Announcement

Collapse
No announcement yet.

Endusers hitting limits

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Endusers hitting limits

    Hi, I am getting a message that an end-user is hitting limits, and I just set up the server. I haven't even loaded a website on that domain yet.

    This server is a dual 18/32 CPU with 384GB memory and 24TB disk space, so it's a workhorse. Do I have a setting wrong? Should I bump up the system more? I am just confused that I am already hitting a "limit."

    I am running CPANEL w/Cloudlinux, Lightspeed, and Immunify360. Is it possible Lightspeed is causing conflicts?

    Someone, please help.

    Click image for larger version

Name:	image.png
Views:	291
Size:	6.2 KB
ID:	39074
    Click image for larger version

Name:	image.png
Views:	260
Size:	19.0 KB
ID:	39077
    Click image for larger version

Name:	image.png
Views:	248
Size:	43.6 KB
ID:	39075
    Click image for larger version

Name:	image.png
Views:	253
Size:	65.3 KB
ID:	39076

  • #2
    Hello,

    For sure litespeed is not causing conflicts, the issue should be more common. Thanks for sharing those screenshots, they are really helpful. What I see here is that both websites were hitting the EP Limit. Those are the Entry Processes limits, also called the concurrent connections to the website (for better understanding). Were you doing any kind of stress test of the websites there?

    You can find more with the lve-read-snapshot utility, it will show you the reason why it happened, do this in console, just replace username with the real one:

    Code:
    lve-read-snapshot --period 1d --user USERNAME

    Comment


    • #3
      Hi, thank you for your reply. We were not running any stress tests.

      Here is what I found by running the command:

      Click image for larger version

Name:	image.png
Views:	241
Size:	14.5 KB
ID:	39083
      Attached Files

      Comment


      • #4
        Sorry the one from above is the incorrect site. This is the site that said it was running into limits.

        Click image for larger version

Name:	image.png
Views:	242
Size:	6.4 KB
ID:	39085

        Comment


        • #5
          Hmm, likely this happened before Feb 19, there is an ability to set exact dates, but also weekly period could do it:

          Code:
          lve-read-snapshot --period 7d --user USERNAME

          Comment


          • #6
            Yea that looks like I am getting something now.

            Click image for larger version

Name:	image.png
Views:	256
Size:	18.8 KB
ID:	39088

            Comment


            • #7
              It does look like I was getting a few potential brute-force attacks recently. Would that show the limit indicator?

              A couple of questions:

              1) Since this server is dual 18 / 36t with 384GB memory would you recommend that I raise any limits to my cagefs settings?
              2) If this warning is being caused by the bruteforce attack is there a way to clear the warning? (or should I clear logs?)

              Click image for larger version

Name:	image.png
Views:	262
Size:	258.5 KB
ID:	39090

              Comment


              • #8
                Hmm, the lve-read-snapshot does not show any real data, still the same as IO limit. While original screenshots were about EP faults. Are you checking the right user?



                The brute-force attacks are related to sshd service, not the website and its performance directly. But yes, they could be somehow related when someone was trying to scan a domain you were hosting.

                As of now, you should not increase any limits. That is actually what CloudLinux is designed to do - when one website is under attack it is limited in its own instance (LVE) while other domains will keep working without any issues. On similar attacks without CloudLinux onboard most likely the server become overloaded and unresponsive.


                Keep the logs, they will be rotated automatically. But they are not related to LVE limits.

                Comment


                • #9
                  So what do you recommend? Ignore the limit warning?

                  Comment


                  • #10
                    If that was a one-time DDOS attack then ignore them. Nothing wrong here, the CloudLinux is doing its job.

                    If this happens again - research more and find exactly why it happening. Same way with lve-read-snapshot utility, as it's unclear why it's not reporting the EP limits hit you got two days ago.

                    Comment

                    Working...
                    X