How to Modify CloudLinux LVE Limit

I’m using CloudLinux as server OS in OnApp Cloud Platform. Although I’m the only user in the server, I like CloudLinux for system stability as my website regularly under DOS/DDOS attack. However, I would like to use the resource as much as possible & not the default setting.

The best way to control LVE limits is using LVE Manager or lvectl command line tool. The limits are saved in /etc/container/ve.cfg. In other word, we can modify this file directly to modify limit.

Below is the sample of ve.cfg

<?xml version="1.0" ?>
		<cpu limit="25"/>
		<ncpu limit="1"/>
		<io limit="1024"/>
		<mem limit="262144"/>
		<other maxentryprocs="20"/>
		<pmem limit="262144"/>
		<nproc limit="0"/>
	<lve id="501">
		<cpu limit="95"/>
		<ncpu limit="4"/>
		<io limit="102400"/>
		<mem limit="524288"/>
		<other maxentryprocs="100"/>
		<pmem limit="524288"/>
		<nproc limit="100"/>

For the user id, 501 the resource allocated is as follow

<cpu limit="95"/>			-> CPU usage limit is 95%
<ncpu limit="4"/>			-> Number of CPU limit is 4
<io limit="102400"/>			-> IO limit is 102400 kB/s
<mem limit="524288"/>			-> Virtual memory limit is 524288 kB
<other maxentryprocs="100"/>		-> Number of Entry Processes limit is 100
<pmem limit="524288"/>			-> Physical Memory limit is 524288 kB
<nproc limit="100"/>			-> Number of Processes limit is 100

How to find IP Address that Launch DDOS Attack

If your VPS or server load suddenly increases much higher than normal, it could be a DDOS attack.

To find out which IPs did that do the following,

Option 1 :- If you know which domain is attacked. SSH to your server & issue the following command. Make sure you replace “DOMAIN” with your domain name. If you are using cPanel/WHM and the domain is not the primary domain, normally it will be the sub domain of the primary domain.

less /usr/local/apache/domlogs/DOMAIN | awk '{print $1}' | sort | uniq -c | sort -n

Option 2 :- If you don’t know which domain is attacked. SSH to your server & issue the following command. Option 1 if preferable especially if your server is very busy has many domain. It will take quite sometimes to process the log file. You can check by issuing “top -c” command to find out which domain consume the most resources.

less /usr/local/apache/logs/access_log | awk '{print $1}' | sort | uniq -c | sort -n

Both of the option will give the ip and number of connections in the descending order. For example:


In the above case we can see too many connections from those ips and it is abnormal. You can block these ips in the firewall such as ConfigServer Firewall (“csf”).