Dedicated Server

How to Modify CloudLinux LVE Limit

0 comments

CloudLinux

, , ,

I’m using CloudLinux as server OS in OnApp Cloud Platform. Although I’m the only user in the server, I like CloudLinux for system stability as my website regularly under DOS/DDOS attack. However, I would like to use the resource as much as possible & not the default setting.

The best way to control LVE limits is using LVE Manager or lvectl command line tool. The limits are saved in /etc/container/ve.cfg. In other word, we can modify this file directly to modify limit.

Below is the sample of ve.cfg

<?xml version="1.0" ?>
<lveconfig>
	<defaults>
		<cpu limit="25"/>
		<ncpu limit="1"/>
		<io limit="1024"/>
		<mem limit="262144"/>
		<other maxentryprocs="20"/>
		<pmem limit="262144"/>
		<nproc limit="0"/>
	</defaults>
	<lve id="501">
		<cpu limit="95"/>
		<ncpu limit="4"/>
		<io limit="102400"/>
		<mem limit="524288"/>
		<other maxentryprocs="100"/>
		<pmem limit="524288"/>
		<nproc limit="100"/>
	</lve>
</lveconfig>

For the user id, 501 the resource allocated is as follow

<cpu limit="95"/>			-> CPU usage limit is 95%
<ncpu limit="4"/>			-> Number of CPU limit is 4
<io limit="102400"/>			-> IO limit is 102400 kB/s
<mem limit="524288"/>			-> Virtual memory limit is 524288 kB
<other maxentryprocs="100"/>		-> Number of Entry Processes limit is 100
<pmem limit="524288"/>			-> Physical Memory limit is 524288 kB
<nproc limit="100"/>			-> Number of Processes limit is 100

How to find IP Address that Launch DDOS Attack

1 comment

Apache, Configserver Firewall, cPanel/WHM, Linux Server

, , , ,

If your VPS or server load suddenly increases much higher than normal, it could be a DDOS attack.

To find out which IPs did that do the following,

Option 1 :- If you know which domain is attacked. SSH to your server & issue the following command. Make sure you replace “DOMAIN” with your domain name. If you are using cPanel/WHM and the domain is not the primary domain, normally it will be the sub domain of the primary domain.

less /usr/local/apache/domlogs/DOMAIN | awk '{print $1}' | sort | uniq -c | sort -n

Option 2 :- If you don’t know which domain is attacked. SSH to your server & issue the following command. Option 1 if preferable especially if your server is very busy has many domain. It will take quite sometimes to process the log file. You can check by issuing “top -c” command to find out which domain consume the most resources.

less /usr/local/apache/logs/access_log | awk '{print $1}' | sort | uniq -c | sort -n

Both of the option will give the ip and number of connections in the descending order. For example:

.....
.....
.....
.....
17843 56.51.155.156
19234 66.156.66.266
234578 156.56.16.76

In the above case we can see too many connections from those ips and it is abnormal. You can block these ips in the firewall such as ConfigServer Firewall (“csf”).




From the Blog

  • Recent
  • Popular
  • Favorites