Announcement

Collapse
No announcement yet.

how to mitigate slow loris attacks when moving account to cloudlinux?

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    how to mitigate slow loris attacks when moving account to cloudlinux?

    I have an account that a couple of times a week gets overloaded by what I think is called a slow loris attack. Apachectl status shows all or almost all W's and all the sites stop responding. It takes down the whole server for 5-10 minutes until the traffic clears or until I go in and restart apache. I am preparing to move it to a new server with cloudlinux installed along with all the LVE stuff including the sql governor. My question is what I should do to prepare the new server for moving this account? Are there steps I can take to head this off before the move? The new server is much more powerful than the old but still concerned about these repeated attacks.

    I am assuming that CL will prevent the other three accounts on the new server from lagging out even if this other account is hit but what can I do to ensure this is a good move overall? We are already using a paid version of Cloudflare. Also running CSF for a firewall.
    Tags: None
  • Answer selected by bogdan.sh at 03-13-2025, 08:15 AM.
    Are they PHP sites? Is it happening on CloudLinux server now? What are the limits and were there any faults? Please check the results with this command:

    Code:
    lveinfo --period 24h --by-fault any
    Setting the Entry Processes (EP) limit is crucial for controlling the number of connections to Apache in a CloudLinux environment. EP limits prevent a single user from exhausting all Apache connections, ensuring that other users can still access their sites. By managing EPs, users hitting their limits will receive an error instead of slowing down the server for everyone else.
    • Selected Answer

    Comment

    • #2
      Are they PHP sites? Is it happening on CloudLinux server now? What are the limits and were there any faults? Please check the results with this command:

      Code:
      lveinfo --period 24h --by-fault any
      Setting the Entry Processes (EP) limit is crucial for controlling the number of connections to Apache in a CloudLinux environment. EP limits prevent a single user from exhausting all Apache connections, ensuring that other users can still access their sites. By managing EPs, users hitting their limits will receive an error instead of slowing down the server for everyone else.
      • Selected Answer

      Comment

      • #3
        Right now it is not on a CloudLinux server. Yes, they are PHP sites with large MySQL databases.

        Comment

        • #4
          The default EP limit is set to 20 which means 20 entry processes are available for single user. The Entry Process is actually a connection apache->PHP which are usually fast. In case of slow loris attack this can help keeping other users secure and working normally.

          Comment

          Previous template Next
          Working...
          X