Really Odd DDoS Or Something -> No Log Entries, Over 2200+ PHP Processes

Apr 9, 2008

WHM 11.15.0 cPanel 11.18.3-C21703

CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0

Few days ago i upgraded cPanel, and then Apache, PHP5, eAccelerator, hadn't updated in ages.

Server worked lightning fast compared to old (PHP 4, older Apache, no eAccelerator), and seemed stable.

Few hours later, server is unresponsive, it took over a day to get the server on the status that i can even see what's happening!

Downgraded back to PHP4, removed suhosin. Still happens. Reworked all the configs, and took all resource limits so low that it survives that, PRM gives 12secs time, enough apache processes etc. Maximum clients lowered to 50 etc. you get the general feel what i did, just to see what's going on.

Now the server survives those 2200+ processes somehow and comes back responsive in some minutes. Killing all PHP processes alone does not solve the problem, but need to restart other services too. All services tend to start crashing when this happens.

Thing is, they are specific user PHP processes, ALL of them, and thus HTTP Request (suPHP), but no log entries for those, i do not see where from they originate, what PHP files are being requested, reworking individual PHP files for that account didn't help at all etc.

I cannot just suspend this account, it's an high importance account for my own needs.

This account gets ~2½million requests a month regularly, and server can handle that.

There was one new reseller account setup for someone else the day this started happening (i upgraded to PHP5 just after accoutn creation) but i think that's unrelated.

Any ideas how to start pursuing a resolution for this? It has started happening more frequently than before, so i'm also suspecting a DDoS, ubt there should be log entries.

Is it possible the requests come so fast that Apache just don't have the time needed to write log?

HDD is the bottleneck actually on this server (ty Leaseweb, you guys gave me the worst HDD of the size you could find and want to charge 25euros a month extra for a proper HDD of same size, 250gb!)

View 4 Replies


ADVERTISEMENT

Being Ddos'd By A U.K Ddos Protection Company - Dragonara.net

Nov 7, 2008

it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229

What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.

View 14 Replies View Related

Are These DNS Entries The Same?

Dec 16, 2007

I just moved to a new vps and I have "ns1.domain.com" and "ns2.domain.com" entries for my primary and secondary nameservers as well as simply "ns1" and "ns2" .... are these the same thing? Is there any harm in having both? Any feedback appreciated!

View 2 Replies View Related

Multiple DNS Entries

Mar 16, 2008

I have been searching through threads on WHT, but have not found anything really conclusive regarding this.

If I were to list two A records for the same domain name on my nameserver, such as:

www.mydomain.com -> 123.234.123.234
www.mydomain.com -> 234.123.234.123

How would most browsers handle this?

Would it only try the first entry, or would it try the first entry, and if the specified IP is unavailable it would try the second entry?

View 14 Replies View Related

APF Entries And CIDR

Sep 25, 2007

I have been trying to figure out how to allow a range of IPs with APF. I finally came across the CIDR page on wikipedia and read it though, and now I get it. I just want to confirm one thing before I implement this.

I run a gameserver where I want to allow everyone in the world to connect on a certain port, so can I use this entry?

Code:
tcp:in:d=27015:s=192.168.0.0/0
From what I understand, using the /0 CIDR suffix basically means "all IPs". So technically I could use ANY IP address for the source with the /0 suffix and it will work right?

View 6 Replies View Related

Nameserver Entries

Sep 11, 2007

On of my client has registered his domain (austasiapackaging.com) with BlueCentral.com . BlueCentral also provides them with mail service.

Now I have to provide web hosting for this domain. Should I change the nameservers entries or should I change the A Record? Or do I change them both?

View 9 Replies View Related

Automated MX Records For New DNS Entries In WHM

May 18, 2009

I run my own Mail Server.

Everytime I create a new website account in WHM I am required to go in and manually edit the DNS record to include the MX record of my mail server.

I would like to streamline the process and need a way to make WHM automatically include my MX records every time I create a new account. Is this possible?

View 2 Replies View Related

Error_log - Strange Entries

Nov 4, 2009

All accounst in my dedicated server start to show a very strange error_log with the following entries:

====
[04-Nov-2009 21:28:51] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/php_interbase.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/php_interbase.dll: cannot open shared object file: No such file or directory in Unknown on line 0 .....
====

Always when a php script is accessed, new entrie with this error above is created.

I dont understand because php script have not any relation with intebase or pgsql and my server have not this e db installed.

View 5 Replies View Related

Apache 2.x Config Entries

Apr 13, 2009

I used to have a dedicated server running Apache 1.x (1.3 I think) and in my httpd.conf there were entries about keepalives, maxservers, minservers etc.

I've now got a VPS from FutureHosting, which is brilliant. In my httpd.conf file though, there are none of the above entries. It is running the latest version of Apache (2.2.11).

Are all the keepalive / minservers settings handled automatically in 2.2 or do I just have a default setting and maybe need to add them manually?

I don't have any load issues so haven't touched the config so far.

View 5 Replies View Related

WHM: Can You Delete Entries In SSL Key/Crt Manager

Aug 14, 2008

how to delete the excessive SSL keys / CRT's from WHM?

I have so many of these freakin' things (from doing it WRONG the first few times) that I want to clean it up.

how do you clear out the KEYS / CRTS / Signing Requests from WHM?

View 3 Replies View Related

Apache Log Only Showing 127.0.0.1 Entries

Jan 28, 2008

Centos4/WHM/Apache 2.2.6/eaccelerator

My access_log is only showing entries like:

127.0.0.1 - - [28/Jan/2008:17:26:46 -0600] "GET / HTTP/1.0" 200 2860
127.0.0.1 - - [28/Jan/2008:17:27:30 -0600] "GET / HTTP/1.0" 200 2860
127.0.0.1 - - [28/Jan/2008:17:27:31 -0600] "GET / HTTP/1.0" 200 2860 ....

View 1 Replies View Related

Lossing Entries On My /etc/localdomains

May 23, 2008

I discovered this forum googling and i think is a very good community, so i registered and well... as any noob, started to ask questions U.U im new in this stuff of web hosting... though i know some things... i dont have experience, its my first job in a small web hosting company, and we have a strange problem, we loss entries on /etc/localdomains when we migrate domains from one server to another and nobody knows why... we can fix it trough deleting the dns entry and creating it again on the target server. I know its kinda messy (for me at least) i hope u can give me at least an insight of where the problem might be.

We do the migration trough the migration tool of WHM

Here is some data about the target migration server, if u need something else... please tell me.

CENTOS Enterprise 5 i686 on standard - WHM X v3.1.0

uname -r

2.6.18-8.el5

vmstat 5 5 ......

View 4 Replies View Related

DNS (MX) Entries - Gmail For Your Domain

Feb 7, 2007

I'm running a dedicated server with Plesk 8.1

For all newly created domains, they will automatically adopt a DNS template which I've set up in Plesk. But for my own domains (not clients) I've changed my MX entries in my DNS Settings section to point to the server of that of Gmail (Google). The primary server with the highest priority is "aspx.l.google.com"

To get to the point...
I receive emails on the Gmail interface, which is stored on the Gmail server, though I have a slight problem when it comes to local emails. In other words...when my server sends out an email to myself (either from a contact form, daily log files, etc...) I don't receive the emails through the Gmail interface, but rather through my POP server, which is logical, since my server is most probably configured to use "mail.yourdomain.com" and not "aspx.l.google.com".

Question :
How can I have both incoming emails (from other domains/servers) and local emails (from my own server) go through the Gmail server? I'm guessing that I'll have to edit Sendmail or PHP or something, though I'm not sure, that's why I'm posting this.

Sorry if the post is a bit confusing. I tried my best to explain the situation, though if you have any questions, please respond with them.

View 2 Replies View Related

IPTABLES No Adding Entries

Aug 14, 2007

I adding to iptables:

Code:
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP
And after a dozen so minutes or several hours iptables --list is clean.

View 7 Replies View Related

Registrars Not Accepting DNS Entries

May 16, 2007

I have set up a pair of name servers, the first one is accepted by the registrars and the second one is not. They have been configured identically as far as I can tell.

It appears that some test is run by the registrars to see if the name server can be used.

Is there any way I can find what test it is and get a way to run it to see what the problem is?

Are there scripts or sites where I can run whatever type of test it is and know what the problem is?

View 4 Replies View Related

Add Email Accounts With Mx Entries

Mar 21, 2007

I just transfered an existing client of mine to one of my servers but he has MX entries.

I entered the MX settings in Cpanel for him but im wondering if I have to actually add all the mail accounts? Im assuming since he is using MX entries then he is using a seperate server to handle all the accounts. Am I right in my assumption? Do I have to add all his mail accounts into cpanel?

View 1 Replies View Related

Logwatch Quite A Few Unmatched Entries

May 14, 2007

Is this someone trying to gain access to the server and just trying different password or ways? The server is new with no websites hosted yet but already getting this.

Will Brute Force not take care of this?

Is this common? Any ideas?

**Unmatched Entries**
sendto(72.64.118.118): Operation not permitted: 72 time(s)
sendto(69.182.190.97): Operation not permitted: 73 time(s)
sendto(66.93.44.19): Operation not permitted: 72 time(s)

View 2 Replies View Related

Resolv Entries (space Separated)

Dec 18, 2008

Resolv Entries (space Separated)

I just got a very cheap box intended to learn HyperVM/OpenVZ. just got it tonight and got 5 IPs. So I add those 4 IPs in the Resources > IP Pools section. I don't know what to add in the Resolv Entries (space Separated) field.

if this is not the correct forum for this, please be free to move them.

View 6 Replies View Related

Netdiag :: The DNS Entries For This DC Are Not Registered Correctly On DNS

Mar 14, 2008

I get this error with netdiag:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver 'DNS.FIRST.IP.HERE'. Please wait for 30 minutes for DNS server replication.
[WARNING] The DNS entries for this DC are not registered correctly on DNS se
rver 'DNS.SECOND.IP.HERE'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.

configuration:

Server is a DC/AD. It has 2 IP's, both are static of course. the DNS Servers are manually added into the network configuration properties, as these are provided by the hoster.

View 2 Replies View Related

Want To Update DNS Entries Of Multiple Account

Feb 27, 2008

How I can update DNS entires of multiples accounts in Cpanel.

View 0 Replies View Related

Logwatch Showing Unmatched Entries

May 14, 2007

Posts have been disappearing the last 2 days on WHT. Let me try this again.

The server is new and do not have any websites setup yet. It's already getting these entries. Is this normal? Should we move to a different SSH port?

**Unmatched Entries**
sendto(72.64.118.118): Operation not permitted: 72 time(s)
sendto(69.182.190.97): Operation not permitted: 73 time(s)
sendto(66.93.44.19): Operation not permitted: 72 time(s)

View 6 Replies View Related

[cPanel] Cron Not Adding Entries

Oct 9, 2007

I have problem witch crontab in cPanel. Cron not adding entries in cPanel --> Cron jobs. No errors.

View 3 Replies View Related

Apache :: Access Log Missing Entries

Feb 15, 2013

I have a lamp server setup with a couple of vhosts. Investigating the log files for a situation I found that it seems to be missing some entries. The access log contains a long list of files (images and css) requested by the client regarding a request to a page (having a specific url as referer), but the actual request is missing. The url called is an automatically generated url that should only be available as an unsubscribe link in emails send to a specific user, thus the use of it in the logs is limited

At the same time I can find log entries in our database that I am 99.9% sure can only originate from this specific URL being requested (never say never). These log entries are stamped just before all the auxiliary requests having the url as referer, but again the actual request is not to be found.

View 1 Replies View Related

Plesk 12.x / Linux :: DNS TXT Entries Not Updating

Feb 10, 2015

I am running
OS Ubuntu 14.04.1 LTS
Plesk version 12.0.18 Update #34, last updated at Feb 10, 2015 01:52 AM

I have created a few websites using plesk and i have the dns acting as the primary . This server acts as a primary nameserver for the DNS zone mywebsite.co.uk

When i add a txt record the dns is updated but it never resolves so my DKIM and SPF records are never found. I have checked my syntax for the records and all are fine. My domains are hosted by stratoservers. Is it there fault or mine. Should i change providers so i have more access to the domains dns or should plesk be doing that for me...

View 2 Replies View Related

Parked Domains Show Default Apache Page Even Tho They Have DNS Entries

Jun 3, 2008

I have domains parked on a subdomain. Since i updated the apache configuration with cPanel the parked domains just show the default apache configuration. The domain shows up under parked domains. I can delete the domain and readd then it works. However, that isn't a good option cause there are 100+ domains.

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved