Quote:
Originally Posted by Lord Matt
What seems to be killing me is the number of child processes in such statuses as LAST_ACK, CLOSE_WAIT and TIME_WAIT
|
Search LQ, there's some threads about .*_WAIT state problems that talk about lowering values in net.ipv4.netfilter.ip_conntrack_tcp_timeout_* and net.ipv4.tcp_* sysctls, httpd.conf tuning and iptables modules. However most of it deals with
remedying symptoms, not the cause.
Quote:
Originally Posted by Lord Matt
I've only been learning about these things these last few days (3 day DDoS from http comment/trackback spam on a dedicated server)
|
Maybe it goes against your idea of what the 'net should provide (and
captcha-reading bots could work around this) but maybe start by stopping the cause? Like denying anonymous commenting?