When our users are refreshing the Moodle webpage very fast multiple times the Moodle website freezes due to many database connections. Note it is a school so users will try to break this server into pieces.
This happens when users are keep refreshing the Moodle website.
Piece of netstat -ap
unix 3 [ ] STREAM CONNECTED 168365 11128/apache2
unix 3 [ ] STREAM CONNECTED 168343 2192/mysqld /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 168342 11114/apache2
unix 3 [ ] STREAM CONNECTED 168341 2192/mysqld /var/run/mysqld/mysqld.sock
unix 3 [ ] STREAM CONNECTED 168340 11113/apache2
unix 3 [ ] STREAM CONNECTED 168319 2192/mysqld /var/run/mysqld/mysqld.sock
These connections will grow on each attempt to refresh the website. After a certain point the Moodle webserver thinks its enough and it wont show the Webpage until all connections are closed (this takes minutes )
What are the necessary steps to solve this problem.
Thanks in advance,
This is a human as much as a technical issue and I recommend getting the usernames/ip addresses and explaining in a very direct and forceful way the error of their ways. However you might also gain some benefit from mod_evasive which is primarily a devense against denial of service attacks.
thank you for you response.
I tried the mod_evasive but for some reason i can't get it work in the right way for the moodle webpages. I also tried mod_security with the same outcome as mod_evasive.
When i take some simpel fast webpage where no connections are made the mods works fine. It blockes the IP's as it supposed to do.
But on the moodlepages the mod is not blocking the ip addresses fast enough before the mysql sockets connections getting overrun by those connection requests.
Does appache have some built-in way to limit the amount of connections to one website based on IP's ?
Error: Database connection failed
It is possible that the database is overloaded or otherwise not running properly.
I solved the problem with ip-tables there is a option to limit the connections from 1 ip per second.
Using ip-tables to block these requests is a nice trick!
Still I wonder whether all Moodle servers are vulnerable to this 'attack' or your Moodle instance has some weakness which makes it vulnerable, for example a very slow database backend. What is your hardware?
BTW do you run the DBMS on a virtual machine?
Yes i run it on a virtual machine don't know the exact hardware but it's shared among other idle servers.
Using vmware vsphere And i think some intel xeon 3ghz processor a few GB ram and enough disk space.
Our current Moodle version is 1.9
When i tried to find a solution to this problem i also made a local virtual machine on my notebook using vmware workstation 7. and just the default installation settings from http://docs.moodle.org/en/Debian_GNU/Linux_installation
I gave it 2 processor cores & 2Gb ram of my T9400 2.52Ghz DDR2-800 4Gb
I got the same problems using the latest Moodle version with a empty database and clean install.
> Using vmware vsphere And i think some intel xeon 3ghz processor a few GB ram and enough disk space.
I remember discussions in this forum where there were very poor performance was reported for DBMS under VMware. Some were very old, you'll have to run a search.
Here is a sample: http://moodle.org/mod/forum/discuss.php?d=146521