Massive High Load on My server

adam_blackice · 12-06-2008, 04:13 PM

Dears

I have the following dedicated sever which acts as web server hosting 50 sites on it with the following specifications :

AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
cache size: 512 KB
speed: 2200.246 MHz
4GB RAM DDR2
350×2 HDD

Last days i got a a massive DDOS attack which is requesting my image files in a specific folder...
I've installed all the modules which blocks this type of attack but still suffering from the problem !

Modules installed :
- Mod_Evasive
- Mod_iplimitconn
- APF / BFD
- DDOS Deflate
and others

I think the attacker using this method: http://www.websecurityauthority.org/goliath.php

after installed this modules the load goes down but it sometimes go high without any reasons i saw many requests on my images folder the behavior was ddos like .. So i need your help about that issue
if i need to make a specific configuration for apache or mysql ?..

any help will be highly appreciated

thanks in advance .

unSpawn · 12-06-2008, 05:03 PM

Quote:

Originally Posted by adam_blackice

Last days i got a a massive DDOS attack which is requesting my image files in a specific folder...

One, several or all images? Only images or in conjunction with other content? Was something slashdotted? Are there other plausible reasons why this content should be "popular"? Is it a continuous stream of requests? How many concurrent requests are you talking about? How much unique IP addresses? Is the interval of requests rather exact or not? What's the rate per IP address or range? Can the requesting IP's be grouped by user agent, location, path or something else?

Quote:

Originally Posted by adam_blackice

I've installed all the modules which blocks this type of attack but still suffering from the problem (..) if i need to make a specific configuration for apache or mysql ?..

Telling us what applications you installed is nice, but telling us how you configured each would be better.

adam_blackice · 12-06-2008, 05:35 PM

first i would thank you for your replay

Several Images ( Images of vbulletin style for one of my hosted forum )

- the most content was images and javascript files as i noticed it from the apache status in WHM is for the images (the Slot of each request reaches about 100mg altough its a small file)

- slahsdooted --> no

- requests

Quote:

Server uptime: 4 hours 15 minutes 34 seconds
Total accesses: 542477 - Total Traffic: 9.5 GB
CPU Usage: u239.45 s33.37 cu.29 cs0 - 1.78% CPU load
35.4 requests/sec - 0.6 MB/second - 18.3 kB/request
69 requests currently being processed, 18 idle workers

Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request
0-1 - 0/0/5293 . 1.07 15 0 0.0 0.00 42.71 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
1-1 17601 0/42/4823 _ 0.42 1 0 0.0 0.01 157.10 41.236.238.141 arabhardware.net GET /forum/clientscript/vbulletin_menu.js?v=373 HTTP/1.1
2-1 16959 0/108/5322 W 1.51 0 0 0.0 0.17 61.61 66.249.71.52 animalsfanclub.com GET /showthread.php?p=113763 HTTP/1.1
3-1 13018 0/100/4822 W 1.28 433 0 0.0 1.42 121.82 41.221.20.225 arabsoftware.net GET /uploads/vegCyWomPpaBfog0.zip HTTP/1.1
4-1 14315 0/63/4608 W 0.46 307 0 0.0 0.30 101.08 41.221.20.225 arabsoftware.net GET /uploads/vegCyWomPpaBfog0.zip HTTP/1.1
5-1 17602 0/13/5050 W 0.11 23 0 0.0 0.06 68.11 62.135.62.194 arabhardware.net GET /forum/clientscript/vbulletin_textedit.js?v=373 HTTP/1.1
6-1 16960 9/89/5352 K 1.51 0 0 51.2 0.22 75.29 41.233.42.218 arabhardware.net GET /forum/images/arbhrd/index_24.gif HTTP/1.1
7-1 17216 0/55/4608 _ 0.50 0 654 0.0 0.10 61.02 41.232.154.112 arabhardware.net GET /mg/templates/ja_barite/images/green/header-bg.gif HTTP/1.0
8-1 16961 2/99/5339 K 1.76 0 50 0.0 0.12 65.96 41.232.225.88 arabhardware.net GET /forum/images/reputation/reputation_pos.gif HTTP/1.1
9-1 15252 2/124/4923 K 2.95 0 45 0.0 0.39 76.88 41.178.150.48 arabhardware.net GET /forum/showthread.php?p=768546#post768546 HTTP/1.1
10-1 17759 1/6/4189 K 0.57 2 0 4.2 0.01 113.86 41.196.188.178 arabhardware.net GET /favicon.ico HTTP/1.1
11-1 17424 1/21/4078 K 1.33 0 2503 0.0 0.10 57.86 77.64.51.236 arabhardware.net GET /forum/caiacia-aecaaacae/73575-caaeaei-caiiii-eoni-sscaa-aa
12-1 17141 0/73/4584 _ 1.57 0 836 0.0 1.88 105.17 67.195.37.156 arabhardware.net GET /forum/aaeeii-caoacice-cauca/89081-athca-caioaece-caaaeai-a
13-1 13372 0/58/4539 W 1.35 1 0 0.0 2.87 41.69 66.249.71.150 arabhardware.net GET /news//modules.php?name=Downloads&d_op=ratedownload&lid=11&
14-1 16772 3/76/4989 K 1.84 0 81 38.4 0.32 84.30 77.31.180.115 qwaih.com GET /themes/sinawi2/images/r_ban.png HTTP/1.1
15-1 17603 2/56/4766 K 0.22 1 0 0.0 0.02 81.67 41.232.225.88 arabhardware.net GET /forum/images/rating/rating_3.gif HTTP/1.1
16-1 17425 3/33/4651 K 0.86 0 13 0.1 0.09 83.65 62.135.62.194 arabhardware.net GET /forum/image.php?u=1085&type=sigpic&dateline=1168133361 HTT
17-1 16964 0/63/5116 R 2.19 0 163 0.0 0.35 179.09 ? ? ..reading..
18-1 16965 0/66/4765 _ 1.70 1 383 0.0 0.32 55.88 198.247.172.4 animalsfanclub.com GET /external.php?type=RSS2 HTTP/1.1
19-1 17653 0/8/4863 W 0.30 22 0 0.0 0.01 71.88 41.222.129.17 arabhardware.net GET /forum/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?
20-1 17427 1/20/4634 K 1.06 0 51 1.0 0.08 84.43 62.135.62.194 arabhardware.net GET /forum/images/smilies/smile.gif HTTP/1.1
21-1 15267 11/126/4657 K 1.83 1 0 0.0 0.25 73.31 213.6.184.104 arabhardware.net GET /forum/images/arbhrd/misc/memory.gif HTTP/1.1
22-1 17428 2/32/4922 K 0.59 0 13 0.1 0.06 69.16 41.196.58.202 arabhardware.net GET /forum/image.php?u=57263&dateline=1207388993 HTTP/1.1
23-1 16967 1/77/4795 C 1.78 1 36 0.0 0.23 76.55 41.234.130.15 serdal.com GET /feed/ HTTP/1.1
24-1 17660 0/8/4715 _ 0.10 1 56 0.0 0.04 97.26 66.249.71.194 alfeqh.com GET /montda/index.php?act=print&client=printer&f=86&t=3752&p=23
25-1 17186 10/64/4737 C 4.69 0 0 5.1 0.08 81.58 41.196.188.178 arabhardware.net GET /forum/images/arbhrd/spacer.gif HTTP/1.1
26-1 17188 1/70/4839 W 0.66 7 0 0.1 0.10 80.09 62.135.62.194 arabhardware.net GET /forum/clientscript/vbulletin_textedit.js?v=373 HTTP/1.1
27-1 - 0/0/5340 . 0.97 11 0 0.0 0.00 69.31 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
28-1 17218 1/59/4281 K 0.68 0 0 1.7 0.07 37.34 77.64.51.236 arabhardware.net GET /forum/clientscript/vbulletin_important.css?v=373 HTTP/1.1
29-1 - 0/0/4226 . 0.02 1 0 0.0 0.00 49.67 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
30-1 17219 0/38/4523 _ 1.07 1 0 0.0 0.11 66.69 41.196.242.111 s7aba.net GET /forum/images/editor/quote.gif HTTP/1.1
31-1 17429 5/24/4861 K 0.70 0 11 4.1 0.09 78.76 41.196.58.202 arabhardware.net GET /forum/image.php?u=109931&dateline=1191446848 HTTP/1.1
32-1 17430 3/34/4904 K 0.48 0 65 1.2 3.56 91.98 62.135.62.194 arabhardware.net GET /forum/images/arbhrd/misc/im_yahoo.gif HTTP/1.1
33-1 - 0/0/5068 . 0.48 2 0 0.0 0.00 56.67 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
34-1 17191 2/61/4829 K 1.46 0 0 2.4 0.23 104.00 41.236.238.141 arabhardware.net GET /forum/images/arbhrd/headerbg.gif HTTP/1.1
35-1 17221 10/75/5029 C 1.00 0 0 5.8 0.19 81.21 41.196.188.178 arabhardware.net GET /forum/images/arbhrd/index_30.gif HTTP/1.1
36-1 13947 0/69/4227 W 2.14 421 0 0.0 0.33 29.40 41.221.20.225 arabsoftware.net GET /uploads/vegCyWomPpaBfog0.zip HTTP/1.1
37-1 16382 20/110/4953 K 2.27 1 1428 0.0 0.33 69.98 62.215.145.167 arabhardware.net GET /forum/sson-caonua-aeeenii-caicoe-caaai/103395-caaucaie8400
38-1 17192 0/135/4834 W 10.78 4 0 0.0 0.16 90.14 217.139.18.66 arabhardware.net GET /forum/oacie-ccnp-ccie-ccsp-and-ccvp/103804-ac-auaei-adhc-c
39-1 13928 8/115/4589 C 1.51 0 0 33.4 1.13 84.10 41.196.188.178 arabhardware.net GET /forum/images/arbhrd/footerbg.gif HTTP/1.1
40-1 17431 1/35/4893 K 1.17 0 2761 0.0 0.00 81.52 41.196.58.202 arabhardware.net GET /forum/caeiu-aecaonca/57861-aoucn-ae-aiecn-caacniaein-yi-ca
41-1 17194 3/86/4070 W 0.46 0 0 1.6 0.15 91.04 41.233.42.218 arabhardware.net GET /forum/images/arbhrd/index_23.gif HTTP/1.1
42-1 17222 0/35/4911 W 0.49 39 0 0.0 0.06 83.87 41.221.20.225 arabsoftware.net GET /uploads/vegCyWomPpaBfog0.zip HTTP/1.1
43-1 17821 2/7/4326 W 0.15 3 0 1.0 0.00 81.46 213.6.146.93 arabhardware.net GET /forum/image.php?u=94208&type=sigpic&dateline=1222016151 HT
44-1 17822 0/3/4234 _ 0.19 0 0 0.0 0.00 33.95 77.30.69.229 arabhardware.net GET /forum/images/arbhrd/index_30.gif HTTP/1.1
45-1 17197 0/38/4906 _ 2.39 0 8579 0.0 0.17 68.18 213.6.146.93 arabhardware.net GET /forum/caaucai-aecadhcssne-aecaaaeie-caca/95591-aaac-aeoaac
46-1 17433 0/25/4534 _ 0.52 0 0 0.0 0.03 44.84 77.30.69.229 arabhardware.net GET /forum/images/arbhrd/spacer.gif HTTP/1.1
47-1 - 0/0/4137 . 0.00 16 0 0.0 0.00 135.71 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
48-1 17199 9/95/4202 K 1.18 0 83 120.2 0.18 48.39 77.31.180.115 qwaih.com GET /themes/sinawi2/images/b1.png HTTP/1.1
49-1 17200 0/0/3958 W 0.00 161 0 0.0 0.00 79.65 41.221.20.225 arabsoftware.net GET /uploads/vegCyWomPpaBfog0.zip HTTP/1.1
50-1 15623 19/227/4560 K 1.65 0 0 9.8 0.72 86.19 62.240.53.110 arabhardware.net GET /forum/images/arbhrd/footerbg.gif HTTP/1.1
51-1 17201 2/44/4295 K 1.46 0 12 0.5 0.31 119.84 41.196.58.202 arabhardware.net GET /forum/image.php?u=54430&dateline=1226417929 HTTP/1.1
52-1 17202 0/89/4680 _ 1.25 0 0 0.0 0.19 65.64 41.196.188.178 arabhardware.net GET /forum/images/rating/rating_2.gif HTTP/1.1
53-1 12067 10/124/4182 K 2.12 0 0 0.0 11.24 77.64 213.6.184.104 arabhardware.net GET /forum/images/rating/rating_3.gif HTTP/1.1
54-1 17203 2/43/4631 K 0.40 0 0 20.2 1.06 71.85 41.178.196.61 arabhardware.net GET /mg/templates/ja_barite/images/green-hilite.gif HTTP/1.1
55-1 17824 0/0/5013 W 2.57 17 0 0.0 0.00 63.99 41.221.20.225 arabsoftware.net GET /uploads/vegCyWomPpaBfog0.zip HTTP/1.1
56-1 17434 0/42/4253 _ 0.67 1 92 0.0 0.07 51.49 66.249.71.244 arabhardware.net GET /forum/search.php?searchid=689843 HTTP/1.1
57-1 17435 10/26/4306 K 0.45 0 0 43.7 0.11 50.13 41.178.196.61 arabhardware.net GET /mg/templates/ja_barite/images/blue.gif HTTP/1.1
58-1 17825 3/7/4307 K 0.12 0 1 2.2 0.02 65.55 62.135.62.194 arabhardware.net GET /forum/images/arbhrd/misc/im_icq.gif HTTP/1.1
59-1 17205 3/67/4314 K 3.02 0 0 2.4 0.13 55.46 41.233.42.218 arabhardware.net GET /forum/images/arbhrd/index_20.gif HTTP/1.1
60-1 17206 0/49/4468 _ 1.42 0 0 0.0 0.21 52.03 41.196.188.178 arabhardware.net GET /forum/images/arbhrd/buttons/collapse_thead.gif HTTP/1.1
61-1 17437 2/16/3809 K 1.37 0 0 27.1 0.19 71.32 41.232.131.34 animalsfanclub.com GET /clientscript/vbulletin_important.css?v=374 HTTP/1.1
62-1 17439 0/22/4091 W 0.65 0 0 0.0 0.04 89.41 77.110.80.14 alfeqh.com POST /montda/index.php? HTTP/1.0
63-1 17208 0/81/4041 W 0.57 0 0 0.0 0.12 52.84 212.52.88.10 arabhardware.net GET /forum/showthread.php?p=437083 HTTP/1.1
64-1 17209 0/60/4479 R 0.84 0 36 0.0 0.18 55.43 ? ? ..reading..
65-1 - 0/0/3897 . 0.02 73 0 0.0 0.00 64.51 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
66-1 - 0/0/3941 . 0.00 71 0 0.0 0.00 93.50 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
67-1 17441 0/34/3996 _ 0.56 0 63 0.0 0.14 65.87 74.6.22.155 arabhardware.net GET /forum/search.php?searchid=540654 HTTP/1.0
68-1 - 0/0/4037 . 0.00 153 0 0.0 0.00 119.54 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
69-1 17213 19/71/4415 K 0.91 0 0 5.7 0.23 46.12 62.240.53.110 arabhardware.net GET /forum/images/arbhrd/theadbg.gif HTTP/1.1
70-1 17214 2/80/3267 K 0.97 1 0 0.2 0.08 65.34 62.135.62.194 arabhardware.net GET /forum/images/arbhrd/buttons/quote.gif HTTP/1.1
71-1 - 0/0/3974 . 1.86 52 326 0.0 0.00 87.91 66.249.71.151 arabhardware.net GET /forum/oaece-caeocthce-canoaeaie-aecaoaee/95830-ucio-eiie-s
72-1 - 0/0/4187 . 1.33 96 0 0.0 0.00 33.25 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
73-1 - 0/0/4213 . 3.46 153 75 0.0 0.00 31.02 66.249.71.195 alfeqh.com GET /montda/index.php?act=print&client=printer&f=85&t=9608&p=67
74-1 17215 4/41/3832 W 1.47 0 0 8.1 0.07 53.02 41.196.58.202 arabhardware.net GET /forum/clientscript/vbulletin_textedit.js?v=373 HTTP/1.1
75-1 16387 1/221/4283 K 2.48 0 1 1.2 0.34 50.15 41.196.58.202 arabhardware.net GET /forum/images/rating/rating_4.gif HTTP/1.1
76-1 - 0/0/3051 . 1.61 169 0 0.0 0.00 110.76 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
77-1 15651 4/65/3815 K 0.57 1 27 2.3 0.40 33.18 213.6.146.93 arabhardware.net GET /forum/image.php?u=3518&dateline=1189701806 HTTP/1.1
78-1 - 0/0/3433 . 2.22 48 0 0.0 0.00 73.42 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
79-1 - 0/0/3337 . 2.22 158 1 0.0 0.00 106.26 84.36.133.15 arabhardware.net GET /forum/images/arbhrd/buttons/mode_hybrid.gif HTTP/1.1
80-1 - 0/0/3728 . 2.54 195 0 0.0 0.00 58.54 217.54.157.173 arabhardware.net GET /forum/images/arbhrd/bg.gif HTTP/1.1
81-1 - 0/0/3924 . 0.44 248 0 0.0 0.00 37.20 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
82-1 - 0/0/3984 . 2.73 257 0 0.0 0.00 38.22 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
83-1 15654 0/8/3911 W 0.72 0 0 0.0 1.08 45.07 127.0.0.1 ibm.arabarch.net GET /whm-server-status/ HTTP/1.0
84-1 15871 0/63/3896 _ 0.70 0 0 0.0 1.03 88.62 41.196.188.178 arabhardware.net GET /forum/images/rating/rating_1.gif HTTP/1.1
85-1 - 0/0/3974 . 2.38 315 0 0.0 0.00 47.47 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
86-1 - 0/0/3709 . 1.84 74 11 0.0 0.00 74.98 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
87-1 - 0/0/3432 . 1.91 158 0 0.0 0.00 46.55 ::1 ibm.arabarch.net OPTIONS * HTTP/1.0
88-1 - 0/0/4053 . 2.95 314 0 0.0 0.00 73.88 196.12.230.53 arabhardware.net GET /forum/images/arbhrd/buttons/quote.gif HTTP/1.1

however the status seems to be fine now but it suddenly goes high !!

about my Configuration

for mysql

Quote:

[mysqld]
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-locking
skip-innodb
query_cache_limit=8M
query_cache_size=256M
query_cache_type=1
max_connections=500
max_user_connections=100
interactive_timeout=60
wait_timeout=60
connect_timeout=30
thread_cache_size=128
key_buffer=16M
join_buffer=1M
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=2M
read_buffer_size=2M
max_connect_errors=100
# Try number of CPU's*2 for thread_concurrency
thread_concurrency=2
myisam_sort_buffer_size=64M
#log-bin
server-id=1

[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash

[isamchk]
key_buffer = 256M
sort_buffer_size = 256M

for apache ..

Quote:

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 3
StartServers 15
MinSpareServers 15
MaxSpareServers 30
MaxClients 200
MaxRequestsPerChild 50

for the iplimit mod

Quote:

<IfModule mod_limitipconn.c>

# Set a server-wide limit of 10 simultaneous downloads per IP,
# no matter what.
MaxConnPerIP 10

<Directory /home/jarabhar/public_html/>
# This section affects all files under
MaxConnPerIP 10
</Directory>
<Directory /home/jarabhar/public_html/forum/images/>
# This section affects all files under
MaxConnPerIP 8
</Directory>

</IfModule>

for mod_evasive

Quote:

<IfModule mod_evasive20.c>
LoadModule auth_passthrough_module modules/mod_auth_passthrough.so
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600
DOSEmailNotify root
DOSWhitelist 127.0.0.1
DOSSystemCommand "/sbin/iptables -A INPUT -s %s -j DROP"
DOSLogDir /var/log/httpd/mod_evasive
</IfModule>

also i would mention that i saw 3 or 4 defunct processes come from httpd while the load going up .
if i need any thing to change kindly tell me ,
thanks

unSpawn · 12-06-2008, 06:46 PM

Quote:

Originally Posted by adam_blackice

Several Images ( Images of vbulletin style for one of my hosted forum ) the most content was images and javascript files

Well that and some uploaded ZIP file. Nothing out of the ordinary I can see from your posted nfo.

Quote:

Originally Posted by adam_blackice

the status seems to be fine now but it suddenly goes high

Unfortunately nothing in your post supports that. Maybe run atop, dstat, collectl or whatever SAR you fancy that you can replay and get stats from.

syg00 · 12-06-2008, 06:52 PM

And does a high load (loadavg ?) affect your ability to service your users ?.
If not, why do you care ?.

adam_blackice · 12-06-2008, 07:28 PM

Thanks Agian
unSpawn
when ever the load goes high the apache goes down, but i want to know if my apache , mysql and modules configuration is fine for my specification or i need to increase or reduce it ..

syg00
as i said when the load goes high the apache goes down which affect badly the users and the function of the webserver ..

--
Thanks ..

syg00 · 12-06-2008, 07:51 PM

I read your posts as you had a (performance) issue, made the changes, then had some (transient) load problems. No mention of performance.
I guess we may be talking about different things with "load" - I always think "loadavg"; what are you specifically referring to ?.

adam_blackice · 12-06-2008, 08:02 PM

I refer to load

adam_blackice · 12-07-2008, 10:27 AM

unSpawn , here is the status when the load get higher and higher ,, I also noticed that there a high queries on mysql ,, so if there is a way to optimize Mysql or apache let me know ..

Quote:

top - 18:22:57 up 1 day, 16:54, 2 users, load average: 22.10, 19.02, 15.01
Tasks: 243 total, 20 running, 217 sleeping, 4 stopped, 2 zombie
Cpu(s): 77.2%us, 17.9%sy, 0.0%ni, 0.0%id, 0.3%wa, 0.5%hi, 4.1%si, 0.0%st
Mem: 2010384k total, 1884148k used, 126236k free, 99908k buffers
Swap: 2048248k total, 39168k used, 2009080k free, 748412k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
32051 nobody 16 0 64284 27m 6416 R 33 1.4 0:03.09 httpd
5740 nobody 25 0 68080 31m 8368 R 24 1.6 0:02.52 httpd
24382 mysql 15 0 124m 80m 3900 S 13 4.1 3:33.26 mysqld
3298 nobody 16 0 62752 28m 8832 S 11 1.5 0:04.88 httpd
5780 nobody 15 0 63268 27m 6288 S 9 1.4 0:03.38 httpd
5134 nobody 22 0 62284 24m 4952 S 7 1.3 0:02.64 httpd
5247 nobody 15 0 58952 23m 6080 S 6 1.2 0:02.53 httpd
2172 nobody 15 0 56700 23m 7988 S 6 1.2 0:02.82 httpd
5097 nobody 18 0 63256 26m 5792 R 5 1.4 0:03.34 httpd
3454 nobody 15 0 61332 25m 6076 S 4 1.3 0:02.32 httpd
2170 nobody 20 0 61780 28m 8908 S 4 1.5 0:10.90 httpd
3299 nobody 15 0 61412 27m 7460 S 3 1.4 0:02.46 httpd
32710 nobody 15 0 59952 27m 9632 S 3 1.4 0:06.25 httpd
32711 nobody 15 0 59352 26m 9032 S 3 1.4 0:07.22 httpd
532 nobody 20 0 61524 26m 7048 R 3 1.4 0:05.74 httpd
6475 nobody 15 0 56216 21m 6892 S 3 1.1 0:00.42 httpd
1838 nobody 20 0 57484 23m 7544 S 2 1.2 0:08.40 httpd
5136 nobody 22 0 58412 23m 6824 S 2 1.2 0:01.64 httpd
5809 nobody 16 0 58788 22m 5748 S 2 1.2 0:00.50 httpd
6324 nobody 23 0 56356 19m 4824 S 2 1.0 0:00.21 httpd
7862 root 20 0 13212 4856 3476 R 2 0.2 0:00.07 exim
7872 mailnull 22 0 0 0 0 Z 2 0.0 0:00.06 exim <defunct>

Thanks ..

adam_blackice · 12-07-2008, 03:40 PM

After I made some optimization fro apache and mysql the problem now , that i have a special kind of attacks which make a quires that leads to make whole server gets down .. ! now the load reached 90 !!!

this is the mysql_process list
jarabhar_JUHyyuh is opening alot of connections in the same time
and this is not the normal behavior

Quote:

70446 jarabhar_JUHyyuh localhost jarabhar_vb Query 43 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('1268') )
70523 jarabhar_JUHyyuh localhost jarabhar_vb Query 159 Copying to tmp table SELECT COUNT(post.dateline) AS postcount, post.userid, user.username \n\t\t\tFROM post AS post \n\t\t\tLEFT
70517 jarabhar_JUHyyuh localhost jarabhar_vb Query 104 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678800, location = '/forum/showthread.php?t=88758', inthr
70516 jarabhar_JUHyyuh localhost jarabhar_vb Query 90 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678800, location = '/forum/showthread.php?t=57861&pag
70590 jarabhar_JUHyyuh localhost jarabhar_vb Query 106 Locked UPDATE user\n\t\t\t\t\t\tSET lastactivity = 1228678815\n\t\t\t\t\t\tWHERE userid = 11122713
70611 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678818, location = '/forum/showthread.php?t=67507', inthr
70650 jarabhar_JUHyyuh localhost jarabhar_vb Query 54 Locked SELECT userid, username FROM user\n\t\t\tWHERE userid != 0\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = 'king78'\n\t\t\t\tOR\n\t\t
70655 jarabhar_JUHyyuh localhost jarabhar_vb Query 85 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678826, location = '/forum/showthread.php?t=103933', logg
70662 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked INSERT IGNORE INTO session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, location, styleid,
70674 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678829, location = '/forum/showthread.php?t=88702', inthr
70681 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678829, location = '/forum/showthread.php?t=88702', inthr
70684 jarabhar_JUHyyuh localhost jarabhar_vb Query 94 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678830, location = '/forum/forumdisplay.php?f=46', inthre
70688 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678831, location = '/forum/showthread.php?t=88702', inthr
70694 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678832, location = '/forum/showthread.php?t=88702', inthr
70700 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678832, location = '/forum/showthread.php?t=88702', inthr
70699 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678832, location = '/forum/showthread.php?t=42181', infor
70738 jarabhar_JUHyyuh localhost jarabhar_vb Query 102 Locked INSERT IGNORE INTO session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, location, styleid,
70740 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('159100') )
70753 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678839, location = '/forum/showthread.php?t=86882', incal
70766 jarabhar_JUHyyuh localhost jarabhar_vb Query 98 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678840, location = '/forum/forumdisplay.php?f=14', inforu
70778 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('11111253','11122736','163312','10786
70780 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tannouncement.announcementid, startdate, title, announcement.views,\n\t\t\tuser.username, user.
70788 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tannouncement.announcementid, startdate, title, announcement.views,\n\t\t\tuser.username, user.
70789 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70790 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('11111253','11122736','163312','10786
70794 jarabhar_JUHyyuh localhost jarabhar_vb Query 67 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70796 jarabhar_JUHyyuh localhost jarabhar_vb Query 93 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678845, inforum = 0, inthread = 0, incalendar = 0, badloc
70806 jarabhar_JUHyyuh localhost jarabhar_vb Query 97 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70807 jarabhar_JUHyyuh localhost jarabhar_vb Query 95 Locked SELECT post.pagetext AS preview,\n\t\t\t\tthread.threadid, thread.threadid AS postid, thread.title AS thr
70810 jarabhar_JUHyyuh localhost jarabhar_vb Query 95 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70821 jarabhar_JUHyyuh localhost jarabhar_vb Query 94 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70824 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tannouncement.announcementid, startdate, title, announcement.views,\n\t\t\tuser.username, user.
70831 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70833 jarabhar_JUHyyuh localhost jarabhar_vb Query 104 Locked SELECT moderator.*, user.username,\n\t\tIF(user.displaygroupid = 0, user.usergroupid, user.displaygroup
70836 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70838 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70842 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked SELECT\n\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70844 jarabhar_JUHyyuh localhost jarabhar_vb Query 97 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70846 jarabhar_JUHyyuh localhost jarabhar_vb Query 94 Locked SELECT userid AS primarykey, lastpost AS readcolumn\n\t\t\tFROM user AS user\n\t\t\tWHERE userid = 145377\n\t\t
70847 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked SELECT\n\t\t\tuser.username, (user.options & 512) AS invisible, user.usergroupid,\n\t\t\tsession.userid, ses
70869 jarabhar_JUHyyuh localhost jarabhar_vb Query 89 Locked SELECT post.pagetext AS preview,\n\t\t\t\tthread.threadid, thread.threadid AS postid, thread.title AS thr
70871 jarabhar_JUHyyuh localhost jarabhar_vb Query 100 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70875 jarabhar_JUHyyuh localhost jarabhar_vb Query 102 Locked INSERT IGNORE INTO session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, location, styleid,
70876 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70879 jarabhar_JUHyyuh localhost jarabhar_vb Query 97 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70888 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tannouncement.announcementid, startdate, title, announcement.views,\n\t\t\tuser.username, user.
70890 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70893 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('11111253','11122736','163312','10786
70896 jarabhar_JUHyyuh localhost jarabhar_vb Query 99 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70898 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678874, location = '/forum/showthread.php?t=88702', inthr
70903 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT\n\t\t\tannouncement.announcementid, startdate, title, announcement.views,\n\t\t\tuser.username, user.
70904 jarabhar_JUHyyuh localhost jarabhar_vb Query 104 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70905 jarabhar_JUHyyuh localhost jarabhar_vb Query 104 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70913 jarabhar_JUHyyuh localhost jarabhar_vb Query 69 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70917 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked SELECT moderator.*, user.username,\n\t\tIF(user.displaygroupid = 0, user.usergroupid, user.displaygroup
70926 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT moderator.*, user.username,\n\t\tIF(user.displaygroupid = 0, user.usergroupid, user.displaygroup
70931 animal2 localhost animal2_vb2 Query 15 closing tables UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678879, location = '/showthread.php?t=2366', inforum = 52
70940 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Sorting result SELECT post.postid\n\t\t\tFROM post AS post\n\t\t\t\n\t\t\tWHERE post.threadid = 57861\n\t\t\t\tAND post.visible = 1\n
70941 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('11111253','11122736','163312','10786
70945 jarabhar_JUHyyuh localhost jarabhar_vb Query 105 Locked ( select u.userid, u.username\nfrom user u\nwhere u.userid in ('11111253','11122736','163312','10786
70947 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678884, location = '/forum/search.php?do=finduser&use
70948 jarabhar_JUHyyuh localhost jarabhar_vb Query 106 Locked SELECT \n\t\t\tuserfield.*, usertextfield.*, user.*, UNIX_TIMESTAMP(passworddate) AS passworddate, user.
70950 jarabhar_JUHyyuh localhost jarabhar_vb Query 99 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70952 jarabhar_JUHyyuh localhost jarabhar_vb Query 69 Locked SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70958 jarabhar_JUHyyuh localhost jarabhar_vb Query 102 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = 'e422f3326c9e04e4db3b4fc80bc6ed65'\n\t\t\t\t\tAND lastac
70962 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '74.6.8.91'\n\t\t\t\t\tAND idhash = '8391e2
70963 animal2 localhost animal2_vb2 Query 12 Opening tables SELECT COUNT(thread.threadid) AS threads, thread.postuserid, thread.dateline, user.userid, user.user
70964 jarabhar_JUHyyuh localhost jarabhar_vb Query 103 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '94.98.101.212'\n\t\t\t\t\tAND idhash = '64
70966 hakarrr localhost hakarrr_vb2 Query 90 Sorting result SELECT thread.threadid, thread.title, thread.lastpost, thread.forumid, thread.replycount, thread.las
70967 hakarrr localhost hakarrr_vb2 Query 13 Opening tables SELECT\n\t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS
70968 jarabhar_JUHyyuh localhost jarabhar_vb Query 101 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '61.247.222.53'\n\t\t\t\t\tAND idhash = 'a9
70974 jarabhar_JUHyyuh localhost jarabhar_vb Query 98 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '41.214.131.149'\n\t\t\t\t\tAND idhash = 'c
70976 jarabhar_JUHyyuh localhost jarabhar_vb Query 98 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '41.235.61.127'\n\t\t\t\t\tAND idhash = '6d
70975 jarabhar_JUHyyuh localhost jarabhar_vb Query 98 Locked select userid from user where username like "cassaei cacaea" limit 1
70977 animal2 localhost animal2_vb2 Query 11 Writing to net SELECT title, template\n\t\t\tFROM template\n\t\t\tWHERE templateid IN (3796,3657,3882,3883,3886,3887,3888,3
70978 hakarrr localhost hakarrr_vb2 Query 13 Opening tables UPDATE session\n\t\t\t\t\tSET lastactivity = 1228678894, incalendar = 0, badlocation = 0\n\t\t\t\t\tWHERE sessio
70979 animal2 localhost animal2_vb2 Query 17 closing tables SELECT *\n\t\tFROM style\n\t\tWHERE (styleid = 22 AND userselect = 1)\n\t\t\tOR styleid = 22\n\t\tORDER BY stylei
70980 jarabhar_JUHyyuh localhost jarabhar_vb Query 98 Locked SELECT \n\t\t\tuserfield.*, usertextfield.*, user.*, UNIX_TIMESTAMP(passworddate) AS passworddate, user.
70971 animal2 localhost animal2_vb2 Query 12 Sorting result SELECT userid, usergroupid, displaygroupid, username, posts \n\t\t\t\t\t\tFROM user AS user \n\t\t\t\t\t\tWHERE po
70982 animal2 localhost animal2_vb2 Query 97 closing tables SELECT \n\t\t\tuserfield.*, usertextfield.*, user.*, UNIX_TIMESTAMP(passworddate) AS passworddate, user.
70983 jarabhar_JUHyyuh localhost jarabhar_vb Query 97 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '82.114.174.57'\n\t\t\t\t\tAND idhash = 'f1
70984 jarabhar_JUHyyuh localhost jarabhar_vb Query 96 Locked select userid from user where username like "oin cauiae" limit 1
70985 animal2 localhost animal2_vb2 Query 11 Opening tables SELECT *\n\t\tFROM style\n\t\tWHERE (styleid = 22 AND userselect = 1)\n\t\t\tOR styleid = 22\n\t\tORDER BY stylei
70986 jarabhar_JUHyyuh localhost jarabhar_vb Query 95 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '41.235.61.127'\n\t\t\t\t\tAND idhash = '6d
70994 jarabhar_JUHyyuh localhost jarabhar_vb Query 94 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '13181b98c8b8b18f2b6adfcc64b63a03'\n\t\t\t\t\tAND lastac
70995 jarabhar_JUHyyuh localhost jarabhar_vb Query 93 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = 'b0ce577d5f9a5507975229eb7489ac37'\n\t\t\t\t\tAND lastac
70998 jarabhar_JUHyyuh localhost jarabhar_vb Query 93 Locked select userid from user where username like "thewizard0" limit 1
70996 jarabhar_JUHyyuh localhost jarabhar_vb Query 93 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '91.144.0.100'\n\t\t\t\t\tAND idhash = '1d0
71000 jarabhar_JUHyyuh localhost jarabhar_vb Query 93 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '07ca51b433a2306341efb9467a4a7b98'\n\t\t\t\t\tAND lastac
71003 s7aba_vb localhost s7aba_vb Query 13 Opening tables SELECT userselect_tag, opentag_user, closetag_user \n\t\tFROM user AS user \n\t\tWHERE username = '???
71005 jarabhar_JUHyyuh localhost jarabhar_vb Query 92 Locked select userid from user where username like "tech\\_admin" limit 1
71009 jarabhar_JUHyyuh localhost jarabhar_vb Query 92 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '65.111.177.102'\n\t\t\t\t\tAND idhash = '8
71010 jarabhar_JUHyyuh localhost jarabhar_vb Query 91 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '8ef6de648114e052ab55edaa5313b2e9'\n\t\t\t\t\tAND lastac
71011 s7aba_vb localhost s7aba_vb Query 12 Sorting result SELECT thread.threadid, thread.title, thread.lastpost, thread.forumid, thread.replycount, thread.las
71012 jarabhar_JUHyyuh localhost jarabhar_vb Query 91 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '87.230.141.175'\n\t\t\t\t\tAND idhash = '2
71013 hakarrr localhost hakarrr_vb2 Query 90 Sorting result SELECT thread.threadid, thread.title, thread.lastpost, thread.forumid, thread.replycount, thread.las
71015 jarabhar_JUHyyuh localhost jarabhar_vb Query 91 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '41.232.198.251'\n\t\t\t\t\tAND idhash = '8
71017 qwaihco_vbuser localhost qwaihco_vb35 Query 3 Opening tables SELECT COUNT(threadid) AS total FROM thread WHERE postuserid=214
71022 jarabhar_JUHyyuh localhost jarabhar_vb Query 84 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '57f70d252d4b446441774e31304af94b'\n\t\t\t\t\tAND lastac
71024 animal2 localhost animal2_vb2 Query 11 Opening tables SELECT userid, usergroupid, displaygroupid, username, posts \n\t\t\t\t\t\tFROM user AS user \n\t\t\t\t\t\tWHERE po
71026 jarabhar_JUHyyuh localhost jarabhar_vb Query 81 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '57f70d252d4b446441774e31304af94b'\n\t\t\t\t\tAND lastac
71033 jarabhar_JUHyyuh localhost jarabhar_vb Query 64 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '41.233.230.191'\n\t\t\t\t\tAND idhash = '2
71035 jarabhar_JUHyyuh localhost jarabhar_vb Query 15 Opening tables REPLACE INTO datastore\n\t\t\t\t(title, data, unserialize)\n\t\t\tVALUES\n\t\t\t\t('cron', '1228679100', 0)
71038 serdal_wordpress localhost serdal_555 Query 51 closing tables SELECT option_name, option_value FROM wp_options WHERE autoload = 'yes'
71039 serdal_wordpress localhost serdal_555 Query 15 Opening tables SELECT option_value FROM wp_options WHERE option_name = 'siteurl'
71030 animal2 localhost animal2_vb2 Query 16 closing tables SELECT postid FROM post WHERE threadid=11822 ORDER BY dateline LIMIT 1
71046 jarabhar_JUHyyuh localhost jarabhar_vb Query 71 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '6d6ed29a4555fc3b0d5eee063bedbfba'\n\t\t\t\t\tAND lastac
71047 jarabhar_JUHyyuh localhost jarabhar_vb Query 71 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '74.6.8.91'\n\t\t\t\t\tAND idhash = '8391e2
71048 jarabhar_JUHyyuh localhost jarabhar_vb Query 71 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '0d85bc37d9d5df7a0397730ae7a7aa58'\n\t\t\t\t\tAND lastac
71051 jarabhar_JUHyyuh localhost jarabhar_vb Query 60 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = '7d8c931fd3b9847d11aa38fa88a989c8'\n\t\t\t\t\tAND lastac
71052 jarabhar_JUHyyuh localhost jarabhar_vb Query 51 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE sessionhash = 'fdd7721302a36f7d72d5e793b098167c'\n\t\t\t\t\tAND lastac
71054 jarabhar_JUHyyuh localhost jarabhar_vb Query 51 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '195.229.242.56'\n\t\t\t\t\tAND idhash = 'b
71053 jarabhar_JUHyyuh localhost jarabhar_vb Query 16 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '72.30.87.107'\n\t\t\t\t\tAND idhash = '9bc
71055 animal2 localhost animal2_vb2 Query 51 closing tables SELECT *\n\t\t\tFROM datastore\n\t\t\tWHERE title IN ('','options','bitfields','attachmentcache','forumcache
71058 alfeqho_forum localhost alfeqho_forum Query 19 Opening tables SELECT * FROM ibf_skin_sets WHERE set_skin_set_id=9
71057 animal2 localhost animal2_vb2 Query 13 closing tables SELECT moderator.*, user.username,\n\t\tIF(user.displaygroupid = 0, user.usergroupid, user.displaygroup
71060 hakarrr localhost hakarrr_vb2 Query 12 Opening tables SELECT title, template\n\t\t\tFROM template\n\t\t\tWHERE templateid IN (3228,3104,3321,3105,3106,3324,3107,3
71061 jarabhar_main localhost jarabhar_mainDB Query 37 closing tables SELECT folder, element, published, params\n FROM ah_mambots\n WHERE published >= 1\n AND access <= 0\n A
71063 animal2 localhost animal2_vb2 Query 51 closing tables SELECT *\n\t\t\tFROM datastore\n\t\t\tWHERE title IN ('','options','bitfields','attachmentcache','forumcache
71062 animal2 localhost animal2_vb2 Query 51 closing tables SELECT *\n\t\t\tFROM datastore\n\t\t\tWHERE title IN ('','options','bitfields','pluginlist')
71065 jarabhar_JUHyyuh localhost jarabhar_vb Query 51 closing tables SELECT *\n\t\t\tFROM datastore\n\t\t\tWHERE title IN ('','options','bitfields','attachmentcache','forumcache
71066 animal2 localhost animal2_vb2 Query 10 Opening tables SELECT languageid,\n\t\t\tphrasegroup_global AS phrasegroup_global,\n\t\t\tphrasegroup_holiday AS phrasegrou
71069 alfeqho_forum localhost alfeqho_forum Query 37 closing tables SELECT * FROM ibf_topics WHERE tid=14149
71070 alfeqho_forum localhost alfeqho_forum Query 36 closing tables DELETE FROM ibf_sessions WHERE ip_address='74.6.8.105'
71076 jarabhar_JUHyyuh localhost jarabhar_vb Query 33 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '78.93.97.68'\n\t\t\t\t\tAND idhash = 'e61c
71077 jarabhar_JUHyyuh localhost jarabhar_vb Query 34 Sending data SELECT *\n\t\t\tFROM datastore\n\t\t\tWHERE title IN ('','options','bitfields','pluginlist')
71078 jarabhar_JUHyyuh localhost jarabhar_vb Query 34 Locked SELECT *\n\t\t\t\tFROM session\n\t\t\t\tWHERE userid = 0\n\t\t\t\t\tAND host = '41.233.230.191'\n\t\t\t\t\tAND idhash = '2
71079 alfeqho_fsite localhost alfeqho_alfeqh Query 32 end update video set reader=reader+1 where fileid=1

unSpawn · 12-07-2008, 05:10 PM

They're all in a Locked state. Once the first one gets locked it'll queue all the other queries. I'd kill his then GRANT any max_.* resource limit you can find. Of course I don't do MySQL so I might have said something foolish :-] Also you don't say what you "optimised" and worse, what effect it has. Also maybe disable forum "search" while you're dealing with this.

adam_blackice · 12-12-2008, 12:26 PM

Dear All,
After many tries i used iptables to prevent this and i add the following rule :

iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 30/sec -j ACCEPT

to accept only 30 connection per second however when i run the apache status i see that there is 38 connection per second .. how that could be happened ?

thanks //