Too many connections?

My site became unresponsive and wouldn't load at all, server time out.

The response from my host TMD Hosting was this.

I have checked the server and it seems that our monitoring system has blocked your IP address:

xx.xx.xxx.xxx (edited out but checked and IP was in fact mine)

in the server firewall. The issue appeared because more than 167 connections on port 80 were initiated from the above IP. Note that there is a limit of 20 simultaneous connections from a single IP.

They advised me to run an anti virus, scan but this turned up nothing.

Anyone had this trouble? This is the second time now this has happened in a month.

I use firefox with no additional plugins installed. ( another thought from TMD)

Dolphin 7.0.2

What could possibly cause this?

Check again with your host if your on shared hosting. They may have mod security up high and if you are shared you will not have access to disable it if thats what is causing the problem. This can happen when mod security is on and you are trying to edit from certain parts of admin like language settings.

Thanks, I'll look into that but at the time the site went unresponsive I was just browsing the site

with 2 other members online, no change or editing was taking place.

Also, the site is pretty well brand new and only has a couple dozen members so far.

I would suggest a different host. IMHO shared hosting and Dolphin just don't mix.....

It's not so much shared hosting, but who you go with. I'm on Media Temple's Grid-Service and have had no issues with Dolphin on it.

The problem is with tmd hosting. The will block your account for many reasons. I agree the best thing you can do is switch hosting companies.

We are facing this same issue right now.

So I decide to do a little research, and I start doing netstat -an | grep my.site.ip over and over from a terminal window.

At first I have no connections to my site's :80.

Then I pull up our main page and log in.

When I login, over 35 connections to the server:80 gradually appear in the netstat -an output.

That is, with one login on one tab, I use 35 connections.  So when we get a few people browsing our site from the same proxy, there can immediately be a huge number of connections.  So, why are there 35 connections coming from the main page after login?

Hmm...  Must be something doing some kind of Ajax monkey business.  Do I suspect the chat?  I'm still looking, but I figured I would post here in case anyone has some insight.  Something keeps retrying.  We are not using the RMS yet.  Maybe something related to RMS?  Hmm....

Thanks.  This is Dolphin 7.0.4.

I had exactly the same problem and response from TMD hosting .. it has been resolved now, they unblocked my IP address.

And i was the only one browsing my website (no members yet :) ).. but i had 3 windows open, all connected to my website. Which caused the many connections .. But 160 connections? I did nothing special, i dont have anything fancy installed, not chat etc.

Hi all,

this "too many connections" issue has been a mistery so far...

I have at least 3 posts in this forum regarding this issue or a similar situation (links bellow), but no clues, not from my hosting company, not from my Agent, not from the guys we hired to fine tune the server, not from anyone...I mean, there is "a clue", bot not a solution yet....

Now, we do have a great server, dedicadted. We have run tests using 1 pc to login and 1 to run the connections count using PuTTy access....upon just log in to the site, more than 100 connections open...Now, depending on how many users log in, at peak time, you can run out of RAM and the site stalls...it improved you you remove chat/IM and Spy, but hey, those are some of the functions that we consider essential...

If you have your firewall set to block concurrent connections, you will be blocked from your own server, so just add yourself to the white list, at least your IP will not be blocked....then look at the blocks in your firewall, we had IP's blocked with more than 1.000 concurrent connections...that is way too much...

http://www.boonex.com/unity/forums/?action=goto&my_threads=1#topic/98-Connections-Blocked-from-my-own-Server.htm

http://www.boonex.com/unity/forums/?action=goto&my_threads=1#topic/Will-unmodified-Dolphin-7-0-3-handle-4000-members-.htm

http://www.boonex.com/unity/forums/?action=goto&my_threads=1#topic/Server-Overload-too-many-concurrent-IP-connections.htm

There is also a very interesting thread here started by DosDawg, but unfortunatelly I could not find it, but maybe he cames to this post and helps with that. Sadly, as we spoke by PM, is that no-one at Boonex gets around to answer this questions...

Did anyone posted this issue in dolphin bug report before? Perhaps we should post it in that forum, and perhaps the boonex guys will pick it up ? :-)

To post as a bug we would need to be sure it is one...as I see, there are only a few complaints about this issue...maybe more feed back from others here would help clear this.

if you are on shared hosting, not much i can say, yes dolphin does work on shared hosting to some extent. not where i would recommend taking a production site to though. shared hosting is a good platform for setting up, testing, and development. VPS is better in that you are allowed SSH access and have more control over the servers resources that are allocated, but still liimited by what is allocated. That would be the reason why it is is highly suggested that you use a Dedicated Server for hosting a production Dolphin Environment. Not all can afford a dedicated server, and seems to be a constant struggle in trying to figure out how to get dolphin to run on a shared platform.

'

Ok for the TOO Many Connections

this is a server configuration situation where apache is not dropping the connections. Dolphin by default queries the database every n seconds. i have yet to figure out how to kill that, because even if we are not using chat | IM or any of the other features that seems to require the multiple updates from the database, we do still see the queries.

So your hosting service has setup where you are allowed x connections on port 80 to your site, from any one IP, so this could be problematic in that if the server config is not dropping the idle processes, they would appear to be connections, when in fact they are not, virtually connected.

sounds as if the server config is running mod_suphp and shows connections on port 80 from your IP address, which are in fact idle and the httpd needs to be tweaked to drop those connections which are idle. i had this problem some time back where i would have 500 open httpd connections, but they were all idle. this concerned me, not saying i had 500 from one ip address, but overall, 500 idle connections, just didnt go over good with  me.

as for too many connections from my own IP, i just tried to replicate that, and was unable to get more than 3 connections to show up.

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

that will show you how many connections were made on port 80 from each IP that has been logged on the server.

i know this was not much help, but i was asked to come read this and i have read it. i will if time permits today, look into this a bit more.

Hey guys... usually when large connection from internal ip is shown,, the website pages are using absolute path to access the files instead of relative path Dolphin uses absolute in most cases.
I tried to replicate also: netstat -an | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq -c shows max 30 connections 4 browsers open/ 4 pages  loading on each full boxes front page. No one but me develops at that pace lol

The only way I could get the connections to 250 is by downloading the modules folder using cuteftp.

Now, how I would love to just show 80 connections...lolll...

Just went to my server to pick the following example from my csf.deny tables (IP and net provider replaced by X):

XX.XX.XX.XX # lfd: (CT) IP XX.XX.XX.XX (XX/XXXXXXX/XX.XX.XX.XX.rev.vodafone.XX) found to have 634 connections - Wed Jan 26 12:17:50 2011

I do believe lots of them are the so called idle connections, as mentions by DosDawg (thanks for poping up by the way), but how do I manage to tweak my server or whatever, in order to have them closed before reaching this number?

We have replaced PHP Handler from SUPHP to DSO and Mysql_pconnect has been replaced by Mysql_connect (did not upgrade yet as we are keen on not sleeping for a week only 2 to 3 times a year...). We have some improvment on, at least, keeping the server up, but I would reallylike to have it fixed for good.

Regards,

I ran a packet sniffer to find just what is being requested in all these HTTP requests that are staying open to port 80 on our site.

$ sudo apt-get install sniffit
$ sudo sniffit -t site.ip.address -p 80 -a | tee sniffit.log

In another window, I setup a log of netstat -an in a loop running every couple seconds.

$ (while true ;
do echo "-----------------------------------------------------------------------" ;
date ;
netstat -an | grep site.ip.address ;
netstat -an | grep site.ip.address | wc ;
sleep 2 ;
done) | tee netstat.log

Then I worked the browser while watching the windows:

1. Begin with no connections.

2. Load main page, not logged in.

3. Connection comes, goes away, as expected.

4. Login to Dolphin.

5. Netstat log shows almost 40 simultaneous connections gradually established.

6. Connection count keeps changing between about 34 and 38 connections.

7. Logout.

8. Connection count gradually drops back to 0.

9. Repeat.  Same thing.

Then I stopped the logger windows and formatted the output of the packet through some awk to create a list of all our HTTP requests, 427 of them, sorted, grouped, and ordered by decreasing count.  Now a little light appears.

$ cat sniffit.log | awk '/G E T|P O S T/ {x=$0;getline;y=x $0;gsub(" ","",y);print substr(y,15)}' | sort | uniq -c | sort -r -n | tee sniffit.getpost.log

52 GET/2012world/modules/?r=simple_messenger/get_operation/new_m
36 GET/2012world/flash/XML.php?module=im&action=updateInvite&rec
6 GET/2012world/modules/aramis/gifts/templates/base/images/icon
6 GET/2012world/member_menu_queries.php?action=get_bubbles_valu
5 POST/2012world/member.phpHTTP/1.1..Host:sovereign-family.ne
5 GET/2012world/m/wbview/images/2012world.me.gifHTTP/1.1..Host
4 GET/2012world/modules/boonex/simple_messenger/templates/base/
3 GET/2012world/templates/tmpl_uni/images/spacer.gifHTTP/1.1..
3 GET/2012world//templates/base/images/vote_star_gray_16.pngHT
3 GET/2012world//templates/base/images/vote_star_active_16.png
3 GET/2012world//templates/base/images/tm_item_right.pngHTTP/1
.... (more, all 3 requests or less for each)

So, this is interesting.  The netstat log shows hovering around the 34-38 connection level.  And the sniffit log shows 36 requests of XML.php.  Coincidence?  I think not.  So finally we have a direction to research the problem of this discussion thread further.  I'm going to go find the Dolphin module(s) that is (are) requesting this XML.php, and we will see if our Dolphin is doing everything it can to cleanup.  The administrators at TMD believe their Apache is correctly closing on their side, but I have not showed them the sniff results.  So we shall see, rabbit.  We shall see.

@SFNP i do not think that the requests are the problem on the xml.php we have all been around and round about the XML.php file that fires ever n seconds. I have twisted and turned my servers upside down trying to resolve that one and it doesnt go away. If you have firefox you can watch the requests, at one point the big issue with me was XML.php was hammering the CPU.

also do you show that many connections from ssh TOP, because i think something could be going wacky with your CSF. as Darren has stated, its hard to get that many connections coming from your own IP address.

As expected, apart from Magnus poping in...no one from Boonex is addressing this issue...

We still get  at least 5 IP blocked permanently in our firewall everyday (I am not even counting the temporaries).... would love to know what is causing this, something specific on our site, some scripts running, some combination of modules...

I tend  not to like things with no apparent reason...they  always came back to bite you someday...

Anyway, thanks to all that send the info on the connections, special thanks to DosDawg...one day, when we least expect, we will have an answer ...lollll

Same with me.. i got same issue

Hi,
been a year now but giving this a bump since I am experiencing the same problem with my IP being blocked by host due to to many connections.

Actions and members being minimal.

Are there actions that we could recommend hosting company to do?
Is there something that should be changed in Dolphin script from our side?

It's not just TMD hosting.  I am using hostforweb which supposedly is a preferred Boonex host provider.  I have the same issue with 7.0.9  If I start using my dolphin install much at all I get blocked from hostforweb and can no longer access my server for 30 minutes.

When I contacted their support, they didn't believe all I was doing was logging into and using dolphin.  They were sure I must have a mis-configured ftp client running.  But, all I was doing was using dolphin.  If my wife and I both try to login to dolphin at the same time from our IP it happens very quickly.  When we first installed dolphin we could both be logged in and chat with each other at the same time no problem.  Not now.  I assume one of the modules we turned on is misbehaving.  I just don't know which one.

The Hostforweb support said we were using 127 connections from my house IP before we got blocked by the firewall.  Clearly that isn't right.  Hostforweb didn't have any ideas how I could reconfigure my dolphin install to not hog connections.  So, unless one of you know of a fix for this, my Dolphin install is hosed.  That means my users are having the same problem and getting blocked.

@ nwnookie....

I do not believe it is modules, but we can trade info on which modules we have by PM; we are running an older version of Dolphin and had expectations that the upgrade would solve our problems...apparently it is not going to...

Just logging in, and using Putty to monitor it, we detected around 250 connections that would then decrease.

We solved the problem by setting our firewall to block IP only with more than 500 connections. Site runs fine, although a bit slower at peak time. I believe this will temporarily solve your issue. You the have to look at your server nstallation, and probably add more RAM as your site grows. LiteSpeed is also a must if you plan on having more than 100 online users.

Hoping to have helped...

@francisca_carv

Thanks for the reply!  Unfortunately since I'm using a dolphin shared server hosting package, they won't up my connections on the server.  But, to me it seems like poor programming for an application to need up to 500 connections for one user.  We only have about 16 members right now.  Just my wife and I together were using 127 connections for our IP only.  So, even with 10 users that would be a ridiculous amount of connections needed.

To me this seems like a bug.  A properly written app shouldn't require more than a few connections per login.

I do have an idea though.  Right now, I have the RMS unchecked, yet the chatting still works.  I'm not sure how or why since my hosting provider said there is no RMS setup on that server.

They have given me access to a shared RMS server, so tonight I will try turning that check mark on and putting in that IP address.  That way at least connections for chat, spy etc will go through a different IP address than my web server IP address.  So, while it may use the same amount of connections at least it would only block us from chat then, instead of our entire web server.  I'll give it a shot tonight and see if it works any better configured that way.

I use TMD Hosting and have only had a "Too many connections" issue once... when I was logged in with 5 different browsers at one time to run some tests.  I emailed TMD and asked them to increase my personal IP's access limit to allow for several browsers... no problems since then.  Note that I do not have Chat or Wall setup.

Oh, interesting... I do have the chat and the wall features turned on.  Maybe I'll try my luck with a different support person and see if I can convince them to up my connections for my own personal ip.  The guy I talked to said he couldn't do that because it was a shared server.  But, of course that would only solve the problem for me, not my users.  I have several couples on my site and they could both be logged in separately on two different computers at the same time from the same home IP address.  I just don't want my users to experience the problem.  

I could be off base but I think this is two different issues. Dolphin does use persistent Mysql connections so there will be several connections to the database at once.. but I think the real problem here is that HFW has their security software setup to block someone with a very small number of connections.

I used them years ago and I would get blocked if I tried to check my email while I was connected to FTP at the same time. I had to contact support constantly to have them unblock my IP and sometimes I wouldn't even be using my site at the time. I don't think the number or modules or what you're doing on the site is the problem.

Interesting idea, I have had more than my share of problems with them so far.  Network outages etc.  One thing that's interesting though is that they emailed me the log from the firewall and it showed I was using 127 connections on the firewall and that's why I got blocked(but all I was doing was using dolphin).  127 does seem excessive for one logged in user to be using, so I'd have to begrudgingly agree with them there.  I wish I could make dolphin  use less!  Hopefully the changes I plan on making to the RMS tonight will help some, we will see!

 I think you  right here Mscott, I was working on a site yesterday, not sure of their hosting company, where  their host was blocking my IP each time I opeednmy FTP program, with the browser open.

 I agree... I'm sure it was TMD's security system that was triggered... DOS protection.

Ok, so here's an update.  I turned off some of the flash modules I didn't need that somehow had gotten turned on, the whiteboard and desktop modules.  That helped.  Before I did that every time I would click chat it would start to connect then the firewall would block me.  After turning those off I was able to chat with my wife using the same IP address in our house.

Next I setup the rms server so I could get access to video chat.  And that worked ok.  But once I started testing the video chat, I got blocked again after about 1 minute of video chat.

This time support said I was using 113 connections on the server. Anyways, they whitelisted my ip address so now I can hit the server as hard as I want without getting blocked from my home IP Address.  That of course doesn't help my users.  So, I had to warn my users that if they are doing lots of video chat, or if they are a couple under the same roof using the same IP and trying to log in and use dolphin at the same time from two different computers that they might get blocked for 30 minutes.

Aside from getting a VPS or dedicated server I don't think there is any other solution to this problem as dolphin just uses hundreds of connections and shared servers (even boonex 'certified' ones like hostforweb) don't allow that many connections.

It is a free local site for my community and I don't have enough users to justify the huge costs of vps or dedicated server.  So, we will just live with occasional blocks from the firewall for now.

I hope that helps a few of you who are trying to use dolphin on a shared server while using alot of the flash apps. Just know you may have problems and turn off any ones you aren't using.   nwnookie.com