1

This is the script, it comes with mod_evasive:

#!/usr/bin/perl
#test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;

for(0..100) {
   my($response);
   my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
                               PeerAddr=> "MY_IP:80");
   if (! defined $SOCKET) { die $!; }
   print $SOCKET "GET /?$_ HTTP/1.0\n\n";
   $response = <$SOCKET>;
   print $response;
   close($SOCKET);
}

If I run this script in my PC, replacing "MY_IP" with the ip of my VPS (openVZ, 3 CPU cores 2.53Ghz, 1Gb ram), the CPU load in the server increases really fast. If I run 3 or 4 instances of the script at the same time, CPU load reaches 100%. Once the scripts are stopped, CPU usage comes back to 5-10%.

Is it normal?? CSF is installed, and it blocks IPs with more than 300 connections, but it doesn't seem to block this script. If I check netstat -n | grep MY_PC_IP, I never see more than 30 or 40 connections, even when running the scripts.

If you run the script against your site, does the CPU usage increases? What's wrong with my server or apache?

Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148

1 Answers1

1

How is having 100% CPU load an issue? Your script has no timeouts, so obviously it will fully load the target server. 100% CPU usage doesn't mean the server is dying, merely that it is working. Does the server actually become unresponsive or does it crash?

Bruno Rohée
  • 265
  • 1
  • 8
  • if I run the scripts during some minutes, page load becomes really slow, ssh becomes slow, RAM usage increases too, and sometimes, apache restarts, or even the whole server restarts. Is it normal to crash a server with that script? I have set Max_Clients (apache2 config, prefork) to 70, cause if I set it higher, ram disappears. –  Aug 30 '11 at 16:51
  • If you crash the server something is pretty wrong with its configuration. You should set your limits low enough that it doesn't happen. It's a lot better to reject some connections than to crash. – Bruno Rohée Aug 30 '11 at 22:34