why nobody process always run
hai team cpanel, i got some issue by nobody process, this still running and make my web can't access, everytime i'm restart httpd service, nobody process always run and flooded httpd service. this is screenshoot from me
result of top
i'm using centos 7
thank you for helping.
-
Hey there! Can you post the output of "apachectl status" from the server so we can see what Apache is doing in real-time? 0 -
Hey there! Can you post the output of "apachectl status" from the server so we can see what Apache is doing in real-time?
this is output apachectl status0 -
It's the bottom part of that output that @cPRex was asking about. All the "K's" at the top there are keepalive. Your web server is basically getting flooded with connections. The bottom part of the status page will show you the IP they are coming from and the the site/page they are hitting. You'll prob. want to block the IP's / subnets with either a firewall or a .htaccess file. As a side note, the "nobody" processes are normal. Those are the Apache child processes that handle the http requests. 0 -
It's the bottom part of that output that @cPRex was asking about. All the "K's" at the top there are keepalive. Your web server is basically getting flooded with connections. The bottom part of the status page will show you the IP they are coming from and the the site/page they are hitting. You'll prob. want to block the IP's / subnets with either a firewall or a .htaccess file. As a side note, the "nobody" processes are normal. Those are the Apache child processes that handle the http requests.
my webserver getting flooded? and what should i do? I have checked the logs and I have deleted the affected account, but until now I am still affected by the flooding.0 -
Try running apachectl fullstatus or looking at Apache Status in WHM. That will give you "all" the information from Apache. In that output you'll see the source IP (Client) as well as what site they are accessing (VHost and POST). You should be able to look through the output and see if one IP/subnet is hitting your server. You'll then be able to block that with either your firewall or a .htaccess file. 0 -
I don't have any other advice as that is the only tool Apache has. If the DoS is too big for that to handle, you need other tools like a hardware firewall or Cloudflare. 0 -
I don't have any other advice as that is the only tool Apache has. If the DoS is too big for that to handle, you need other tools like a hardware firewall or Cloudflare.
Is there a way to enter the ddos ip from evasive mod automatically into the csf firewall?0 -
@yogisparingga - I'm not able to help with custom code, but when you say it's "not working" do you mean that the IPs are not being blocked properly, or the BASH script itself doesn't work? 0 -
@yogisparingga - I'm not able to help with custom code, but when you say it's "not working" do you mean that the IPs are not being blocked properly, or the BASH script itself doesn't work?
script bash it work, but ip bann from mod evasive /var/log/apache2/mod_evasive/ not listed to csf deny, maybe you can help?0 -
I'm not able to help with custom code, so I wouldn't be able to provide much on my end for that. I'd recommend breaking the script into parts to see which section isn't working properly. 0
Please sign in to leave a comment.
Comments
15 comments