Linux Security tests
I would do the following:
1. Upgrade the kernel. The one you are running is slow, has bugs and has security vulnerabilities
2. Make sure you are an up to date compilation of httpd and php (i.e. rebuild it through WHM).
3. Check in WHM > Apache Status to see what the children hogging resources are doing
4. When the server is under load, run the following to see if you’re getting DOSed from a single IP address:
netstat -autpn | grep :80
If you are, install an iptables firewall (e.g. APF wth anti-dos enabled and BFD installed) and block it. This would be a good idea anyway.
5. Install mod_dosevasive and mod_security
1) WHM > Security > Modify Apache Memory Usage
2) I upgraded the kernel
3) Installed Apache mod_security
4) I had AFP installed (before)
So far is running Ok, I hope this solves the problem.
Steps to diagnose:
1. Enable hotlink protection on a site
2. Try and load a file from that site.
3. If the apache thread hangs, and you never get the file then you’re likely to have the same problem as me. You’ll notice in top that there’s an apache thread using around 25% CPU.
1. Comment out mod_rewrite from your httpd.conf
2. Turn off hotlink protection on the site.
3. Restart apache.
4. Try and reload the site, using the URL you used before. If the file loads then I’d say it’s definitely the same problem.
You can verify by;
1. Uncommenting mod_rewrite again in the httpd.conf
2. Turn on hotlink protection.
3. Restart apache
4. Change RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC] to RewriteRule .*\.(bmp|jpg|jpeg|gif|png|test)$ – [F,NC] (leaving the URL that’ll be there in).
5. Try and load the file, if it doesn’t load, bingo, come back here screaming you have the same issue as me.