Syn Packets

netstat -s |grep “listenqueue overflows”
Too many connections in the state “SYN_RECEIVED” could indicate that the system is being attacked.

I'll give that a shot the next time we go down for the count. Thanks, Jason!

Chris, as you move up the food chain and become more widely known you're going to experience more and more of these things. Now would be a good time to start looking into firewalling and protecting yourself and your sites from these knds of things.
The price of fame? :)

Fame is frustrating. :) Again, an attack is still speculation at this point. It could very well be an internal bottleneck, in which case we'll have to find a few mirrors to defray the load.

You should have your sysadmin (if u can find him) do a few minor things. You can runa cronjob every few minutes and cat that netstat output to a file so you can backtrace it and see what's happening right before the crashes. That coupled with the Apache watcher I sent before should keep you at least up and running. If you can target a specific IP or block of IP's you should be able to deny them access with TCP wrappers which you should be using already. If not get that installed ASAP. You should get a security expert to do an audit of your system and plug any holes you got happenin. Hell, Kevin Poulson and Kevin Mitnick are in the studios for the Screensavers every other week. I'm sure they can give you some good advice ;-)

I hate it when that happens, I mean when I get locked out from valuable pieces of wisdom when I need them most. Ripping out their toenails is too nice.