All Http Requests To My Server Redirected
Oct 8, 2007
There seems to be some problem with my server, none of the websites hosted on my server are accessible, the http requests either return a blank page or a page with a red quare on the upper left hand corner.
I am not sure if this is some kind of infection or DNS problem or a problem with memory apache is taking up
as i have thousands of virtualhost entries in my access log accumulated over the years out of which only a few 100 websites i am serving presently, but never deleted the non-exitent virtualhost blocks.
At times the websites are opening but most of the times they are not. And when they do not open my http requets are not logged in apacha access log.
Even the customers have reported the same problem.
Also, just four days back i had a strange issue where all
http requests to my server would take me to [url].
I can SSH to server, and everything else is working fine.
View 3 Replies
ADVERTISEMENT
Jul 24, 2009
When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
View 14 Replies
View Related
Jun 4, 2009
My Linux Server's Http Daemon (Apache) would stop serving websites ever so often, as soon as apache is restarted the error fixes iteself only to resurface within few hours.
The apache process would still be running i.e. apache does not die but no websites hosted on my server would be accessible from browser. And when this happens the apache logs do not log any http requests.
Instead when this happens all http requests to my server would be redirected to some weird Trojan website and my Norton Antivirus would show an Alert/Warning, for example;
"Browser exploit at www.xxx.xxx was blocked"
Risk Name: MSIE WebViewFolderIcon ActiveX Control BO
or another error like;
"Auto-Protect has detected Trojan.Fakeavalert".
At first i thought the problem could be with my Laptop/ISP so i logged on to the server via SSH and opened try to open a website using command line "lynx mywebsite.com" and it shows following error;
"Alert!: HTTP/1.0 503 Service Unavailable".
Now if i assume my laptop were to be infected, then as soon as i restart my apache and visit mywebsite.com eveything returns to normal with no such warnings. Why do i see those norton error messages only when apache is down with 503, and when apache is down with 503 how come the http requests always get redirected to some suspicious websites and nothing gets logged in apache error log?
I think my server is being attacked causing http to get unresponsive and thereafter http requests to my server are redirected to some malicious website, is this correct?
Also, i suspect this is a php script exploit as some customers have reported that google have blocked their website due to security reasons, i found <iframe> tage inserted in some php pages which i fixed.
Also, another thinh i noticed;
when apache responds with the 503 it is referencing PHP 5.1.4 in the header response:
[root@]# curl -I xxx.xxx.xxx.xxx (my server ip)
HTTP/1.0 503 Service Unavailable
Server: Apache
X-Powered-By: PHP/5.1.4
Retry-After: 20
I am running PHP 4.3.9m why does apache responds with PHP 5.1.4 when this 503 error surfaces?
Also, since my apache was dowan with 503 error a customer mailed in today saying;
"It seems that my site www.xxxx.com is regularly down, and the winlogon virus is involved."
I suspect this is again due to the fact that http requests start getting redirected?
View 3 Replies
View Related
Apr 20, 2005
I set up a cron to run every minute & I'm running a PHP script by way of cron like
wget http://example.com/some_script.php
Now does each request of Cron is a seperate HTTP Request or what? Say my script takes more than 1 minute to execute completely but before its completed, its called again. So, will that effect the PHP script running because of previous HTTP Request or will it create a new HTTP Request & let the previous request finish its operation? Technically, it shouldn't block/affect the previous request, but I'm not sure!!
View 6 Replies
View Related
Jan 12, 2008
Quote:
netstat -anpl|grep 80|grep 74.xx.179.xxx|wc -l
990
I observed too many http requests into the server, so just wonder how your guys twaek server to accept over 1000 request and more?
View 8 Replies
View Related
Jan 19, 2007
I have a guy who can't get to any of the 100 or so virtual hosts on my RHEL3 server.
It's running the latest Apache RPM from RedHat. I also have mod_evasive and mod_security running.
Here's what I know. The guy *CAN* connect via SSH and FTP. The guy *CAN* see the default web page when he hits the IP in his web browser (e.g. he types [url]into the address bar on IE). But when he uses any of the host names on the server he *CAN NOT* see anything. He gets timeout errors.
His IP in NOT in ANY error logs, it's not in mod_evasive or mod_security, it's not in IPTABLES, it's not anywhere I can see.
I must be missing something. Anyone have any ideas?
What would be in front of Apache blocking his requests?
View 5 Replies
View Related
Jun 24, 2007
I want to block all http requests coming to my website via proxy. Is there any way/script to achieve this on the server?
View 5 Replies
View Related
Jun 22, 2007
I just deleted all the files in my public_html directory and uploaded Joomla ready for installation.
But now when I go to www.mysite.com I immediately get redirected to www.mysite.com/installation/index.php and I get this error:
Quote:
Not Found
The requested URL /installation/index.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
What is going on? I'm baffled!
View 4 Replies
View Related
Jun 28, 2007
I have a situation where if domain2 or domain3 is offline, people visiting them will get redirected to domain1 (since domain1 is the top of the hierarchy in the virtualhost). If I type in the IP address 11.22.333.44, I get redirected to domain1. I don't want this to happen. I rather have it show an error page or something instead. Am I missing anything? Here's the sample from my httpd.conf file:
Code:
NameVirtualHost 11.22.333.44
<VirtualHost www.domain1.com>
DocumentRoot /home/domain1/public_html
ServerName domain1.com
ScriptAlias /cgi-bin /home/domain1/public_html/cgi-bin
</VirtualHost>
<VirtualHost www.domain2.com>
DocumentRoot /home/domain2/public_html
ServerName domain2.com
ScriptAlias /cgi-bin /home/domain2/public_html/cgi-bin
</VirtualHost>
<VirtualHost www.domain3.com>
DocumentRoot /home/domain3/public_html
ServerName domain3.com
ScriptAlias /cgi-bin /home/domain3/public_html/cgi-bin
</VirtualHost>
View 1 Replies
View Related
Jul 25, 2008
my server is still effed up from the MPack attack that I received.
I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?
72.233.79.2 (malwarebytes.org) Server Log:
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/errors.php?error=[url][unique_id "tNAGeH8AAAEAAEsfD7wAAAAO"]
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/forums/errors.php?error=[url][unique_id
"tNAPAn8AAAEAAD7mqWQAAAAl"]
[url]is the RKHunter scan log
[url]is the ChkRootKit scan log.
I'm going through this thread right now:
[url]("How-to detect a possible intruder?") and I've come across a handful of hidden directories:
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xh
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xhide.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/convertxdccfile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_admin.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_dccchat.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_display.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_main.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_md5.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_misc.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_statefile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_transfer.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_upload.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_utilities.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/convertxdccfile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_admin.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_config.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_dccchat.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_defines.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_display.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_globals.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_headers.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_main.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_misc.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_statefile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_transfer.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_upload.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_utilities.c
I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do:
rm -fr "/arcade/images/. /"
and then locate ". "
I still get:
/home/mifbody/public_html/vbulletin/adserver/banners/.
/home/mifbody/public_html/vbulletin/alice/src/admin/.
/home/mifbody/public_html/vbulletin/arcade/images/.
View 2 Replies
View Related
Apr 12, 2014
I've spent the last several months working on a huge upgrade of a couple dozen websites. The upgrades include modifying Apache so that visitors who arrive at links pointing to mysite/World/New_York are redirected to mysite/world/new-york. In other words, all my links now default to lower case, and underscores are replaced with dashes.
Unfortunately, publishing it has been an endless series of disasters. My websites are now all crashed, and the server is unbelievably slow. It takes pages forever to load (if they load at all), and I can scarcely publish files online.So the following notice sent to me by my webhost got my attention.
IT appears your own server IP is making GET requests to Apache, causing excessive loading and causing service failures. On today's date, your IP made almost 6,000 connections to Apache:<br><br>
[root@host ~]# grep 64.91.229.106 /usr/local/apache/domlogs/mysite.org | wc -l 5924 [root@host ~]#<br><br>
These were all the same request:<br><br>
64.91.229.106 - - [12/Apr/2014:08:10:10 -0400] "GET /404.php HTTP/1.0" 200 14294 "-" "-"<br><br>
And that made up the total of requests:<br><br>
[root@host ~]# grep 64.91.229.106 /usr/local/apache/domlogs/mysite.org | grep "GET /404.php HTTP/1.0" | wc -l 5924 [root@host ~]#<br><br>
View 1 Replies
View Related
Jul 4, 2013
I am using mod_auth_form.For security reasons, I would like to ensure that users are ALWAYS redirected to the page specified in AuthFormLoginSuccess Location after a successful login. Therefore, I would like to disable processing of the httpd_location form parameter.
The best I can do seems to be to use AuthFormLocation to set the field name to a hard-to-guess value, e.g. AuthFormLocation "32 b63 a#ve"
View 1 Replies
View Related
May 8, 2007
I host my DNS with DNSmadeeasy.com , I noticed that I have daily more than 350.000 DNS requests for main domain, This domains got about 80.000 uniqes/day, so this is strange how can there be 350.000 DNS requests/day. Seems that I'll go over the quota because of this.
The TTL for all domains is set to 86400.
Is there a way to discover how its possible ? And also is there a way to do something to make this number lower (DNS requests)
View 1 Replies
View Related
Apr 20, 2008
Where is a server's IP address for outgoing requests set? e.g. if a script on the server fetches ip-address.com, the IP that is identified there. A server may have multiple IPs pointing to it, but there's only one that outgoing requests are funneled through. I've tried changing "Main Shared IP" in WHM, but that doesn't seem to affect this.
Is this set server-side, in some setting file - or is this a datacenter thing?
View 9 Replies
View Related
Jan 19, 2008
I currently have a web VPS hosted with FDCServers.net and after 5 days of switching to it i am getting massive HTTP requests. When i login to WHM and hit apache status i have many requests per second by multiple IP's that are going to pages that simple don't exist. Currently my hostname for the server is set at web-01.optical-hosting.com which is what the requests are being sent to. I am also having a DNS issue because when i put http://web-01.optical-hosting.com in the web browser it displays the first account's site under "list accounts" in cpanel. Can someone please help me fix both of these issue's? i will post an apache log in a second post as it is long. Also, these are from overseas. please someone help me with this i have Aim and Msn.
View 4 Replies
View Related
Dec 3, 2007
An user is reporting this error receiving emails:
451 - The server has reached its limit for processing requests from your host
I've searched for this error message but haven't found much info
View 3 Replies
View Related
Mar 27, 2013
I'm running Apache 2.4.4 on Windows Server 2008 R2. It's already happened many times that Apache stopped responding to requests. The last entry in the error.log:
[Wed Mar 27 06:22:07.043600 2013] [mpm_winnt:notice] [pid 1736:tid 256] AH00354: Child: Starting 64 worker threads.
[Wed Mar 27 06:52:34.521200 2013] [mpm_winnt:error] [pid 1736:tid 1656] AH00326: Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
View 1 Replies
View Related
Jan 31, 2008
Yesterday I installed tomcat on a RHEL 4 + cPanel and httpd 2.0.63 server using easyapache3, process was ok, jsp pages are loading fine using http://site.com/example.jsp , but servlets, are not working using http://site.com/example, how ever, if I load http://site.com:8080/example it loads the servlet perfect.
I read something about redirecting all traffict from port 80 to 8080, but you know.. this is a shared server, and that would affect all customers on the server.
So, mod_jk seems to be the only solution, now I read many documents over the web, but no one seems to be working to configure apache2 and mod_jk that is installed using easyapache3 script.
In my httpd.conf file, i have this:
LoadModule jk_module modules/mod_jk.so
Include "/usr/local/apache/conf/jk.conf"
At jk.conf i have this content: ...
View 5 Replies
View Related
Jun 1, 2007
my friend's server is being attacked, the http processes shoots up causing the server load to go above 200 in minutes of starting httpd which causes server to die.
this is how the apache web server's access_log would log a normal http request;
------------------------------------------------------
"xx.xxx.xx.xx - - [01/Jun/2007:22:13:21] "GET /folder/name.gif HTTP/1.1" 200 877 [url]"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
------------------------------------------------------
Today when the http load increased we saw hundreds of following requests;
------------------------------------------------------
"xx.xxx.xx.xx - - [01/Jun/2007:22:13:21] "GET /? HTTP/1.1" 200 16305 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
------------------------------------------------------
You see the difference between a legitimate http access log entry and the above one is that the legitimate one shows the filename(GET /folder/name.gif) and domain name being requested whereas the second one shows ("GET /?")
Above requests continously originate from 30 to 40 different ip addresses. Most of them russian ips, and many form US and canada to.
When i do a grep "GET /?" in access log there are thousands of these which started just today.
I cannot block each ips because i feel they have hundreds of IPs to initiate these requests from.
View 14 Replies
View Related
Oct 21, 2007
I am trying to install a FTP Server in my computer so that I can simply login into my own computer to grab important files at work... since carrying laptop and loosing flash drives are becoming annoying .
In my home computer I have Linksys Router, and Verizon as my ISP (blocks port 80, 21 I believe).
Since Verizon blocks those ports the configuration has become a nightmare.
Using BulletProof FTP Server I made the FTP Server listen to port 5000. And in my router's forwarding section I opened the port 5000, and made it listen to 192.168.1.100 (Port Range Forwarding, TCP UDP both).
I did the same for my Apache server and made it to work with port 443.
When I access [url] the web server loads up fine.
But when I try [url] it doesn't load up, where 1.2.3.4 is my IP.
When I visit just my IP in the web browser, it loads up the Router Configuration page.
And the FTP server doesn't connect when I try with the
View 1 Replies
View Related
Aug 1, 2009
If i put domain.com on uptime checker,and downtime is detected,downtime will be reported if dns is down or if http server is down.So question is what i need to do to see what exactly went down?For network uptime i can ping ip adress,but for these two i really don't know.
View 3 Replies
View Related
May 11, 2009
I need to find out what would be the best software to run an image website for one of my clients, there is only one domain so I've considered using LiteSpeed Standard (Free)... What server do you think would be the best?
All I need is PHP support for the image viewer software.
Apache
Lighttpd
LiteSpeed
nginx
View 14 Replies
View Related
Mar 10, 2008
I've setup a dedicated server that is currently running with a domain bound to it. However this time I want to setup a centos 5.1 + latest apache 2 + bind 9 server that can only be connected to by IP address and doesn't have a domain name. So what do I need to modify in the below files to do so:
First of all will I even need bind at all? I already have it setup and (mis-)configured but I guess if I don't need it I can just take if off of autostart and stop the process "named".
Named.conf
options {
pid-file "/var/named/chroot/var/run/named/named.pid";
directory "/var/named/chroot/var/named";
query-source address * port 53;
allow-query { any; };
allow-transfer { };
recursion no;
notify no;
version "unknown";
};
logging {
category default { null; };
};
zone "server.domain.com" { type master; file "server.domain.com.db"; };
I don't even want the zone have domain.com in its name but that's just there so I could show you how I'd include server.domain.com.db.
server.domain.com.db
$TTL 14400
@ IN SOA ns1.domain.com. root.server.domain.com. (
2007052503
14400
3600
1209600
86400 )
server.domain.com. 14400 IN NS ns1.domain.com.
server.domain.com. 14400 IN NS ns2.domain.com.
localhost 14400 IN A 127.0.0.1
www 14400 IN A 78.129.174.164
I'm not sure what to do about those references to domain.com here, they shouldn't be needed but without them I don't know what to put here. ^^
Obviously I can't use those nameservers...
resolv.conf
nameserver 127.0.0.1
nameserver 78.129.143.155
nameserver 87.117.198.200
nameserver 87.117.196.200
The only thing missing from this file is "search domain.com" at the top, is that needed even though I won't really have any domains used by this server?
/etc/hosts:
# Do not remove the following line, or various programs
# that require network functionality will fail ....
View 7 Replies
View Related
Jun 28, 2007
SO the last few months I been trying like crazy to tweak Apache or find a better http setup such as running lighttpd with Apache, etc. I have been frustrated by the way Apache easily fork bombs under any decent load or dos attack. You get about 100 bots all making 30+ connections a piece on Apache and it kills it.
Bot kids have adapted to ddos protection and connection flooding banning by sending low bandwidth attacks that do not make enough connections to get banned if you do have protection, its real low bandwidth incoming but is like a massive vampire attack outgoing. And it destroys Apache no matter what you do, what modules you have, etc. You basically have to go in and manually ban or set your connection tracking limit down to where it starts banning regular users too.
So I seen on here somewhere someone recommending litespeed to someone so I went and checked it out and was amazed by the performance. I installed the trial enterprise in a p4 server I been having problems out of lately crashing all because a busy site and I installed it in my main server.
The only thing I needed to do was compile my own php5 for it, which is real easy via their wiki instruction. After a few snags here in there I finally got it working tip top on both servers, both of which are cpanel.
So with the p4 that was always crashing and keeping hi load, We would end up having to remote reboot that box almost once a week not due to any misconfiguration or wrong setup, just couldnt take all that Apache usage and would die. We instantly noticed a difference with litespeed. The average load used to be about 1-2 always, with litespeed the average stayed about ..2 even under heavy traffic. So this was a big improvement and we have not had to reboot that box since.
My main server which I take my high risk clients on, core2duo 2.4. I thought there for a Lil bit the sites were starting to outgrow the server as its average load always was around 1 which was fairly acceptable seeing the traffic it gets so normal for Apache.
During the low bandwidth ddos attacks I would have to go in and manually ban as well as setting connection limit way down just to keep it from lagging, most of the time it still did. So I was really wanting to do something for this server to optimize http without upgrading, because it seems most of your hardware upgrades are to suit Apache anyway.
So I installed litespeed on my main server, ran into a few snags here and there but eventually got it under control. Just the last few days I got to see it put to the test.
I took on a client who was being extorted by a ddoser who recently got him kicked off his previous host. SO as soon as dns resolves here comes the crapstorm. A low bandwidth http attack, a lot got by ddos firewall on the network level which these are hard to stop because they are so similar to a legit user.
So I started getting hundreds of csf connection tracking blocked emails, was checking the site periodically and it loaded fine. So I logged in the box, looked at the load.
Was at .24. When I done netstat command there was hundreds of syns coming in and about 250 ips all connected about 50 times, this would normally kill Apache no matter what CPU/ram and all that you have. So I set connection tracking down to a reasonable level, 60 connections and I figured I would just let them get themselves banned. Looking in the live stats in the litespeed admin panel which is real cool BTW. I was seeing about 400 requests a second. This was eating a Lil bandwidth, all outgoing as that is how the attack works like a massive vamp attack. So about 2000 connection tracking emails later finally gets em all banned. The entire time the load on that box never even got to 1!
So im pretty much amazed how fast and light this http server is. And especially how well it handles dos. I about know for a fact even if you was on a non protected network it could handle as much http as your pipe will give it, and do all this at a low resource load.
This will end up saving me money on hardware upgrades in the future as well. Long review, long story, but I been so amazed by this http server I had to make a review on it. Im sure some geniouses will try to say "If you do this and that with apache you can make it just as good" But check it out for yourselves and see.
View 14 Replies
View Related
Aug 29, 2007
tried to download files from http links to my ftp server. i looked all over the forums but could not find any services. google spitted out this one. [url]Well, it really does help to upload http links to an ftp server and move files from one ftp server to another. does anyone know other services or free scripts that help to do this?
View 0 Replies
View Related
Mar 15, 2007
I'm using IIS v5.1 on WinXP SP1 and I encountered this error (Page cannot be displayed.....HTTP 500 - internal server error) all of a sudden. now, i've been using my Web server with no hitches, but now I can't open any pages on the server that run server side scripts so i reinstalled it and still get the same "Page cannot be displayed" or I get part of the source code for the server side script. Pinging the server shows that its ok, it replies. and regular pages with no scripts still run with the http protocol in the address. Any ideas on how to get past this problem?
View 2 Replies
View Related
Jun 27, 2013
its possible to do a P2V migration of a Apache http server 2.2
Present environment:
Windows 2003
Apache http server 2.0.63
There are 2 webservers (running Apache) for load balancing. The backend server runs an application which uses an oracle database. Is a P2V migration of the web servers possible?
View 2 Replies
View Related
Sep 22, 2009
I installed apache, mysql, php on my windows vista laptop, and want to test http downloading. This means when selecting a file (for example, contact.php) from a page, and then click download, it will be downloaded to my desktop.
Do we need to install any other softwares to do that?
View 10 Replies
View Related
Jun 16, 2009
I have done this with .htaccess on apche but I am looking to do HTTP to HTTPS redirect for all requests on Zeus server using rewite.script
what I want basically is that all request to [url]goes to [url]
View 0 Replies
View Related
Nov 26, 2008
to display the server load average through HTTP. How may I do that?
Please note that I have all insecure functions disabled, such as exec, system, etc... But I have root access.
View 11 Replies
View Related
Jun 13, 2008
I have a Linux server running some reasonable setups:
Opteron 180, 4 GB RAM, running 8x 36gb 15k scsi with hardware raid 10 -- this is one of the servers from WebNX advertised here not long ago
Running CentOS 4(?), Apache2/MySql 4/PHP5.2, the normal stuff.
I have only one main site on the server, which runs a pretty old PostNuke CMS in Chinese (0.7.2.3 Phoenix) + PNphpBB2 + Gallery 1.5.7 (all integrated into PostNuke). This site is pretty light in "human" traffic, getting about 20K hits per day.
Now, the problem I have noticed with this site, is related to the many MP3 files stored in the Gallery albums. There are lots of HTTP requests to these files, most maybe from Chinese search engine bots (judging from IP), that slows the server to a crawl and even crashes Apache. This happens in the late hours here when it's day time in China. As a matter of fact I just did a reboot, and in 5 minutes there are more than 1000 HTTP requests to MP3 files resulting in a traffic of 2.1+ Gb. So within minutes, the server is brought to its knees again and I can't even get the "apache status" from CPanel now: "Unable to retrieve apache status".
The company that manages the server for me said there's no security problem here. We have installed an Apache extension to limit the number of simultaneous requests to media files to 1. However that doesn't seem to help.
View 6 Replies
View Related
