Today, my website was down. I checked in the process list. There are so many httpd process (apache 2). It never happens before. I do not know how to solve it.

This is the result from uptime:

Anybody has such problem before?

Greetingz!

Well, for starters, you're server has only been online for about an hour. As for your load averages, sheesh!

When you do a "ps -ef | grep http | wc -l", what number do you get?

You may need to check your httpd.conf file. I would recommend running the following command to get the "meat" of your configuration

grep -v "^#" /etc/httpd/conf/httpd.conf | grep .
(This strips out comments, the removes blank lines)

You should pay attention to the following values (I've included my settings, as I run a small public website, too);

<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

1 members found this post helpful.

Its because of too many http traffic hit your webserver so investigate how such traffic hit your server. May be its because of DoS attack or do you have any ruff idea how many http request hit your server per second?

1 members found this post helpful.

Thank you guys. Finally, I found out why httpd was overloaded. It's because there was one php script bug and one bad guy was trying to open that bug URL every second.

I found out other people have the same problem like mine here: http://simpleportal.net/index.php?topic=4168.0

We experience a similar problem every so often on a Redhat box. The MaxClients limit is reached and Apache stops serving pages. Increasing the limit doesn't solve the problem, and the average number of connections when things are running smoothly is much, much lower than this setting anyway.

To hold us over, I've written a script that checks the number of httpd processes every 5-10 minutes (forget how often off the top of my head). If it gets too high, it sends out a report containing the output of top and ps and restarts Apache in order to prevent it from crashing. It seems like a crude solution, but it tends to keep the site up until the problem passes.

Is it really that simple to DoS a web server? Does that mean someone could conceivably keep clicking on links on a site as fast as possible and have the server grind to a halt?

Yes, it's kind of. I checked at the log and found out there were one bad guy trying to click a link (where it had that bug) every second.

OMG, a Joomla vulnerability!!

A Joomla vulnerability? I do not understand. It's about Simplemachines and Simpleportal, why Joomla?