Results 1 to 5 of 5
  1. #1

    hacker attack - MaxClients setting


    though I have found many topics with "server reached MaxClients setting, consider raising the MaxClients setting", still I`m looking for clear picture about it. Last night we had offline server for 10 mins. and here is the part of error_log which correspond to this attack:

    [Wed Sep 16 00:16:22 2009] [notice] caught SIGTERM, shutting down
    [Wed Sep 16 00:16:23 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Wed Sep 16 00:16:23 2009] [notice] ModSecurity for Apache/2.5.7 ( configured.
    [Wed Sep 16 00:16:24 2009] [notice] Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/ PHP/5.2.6 configured -- resuming normal operations
    [Wed Sep 16 00:16:37 2009] [error] server reached MaxClients setting, consider raising the MaxClients setting
    I don`t wanna increase MaxClients setting value, I don`t know exactly how to prevent this attack in future since I can figure out which request overload server?
    This is cPanel licensed server and if you know some documented procedure how to prevent those kind of attack in the future, or how to trace requests which causing overload please post it here.

    Thank you.

  2. #2

  3. #3
    You need to look at the apache status in WHM, see what the connections are doing and where they originate from (which IP addresses). If it's an attack coming from a specific IP then you can block it. Post the output from your apache status once it has many open connections.
    Accelerated Hosting - From Constant Internet
    Automatically serving your website from the nearest server
    Get hosted on our global network! America / Europe / Asia

  4. #4
    Join Date
    Mar 2003
    California USA
    It may not be an attack. if you haven't changed the default setting from 150, then it could be legitimate. Its not uncommon to see that.

    However you could install something like CSF and enable the port flood option for port 80.
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  5. #5
    As per the code it doesn't looks like a attack. If you need to increase MaxClients you will have to raise the ServerLimit option to something more then 250.
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

Similar Threads

  1. server reached MaxClients setting
    By Ruriko in forum Hosting Security and Technology
    Replies: 3
    Last Post: 08-23-2009, 10:19 AM
  2. What's this: Server Reached Maxclients setting
    By citrine in forum Hosting Security and Technology
    Replies: 4
    Last Post: 12-13-2006, 08:30 AM
  3. Quick maxClients setting question
    By GeorgeC in forum Hosting Security and Technology
    Replies: 1
    Last Post: 10-17-2002, 06:03 PM
  4. Setting maxclients with apache
    By clocker1996 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 12-15-2001, 04:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts