After a few hours of testing and being desperate, I'm now 100% convinced some jerk is DDOSing our site (
www.freelanc3r.org), the access log shows this:
82.168.40.249 - - [04/Jan/2008:07:34:43 -0800] "GET /main/index.php HTTP/1.1" 404 290 "-" "Jakarta Commons-HttpClient/3.1"
82.168.40.249 - - [04/Jan/2008:07:34:43 -0800] "GET /main/index.php HTTP/1.1" 404 290 "-" "Jakarta Commons-HttpClient/3.1"
82.168.40.249 - - [04/Jan/2008:07:34:43 -0800] "GET /main/index.php HTTP/1.1" 404 290 "-" "Jakarta Commons-HttpClient/3.1"
........ etc
for about 1000x times
In the error log I find the error appearing suggesting me to higher the MaxClients value:
server reached MaxClients setting, consider raising the MaxClients setting
Well the site is completely down (I can access FTP, database, plesk etc) however in PHPMyAdmin on the "Processes" page I clearly see someone is still sending queries to the site.
I highered the MaxClients value to 256 (it used to be 10) which caused him to open even more connections with our site and resulted in our memory usage & cpu usage raising to 100%, and also suddenly the list on the "Processes" page on PHPMyAdmin shows about 10 pages full of processes.
Anyone who knows how to deal with this situation? Our site is offline for about 4 hours so far, any help appreciated.
Dilber MC Theme by HarzeM