Over 1000 Http Requests
Jan 12, 2008Quote:
netstat -anpl|grep 80|grep 74.xx.179.xxx|wc -l
990
I observed too many http requests into the server, so just wonder how your guys twaek server to accept over 1000 request and more?
Quote:
netstat -anpl|grep 80|grep 74.xx.179.xxx|wc -l
990
I observed too many http requests into the server, so just wonder how your guys twaek server to accept over 1000 request and more?
I set up a cron to run every minute & I'm running a PHP script by way of cron like
wget http://example.com/some_script.php
Now does each request of Cron is a seperate HTTP Request or what? Say my script takes more than 1 minute to execute completely but before its completed, its called again. So, will that effect the PHP script running because of previous HTTP Request or will it create a new HTTP Request & let the previous request finish its operation? Technically, it shouldn't block/affect the previous request, but I'm not sure!!
I have a guy who can't get to any of the 100 or so virtual hosts on my RHEL3 server.
It's running the latest Apache RPM from RedHat. I also have mod_evasive and mod_security running.
Here's what I know. The guy *CAN* connect via SSH and FTP. The guy *CAN* see the default web page when he hits the IP in his web browser (e.g. he types [url]into the address bar on IE). But when he uses any of the host names on the server he *CAN NOT* see anything. He gets timeout errors.
His IP in NOT in ANY error logs, it's not in mod_evasive or mod_security, it's not in IPTABLES, it's not anywhere I can see.
I must be missing something. Anyone have any ideas?
What would be in front of Apache blocking his requests?
There seems to be some problem with my server, none of the websites hosted on my server are accessible, the http requests either return a blank page or a page with a red quare on the upper left hand corner.
I am not sure if this is some kind of infection or DNS problem or a problem with memory apache is taking up
as i have thousands of virtualhost entries in my access log accumulated over the years out of which only a few 100 websites i am serving presently, but never deleted the non-exitent virtualhost blocks.
At times the websites are opening but most of the times they are not. And when they do not open my http requets are not logged in apacha access log.
Even the customers have reported the same problem.
Also, just four days back i had a strange issue where all
http requests to my server would take me to [url].
I can SSH to server, and everything else is working fine.
I want to block all http requests coming to my website via proxy. Is there any way/script to achieve this on the server?
View 5 Replies View RelatedWhen i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
My Linux Server's Http Daemon (Apache) would stop serving websites ever so often, as soon as apache is restarted the error fixes iteself only to resurface within few hours.
The apache process would still be running i.e. apache does not die but no websites hosted on my server would be accessible from browser. And when this happens the apache logs do not log any http requests.
Instead when this happens all http requests to my server would be redirected to some weird Trojan website and my Norton Antivirus would show an Alert/Warning, for example;
"Browser exploit at www.xxx.xxx was blocked"
Risk Name: MSIE WebViewFolderIcon ActiveX Control BO
or another error like;
"Auto-Protect has detected Trojan.Fakeavalert".
At first i thought the problem could be with my Laptop/ISP so i logged on to the server via SSH and opened try to open a website using command line "lynx mywebsite.com" and it shows following error;
"Alert!: HTTP/1.0 503 Service Unavailable".
Now if i assume my laptop were to be infected, then as soon as i restart my apache and visit mywebsite.com eveything returns to normal with no such warnings. Why do i see those norton error messages only when apache is down with 503, and when apache is down with 503 how come the http requests always get redirected to some suspicious websites and nothing gets logged in apache error log?
I think my server is being attacked causing http to get unresponsive and thereafter http requests to my server are redirected to some malicious website, is this correct?
Also, i suspect this is a php script exploit as some customers have reported that google have blocked their website due to security reasons, i found <iframe> tage inserted in some php pages which i fixed.
Also, another thinh i noticed;
when apache responds with the 503 it is referencing PHP 5.1.4 in the header response:
[root@]# curl -I xxx.xxx.xxx.xxx (my server ip)
HTTP/1.0 503 Service Unavailable
Server: Apache
X-Powered-By: PHP/5.1.4
Retry-After: 20
I am running PHP 4.3.9m why does apache responds with PHP 5.1.4 when this 503 error surfaces?
Also, since my apache was dowan with 503 error a customer mailed in today saying;
"It seems that my site www.xxxx.com is regularly down, and the winlogon virus is involved."
I suspect this is again due to the fact that http requests start getting redirected?
I'm buying Cisco ASR 1000 router that should handle 2 Gbps bandwidth. Please advice on components, models, etc.
I have a vendor, but I'll appreciate any reference, based on your experience, on where to buy one at reasonable price. I think I can probably get refurbished ASR 1000 or similar as well, if the vendor can guarantee the quality of the device.
i have a huge site with photos in US, and i want a mirrror in Europe.
So, i want ~10 Gb on HDD
really good uptime
quick network (100mbit will be great)
And a lot of Bandwidth, like 1TB / month
About budget... something like 40$-50$/month.
What kind of difference will I see between my server having a 10 vs. 100 vs. 1000 Mbps Uplink?
If I had to choose between 1000Mbps Uplink w/ 3000GB/mo BW or 10Mbps Uplink Unmetered, what should I take into consideration?
What will the impact to the customer be speedwise?
I've read endless complaints and bad reviews about Leaseweb on here, but has anyone had experience with their bandwidth? Specifically 1Gigabit unmetered for just 1000 euros,
View 10 Replies View Relatedlooking for some ball parks on how much 1000sqft of data center space would be - looking at about 30kVA for the power. location is Upstate, NY; PA vicinities.
View 9 Replies View RelatedWould anyone have an idea how much resources it would take to seed 1000 - 2000 torrents ?
The bandwidth is not the problem, i am mostly concerned with what kind of box i should get. should i concentrate more on ram or more on cpu or do i need both?
what is the best hosting to send more than 1000+ e-mails per hour. I have tried Hostgator which only let's you send 500 per hour.
View 14 Replies View RelatedDoes anyone know how to redirect the URL of a host so that it always goes to the www subdomain? Is this done with RedirectMatch or is a rewrite rule?
View 3 Replies View Relatedwhere when I view my website through http using Firefox, it never stops loading. If I use IE, then I get a "page can not be displayed" error.
If I use https then everything works fine.
I have noticed that if I delete lines from the files, I don't have this problem.
If I try viewing images (so I know it can't be an html of php problem) some look fine (the very small files). But, larger files, around 168 kb, load halfway and the second half is distorted (green and purple chunks and other random colors and lines).
If I view the image through https, the image is perfectly fine!
If I put my site through w3.org's validator (just to see what it would report) it says "500 Line too long (limit is 4096)".
My website used to work, so I know there isn't any code in the pages that would cause this to happen.
Is there an Apache setting I check? Perhaps it is sending a really long header that I can not see? I am not really sure what to do. I have made my site to force https but it's slow and not signed.
I block them in htaccess but their repeated attacks is making my server load crazy.
I installed AFP but it doesn't do anything, where do I set rules on automatic blocking?
Should I block ping request to my servers from WAN?
View 12 Replies View Relatedmy server is still effed up from the MPack attack that I received.
I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?
72.233.79.2 (malwarebytes.org) Server Log:
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/errors.php?error=[url][unique_id "tNAGeH8AAAEAAEsfD7wAAAAO"]
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/forums/errors.php?error=[url][unique_id
"tNAPAn8AAAEAAD7mqWQAAAAl"]
[url]is the RKHunter scan log
[url]is the ChkRootKit scan log.
I'm going through this thread right now:
[url]("How-to detect a possible intruder?") and I've come across a handful of hidden directories:
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xh
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xhide.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/convertxdccfile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_admin.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_dccchat.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_display.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_main.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_md5.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_misc.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_statefile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_transfer.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_upload.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_utilities.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/convertxdccfile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_admin.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_config.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_dccchat.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_defines.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_display.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_globals.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_headers.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_main.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_misc.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_statefile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_transfer.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_upload.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_utilities.c
I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do:
rm -fr "/arcade/images/. /"
and then locate ". "
I still get:
/home/mifbody/public_html/vbulletin/adserver/banners/.
/home/mifbody/public_html/vbulletin/alice/src/admin/.
/home/mifbody/public_html/vbulletin/arcade/images/.
I think mellowhost has gone now,
I have some pending request and helps request.
there is nothing to reply.
even the ffmpeg services have some error and they only 3mb allow to upload file.
i dont know happen to this company...
I post here not for bad reviews, otherwise to call their attentions.
because even i use the forums for mellowhost, and submit some tickets. nothing response from them.
if there is a rule to add to firewall or mod_security to ban any IP which is sending more xx number of POST requests to the same URL?
View 6 Replies View RelatedI've just been having a look through my logwatch e-mail, and have seen the following that I've not seen before:
Code:
A total of 3 unidentified 'other' records logged
GET http:/ /74.52.21.101/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.100/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.102/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
NB. I've added a space in the URL to break the link.
what is happening here, as this looks to be something dodgy.
I have a dedicated box with softlayer and I have noticed at varying times the past few months that with sites we host, sometimes the connection times out (I'll try to access like 5 or 6 sites within 30 seconds or so and they all drop, then a minute later they load fine).
I opened a support ticket and they said it usually has to do with the # of requests Apache can handle, and that this can be modified. They stated they could: "tweak the apache configuration file in this server that can make it possible to handle more requests."
So my question is what should the # of requests be set to? (I'm not sure what it is now, but I assume whatever the default # is).
I have a Qmail server that is using relays.ordb.org
As you probaly know this shut down two years ago. But is now sending all requests as spam. No one is recieving there emails.
this a Standard Qmail,with a hacked qmail-send witch intergrates with Mysqld.
is not installed with qmailroks, or supervise. Can't find the config text file.
how can we remove traces or referrences to relays ordb.org
I am getting a lot of GET requests from different IPs to 4 nonexistent PHP files on my server. Is there any way to block the requests to avoid the resources use of apache that these requests are generating?
I have installed mod_security but Im not sure about how the block rule should be.
The requests are going to images/log.php, images/log2.php, images/log3.php and images/logi.php of one of the sites hosted on the server, is there any way to block there requests for a specific domain or path?
We're trying to optimize the speed of our website. It's hosted on its own box.
We're looking for software that will monitor/aggregate the time it takes for certain requests -- For example, we would like to see which files it takes the longest to serve.
Is there server-side software that will take care of this?
Linux/Apache/PHP/SQL
I have been experiencing a lot of Keepalive requests for a particular image on a particular domain. please see the lines below.
0-11233931/63/63K 0.15100.40.030.03 195.68.185.13mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
1-11233941/77/77K 0.18100.40.050.05 122.164.58.63mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
2-11233951/42/42K 0.76000.40.170.17 89.139.214.74mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
3-11233971/57/57K 0.04000.40.020.02 82.199.98.229mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
4-11233981/46/46K 0.27000.40.040.04 217.150.55.41mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
These are just a few lines from the top.
How can i prevent this from happening.. it seems as a SYN Flood, or maybe a DDoS.
I maintain Java servlet applications on my hosting platform [hosting-q.com] and access the applications from another site [wiredpages.qisoftware.com]. Today, there was a demand problem which caused the hosting server to block access to requests from the other domain.
Do you know if there is an .htaccess directive that can perform this blocking or some sort of system trigger?
The thing is-- only the servlets requested from the external domain and not requests from the originating domain [or hosting domain] were blocked.
I just went with Steadcom's VPS and they are great. I am setting things up and it's going pretty well, I have to dust off my linux/server knowledge that I haven't used in a couple of years.
Anyway I'm creating a virtual host.. I will have about 10 in the end, but right now I only have one domain IP Pointing to my new server. My registrar is NamesDirect.
When I create the virtual host, I can no longer access subdirectories directly. My Virtual Host directory is, say, /var/www/html/newdir
If I try to reach http://www.domainname.com which has been configued as a virtual host, that comes up correctly from the directory /var/www/html/newdir and works fine.
But if I try to reach http://myipaddress/newdir I get a 404 page not found error. Looking at the log, it's trying to reach /var/www/html/newdir/newdir so it's putting in the virtual host redirect even for just hitting the subdirectory directly.
Is this normal? Do I have something configured wrong? I have another domain that I have changed to IP Point to the VPS but until it propogates I won't be able to test having 2 virtual hosts.
Also.. I have not set up DNS on my VPS. I don't really understand it, and IP Pointing has always worked for me when I ran my own server form my home so I was just going to do that. But I wonder if this could be one of the problems.