I don't know what's happening but sometimes (pretty often in these last day) if i try to open my website (that is hosted on a my dedicated server)
the site takes too much time to show up. Then the only solution to recover it is to restart apache with the classic debian command:
/etc/init.d/apache2 restart
After that my website immediatly show up when I open it in my browser.
I have debian 64 bit with 4GB ram and a Core 2 Duo @ 2.33 GHz
Apache 2 settings are the follow:
Timeout 10
KeepAlive Off
<IfModule mpm_prefork_module>
StartServers 90
MinSpareServers 5
MaxSpareServers 20
ServerLimit 90
MaxClients 90
MaxRequestsPerChild 0
</IfModule>
Error.log shows nothing beside a "[error] favicon.ico not found"
Just after the restart top command is:
top - 17:53:43 up 129 days, 6:06, 1 user, load average: 0.18, 0.16, 0.18
Tasks: 207 total, 1 running, 206 sleeping, 0 stopped, 0 zombie
Cpu(s): 12.4%us, 2.1%sy, 0.0%ni, 80.4%id, 4.0%wa, 0.0%hi, 1.2%si, 0.0%st
Mem: 4040068k total, 3851432k used, 188636k free, 2037056k buffers
Swap: 1051384k total, 1332k used, 1050052k free, 772836k cached
Please Help me. (and please don't ask me to install mod_status)
I saw /var/log/messages and i found a lot of this meessage, Maybe this is a DDOS attack?
Jan 29 18:31:31 ns354729 kernel: possible SYN flooding on port 80. Sending cookies.
Setup a automated script to perodically request a page and check to see if the results are valid. combine this with settup up tools like atsar, process accounting, and other things that will capture the state of your system and log it. Once you have an exact failure time try and coorelate that with everything you have logged.
As a temporary measure you might want to also setup monit to monitor, notify you, and automatically restart apache on failure.
The first thing I would try is to add this line to
/etc/sysctl.confand restart the box (just to make sure it takes effect):If the SYN flood messages don't stop try increasing this value more.
Linux Kernel Tuning