The Linux Kernel interpretated a very high volume of real traffic as a DDOS attack so it basically ends up blocking your web server.
possible SYN flooding on ctid 42131, port 80. Sending cookies.
Simple fix edit sysctl values for max_syn_backlog
sysctl -w net.ipv4.tcp_max_syn_backlog=5000
To make them permanent edit /etc/sysctl.conf
echo "net.ipv4.tcp_........
Errors like this are shown on high usage servers and ports so it is common to see it on http and even imap ports:
possible SYN flooding on port 80. Sending cookies.
The Linux kernel will even detect flooding on OpenVZ containers:
possible SYN flooding on ctid 6000, port 993. Sending cookies.
In many cases this is not an issue and is more so simply a result of regular, but high usage traffic.........