.162.16
127 190.48.230.253
139 88.173.4.32
343 201.255.107.99
349 190.48.236.251
1193 190.48.33.41
-------------
server = down
Just checkout this in our howto
http://www.litespeedtech.com/how-tos.html#qa_dos
http://www.litespeedtech.com/how-tos.html#qa_dos
checking now, if i need can someone help me config it better? im loosing alot of my clients because of this....3 days downtime....this is still alot better then apache...how is it sites still load fast when server load is at 79% and how do you guys get it to where only the site getting hit drops and the rest load fast?
thats wierd...its a good web server though..
thats wierd...its a good web server though..
well if the ddos is consuming your pipe then there is nothing litespeed can do. Only way it can really bring it down is from php/mysql usage due to get attacks.
But here is what to do, George showed me these settings the other night but first you need a firewall like CSF Make sure you enable connection tracking on it.
For litespeed put
Static Requests/second 10
Dynamic Requests/second 1
Connection Soft Limit 5
Connection Hard Limit 20
Grace Period (sec) 30
Banned Period (sec) 3000
You still need a firewall but these settings here will help tons.
Also make sure your users are running suphp so php processes dont go crazy. You can limit per user php processes to prevent from using all the resources on the server.
Do this, install the firewall (CSF) set ct_limit to about 60, interval to 30, and permanent ban to 1 And it will help clear it up. Then you can pretty much handle all you can pipe to it
BUT, sometimes the default kernel values for tcp are low and some attacks can hit limits to where the kernel starts dropping packets. If you see any messages about running out of socket memory or dropping packets on dmesg then you need to tune your tcp stack. I will post a tut on that here soon but you can find lots of info on the net about it and its resource sensitve, you can only allocate what you have memory for
But here is what to do, George showed me these settings the other night but first you need a firewall like CSF Make sure you enable connection tracking on it.
For litespeed put
Static Requests/second 10
Dynamic Requests/second 1
Connection Soft Limit 5
Connection Hard Limit 20
Grace Period (sec) 30
Banned Period (sec) 3000
You still need a firewall but these settings here will help tons.
Also make sure your users are running suphp so php processes dont go crazy. You can limit per user php processes to prevent from using all the resources on the server.
Do this, install the firewall (CSF) set ct_limit to about 60, interval to 30, and permanent ban to 1 And it will help clear it up. Then you can pretty much handle all you can pipe to it
BUT, sometimes the default kernel values for tcp are low and some attacks can hit limits to where the kernel starts dropping packets. If you see any messages about running out of socket memory or dropping packets on dmesg then you need to tune your tcp stack. I will post a tut on that here soon but you can find lots of info on the net about it and its resource sensitve, you can only allocate what you have memory for
Now, here is a sysctl file I use on servers with 2 gb ram. I say some of these settings have to be too high so use with caution and dont blame me if something bad happens lol.
BUT I have been using it and dealing with ddos 24/7 with no problems and no dropped packets or sockets running out of memory. So I know some of these are helping. If you ever get a ddos and notice lines in dmesg like conntrack_table full dropping packet, or out of socket memory. Using this will help.
for rhel/centos
www.nix101.com/sysctl.conf
BUT I have been using it and dealing with ddos 24/7 with no problems and no dropped packets or sockets running out of memory. So I know some of these are helping. If you ever get a ddos and notice lines in dmesg like conntrack_table full dropping packet, or out of socket memory. Using this will help.
for rhel/centos
www.nix101.com/sysctl.conf
