Results 1 to 8 of 8
  1. #1

    Multiple sessions per client

    I have a website installed on my VPS. The website has a who's online feature based on sessions.
    But lately, my VPS has been suffering high cpu load and the traffic has also spiked from 30-50 online users at the same time to more than 2700 online users.

    So I checked the who's online table in the database, and I found out that each IP has multiple sessions stored in the database ranging from 2 sessions to something like 22 sessions per client. But some IPs only have 1 session though...
    Ultimately, I've banned some of those IPs with multiple sessions

    I know nothing is wrong with the website because I haven't changed anything from the script. So it must be the server...

    Is this some kind of DDOS? Or is this caused by some misconfiguration?
    Any idea?

  2. #2
    Join Date
    Apr 2009
    This looks like a DDoS attack.
    Install an automated firewall.
    As for your web server, what are you using? Apache? - Managed dedicated servers, cloud servers and software development.

  3. #3
    Yes, I'm using Apache.
    And my firewall is already enabled through CSF.
    Any other solutions?

  4. #4
    Join Date
    Aug 2006
    Ddos Deflate ?
    WebSitePanel / Hosting Controller / Smartermail / Installation / Configuration / Troubleshooting / Migrations
    Windows Server Management / Security / Hardening
    I speak English and Spanish

  5. #5
    Join Date
    Apr 2009
    1. Install Nginx, if you are using cPanel, if not do it manually
    2. Edit: /etc/csf/csf.conf and find the option PORTFLOOD = "", edit it to look like this: PORTFLOOD = "80;tcp;20;5" (it's a bit drastic but it should do the trick)
    Btw, check the CSF output btw..

    If the above options are not ok for you, then you can try LiteSpeed, try the free 15 Days trial license, it's great against DDoS attacks (it's not free tho, nginx is free on the other hand, but harder to configure for beginners) - Managed dedicated servers, cloud servers and software development.

  6. #6
    Thanks for the suggestion, I'll keep this in mind for later

    I have DirectAdmin instead of Cpanel so I suppose I could install Nginx manually, but I have to rewrite a few .htaccess files though...
    Do I still need to edit csf.conf if I install Nginx? Cause it seems my iptables isn't working correctly. The ipt_recent modules is missing I think... this is the output of CSF test

    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for PORTFLOOD and PORTKNOCKING features
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK

    RESULT: csf will function on this server but some features will not work due to some missing iptables modules [1]

  7. #7
    Join Date
    Apr 2009
    Contact your VPS provider and ask them to load this module for you.
    As for Nginx, if you configure it to work with Apache, as a reverse proxy, you do not need to rewrite .htaccess - Managed dedicated servers, cloud servers and software development.

  8. #8
    Okay thanks.
    I'll contact them and see if they can do that for me.

Similar Threads

  1. php sessions vs cookie sessions
    By ncix in forum Programming Discussion
    Replies: 13
    Last Post: 04-05-2010, 04:24 PM
  2. Sharing Sessions across multiple Domains
    By jon31 in forum Programming Discussion
    Replies: 3
    Last Post: 08-14-2008, 01:25 PM
  3. [PHP] Sessions over multiple subdomains
    By ResellerPlanet in forum Programming Discussion
    Replies: 5
    Last Post: 07-16-2008, 06:33 AM
  4. Multiple Direct BGP Sessions
    By mams482 in forum Colocation and Data Centers
    Replies: 9
    Last Post: 03-16-2005, 12:04 PM
  5. Binding sessions to client attributes
    By Saeven in forum Programming Discussion
    Replies: 5
    Last Post: 09-25-2003, 04:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts