Is there a way I can track the HTTP traffic to which domain is running with high traffic. Due to traffic load I/O wait is increasing. I want to suspend the domain that have the large traffic to avoid down time.
View 4 Replies
../logs/error_log
[info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 6 idle, and 37 total children
../httpd.conf
StartServers 7
MinSpareServers 8
MaxSpareServers 13
I think it's already high values, Is it safe to increase it?
I've VPS, I want to cutomize server busy message.
what i should do to cutomize this page?
Tailed apache logs and found this:
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10308 for (*)
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10309 for worker proxy:reverse
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10310 for worker proxy:reverse
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10309 for (*)
[Sun Apr 20 08:29:34 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10310 for (*)
[Sun Apr 20 08:29:35 2008] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 2 idle, and 45 total children
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10311 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10311 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10312 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10312 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10313 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10313 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10314 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10314 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10315 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10315 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10316 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10316 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10317 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10317 for (*)
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1670): proxy: grabbed scoreboard slot 0 in child 10318 for worker proxy:reverse
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1689): proxy: worker proxy:reverse already initialized
[Sun Apr 20 08:29:35 2008] [debug] proxy_util.c(1778): proxy: initialized single connection worker 0 in child 10318 for (*)
What on earth is all these proxy_util.c errors?
Also, I could not find any details in the httpd.conf file regarding StartServers, or Min/MaxSpareServers.
I'm using Centos 4 / Apache 2.2 / PHP 5 / Cpanel
Mysql server always busy and slow (in my VPS).
How I can know which website/account uses mysql very heavely?
or just any monitoring Idea?
I want to know which user is responsible of that overuse?
I have a pages with high load - load avg is about 10-20.
and in the error_log of the apache message:
[Mon Mar 17 18:10:19 2008] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 6 idle, and 32 total children
I have in apache:
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeOut 1
StartServers 15
MinSpareServers 15
MaxSpareServers 20
MaxClients 256
MaxRequestsPerChild 500
What values should be of these parameters for the such high traffic pages?
it's getting to the point where I need to optimize MySQL to better handle a busy server.
These days it seems MySQL is using 30% - 60% CPU almost constantly. But, the good news is that I've got 4 gigs of ram on this box and their seems to be an access of 600mb free constantly throughout the day.
Is it possible to tweak MySQL to a little more RAM dependent and take some of the load off the CPU? It seems MySQL wont go over 300mb of ram at any given time.. I'm already working on optimizing the SQL Querys on the web page itself.
my.cnf (4.1.22-standard):
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
# old_passwords=1
# [mysql.server]
# user=mysql
# basedir=/var/lib
# [mysqld_safe]
# err-log=/var/log/mysqld.log
# pid-file=/var/run/mysqld/mysqld.pid
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
safe-show-database
old_passwords
back_log = 75
max_connections = 600
table_cache = 128
thread_cache = 32
wait_timeout = 60
interactive_timeout = 80
connect_timeout = 60
tmp_table_size = 64M
max_heap_table_size = 64M
max_allowed_packet = 64M
max_connect_errors = 10
read_rnd_buffer_size = 524288
bulk_insert_buffer_size = 64M
query_cache_limit = 8M
query_cache_size = 100M
query_cache_type = 1
default-storage-engine = MyISAM
local-infile=0
thread_concurrency = 4
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit = 8192
[mysqldump]
quick
set-variable = max_allowed_packet=16M
[myisamchk]
set-variable = key_buffer=256M
set-variable = sort_buffer=64M
set-variable = read_buffer=16M
Are there any services where an ADMIN can monitor DB usage on system and make some recommendations or even find SQL that is poorly written ...
I have a DUAL harpertown, 10GB RAM, and RAID
I have a typical, gallery, busy VB forum, and video script...
THe site traffic has not increased much but my Memory keeps getting chewed up... i already did some tuning that VBULLLETIN suggested... but the memory still goes... i need a tool or someone to just monitor the server for a day and grab as much diagnostic info as possible..
I suspect that its a single query giving problems cuz i have some custom coded pages...
I don't want to split the DB and HTTP request on diff servers cuz the traffic that i get shouldn't warrant it... for now...
Logwatch says I send out about 3k emails each day and that is a ridiculous amount. I use postfix and do not run any sort of relay, even for myself. I have IPB 2.2.2, Wordpress 2.0.4, and Gallery 2.x.
How can I track down where these messages are originating from? Or perhaps I am reading my LogWatch file incorrectly?
Quote:
--------------------- postfix Begin ------------------------
17999281 bytes transferred
2460 messages sent
26 messages expired and returned to sender
145 messages removed from queue
Top ten senders:
24 messages sent by:
apache (uid=48):
2 messages sent by:
root (uid=0):
I know it's not specifically a plesk issue, but as I use plesk to resell webs and many users install (manually) wordpress, I thought I'll ask around.I would like to know if this can be done with a single sql select or if I would have to use a script to do this:
- track all mysql databases on my server
- find the proper table in each database (as the prefix can be customized, the start of the table name will probably never be the same in two WP installations)
- find the proper field in that table and check the WP version and administrator email
and then what I will do is send an email to those adresses advising them to update WP
i'm hosting a forum (~80 simultalinous users online) In a VDS 512 MB RAM, Linux Debian with apache 1.3 and mysql 4.1 , php4.
Apache seems to be busy, pages don't even load, this can be resolved by restating apache. and after a couple of time (about 4 hours) it does the same thing again, and i do have to restart it again and looping ...
Here is my httpd.conf file :
Code:
Timeout 200
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 3
MinSpareServers 5
MaxSpareServers 15
StartServers 5
MaxClients 20
HostnameLookups Off
MaxRequestsPerChild 2000
Wanted to share a bit (read vent a bit if you're cynical ).
Just got the following e-mail from hostmonster.
-----------
Dear Dale:
Your web hosting account for ibycus.com has been deactivated (reason: site causing performance problems).
Although your web site has been disabled, your data may still be available for up to 15 days, after which it will be deleted.
If you feel this deactivation is in error, please contact customer support as soon as possible.
Thank you,
Support
For support go to
Toll-Free: (866) 573-4678
-------------
Apparently, there are two files on my website that are being hit quite a bit, and causing the server to slow down. (I admit, its a busy site, and the files are very big).
The files aren't new there, and neither is the traffic, but the plug was pulled with no warning what so ever, and no offer of remediation on their part beyond refunding the remaining portion of my contract (I would hope so too!).
I can understand that they may not be able to continue to host my site due to the volume of traffic it generates, but they really could have handled this much better.
What minimum VPS specs should I be looking for to support a PHPBB3 forum that uses 100GB/mth bandwidth and has 50 concurrent users at peak times (measured by PHPBB, so not real-time concurrent)?
And are there any suggestions for inexpensive ($30 or less) options that would be worth trying? Have never used a VPS before.
If not, are there any shared hosting providers that specialize in hosting message boards like PHPBB?
Can anybody suggest a large hosting company based in France?
I'm looking for hosting that can handle a high bandwith, high profile, busy website. We will require excellent customer support and a professional attitude.
I am using apache 2.2 webserver and tomcat 6 as app server.
I have two unix boxes (let say A and B) where apache is installed for load balancing purpose.
The issue is now and then I see that on both the server reaches to 250 busy servers which makes my site very slow and after some time the site is unaccessible.
When I see this I restart apache on both unix boxes and also restart my app server.
But that does not work. As soon as I start apache the httpd process ramps up to 12 (ps -ef | grep httpd) within a minute and the busy servers still remains at 250.
The only I have to do is wait and watch till the busy servers goes down to 250 and then site is back to normal.
Some times it takes hours for busy servers to go down below 250.
I dont understand that why even restarting apache and tomcat doesn't work. why the busy servers are still at 250. even after I restart.
This is what I have in httpd.conf
<IfModule worker.c>
ServerLimit 80
StartServers 2
MaxClients 250
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
I tried to increase MaxClients to 300, which also didn't work and apache or httpd process shuts down by itself.
My server currently has some problems with DNS/mail, which i can't seem to fix myself. My colocation host offered to help me by giving him root access, but i don't know him very well yet. Is there some kind of script/logtool so i can track everything he did on the server? I don't want him snooping around through my webfiles and databases...
View 13 Replies View RelatedCan anyone please tell me how dangerous in fact Apache's TRACE and TRACK functions?
I have read common explanation but would disabling TRACK and TRACE improve my server's ability to fight cross site scripting and similar attacks and make it more secure?
I'm small hosting provider. On one dedicated server I have around 100 cPanel accounts.
That server is under constant, although not powerful DoS attack.
Since my company domain is not targeted on another server I believe that it is not me but one of my customers that attack is against.
Is there a way, tool, service provider than can help me pin down which account is being hit?
All accounts are on server main shared IP.
Would spreading them on another IPs help? Or would I still see attacks only on main shared IP?
I'd like to know, is there any way to know about hosting provider, if we have only ip address of the server. i.e.
66.63.181.74 - this is the ip address of my website server, how can i trace the service provider who is giving this hosting service?
I have a few shred hosting servers I run. One of them keeps getting listed on CBL. It is very frustrating. Does anyone have an tools, tips, or tricks on finding the compromised?
So far I have confirmed that a script is using PHP to send mail out bypassing the MTA. It is faking the HELO and impersonating a well known ISP.
I used a combination of tshark and netstat. tshark can show me the HELO and EHLO. When I see the wrong entry I cross check that with netstat to see what. So Netstat only shows that it was PHP not the script path.
Here are the commands I'm running:
Code:
nohup netstat -c -p -n -e | grep -i ":25" > /var/log/monitor/netstat-smtp.log &
nohup tshark -f "port 25 and src host XX.XX.XX.XX" > /var/log/monitor/tshark-smtp.log &
Then I grep for what I'm looking for:
grep -i "HELO" /var/log/monitor/tshark-smtp.log
Is there a way to get Netstat to show the script path or complete command that is establishing the connection? Currently these scripts are eating up memory to a point that other process or getting killed off.
I also tried to force all mail through the MTA, but When I enable SMTP_BLOCK in my firewall config I get and error:
*WARNING* Cannot use SMTP_BLOCK on this VPS as the Monolithic kernel does not support the iptables module ipt_owner - SMTP_BLOCK disabled.
If there is a better way I'm game. Maybe some IDS that can tell me more of what is going on with the server?
I am currently developing a web application on a WAMP server. Once complete my client will have some in-house "programmers" make changes to the code as they are needed.
My client wants to track all changes made to the source files (ie- who made the change, when it was made, what files were modified, and what specific lines were added/removed/modified). Also, the program must run on the server and not the programmers computers.
I've searched high and low and only found a couple programs that scratch the surface of what they want.
how exactly email works. For example, I set my mx record to google apps in order to use google mail with my own domain. Thing is, I can sent from google mail now with my domain email address but cannot send. Furthermore, login to my website email bij www.domain.com/webmail is possible but receiving is impossible and even sending email from that place will not work.
Thinking about it it seems that email is lost
google can send but not receive
from my domain webmail i cannot receive nor send.
I've done plenty of searching on DDoS attacks and from what I've found so far it seems that it's "very difficult" track down the person(s) responsible for the attack.
My question is this - could someone actually do it if they were qualified enough? Would a hacker who is well versed in the techniques used be able to find the person(s)? Or is it just simply impossible sometimes?
I just installed Apache 2.4.4 and it seems to run fine overall. But in my error.log I get about 3 of these every hour or so.error.log:[Sat Jun 15 20:57:44.095961 2013] [core:notice] [pid 31400:tid 16384] AH00052: child pid 1971 exit signal Segmentation fault (11)
track down what causes this? What module? vhost?Otherwise the server seems to run fine. It's on Linux with PHP 5.3.26 and MySQL 5.1.
I'm working on setting something up for monitoring my bandwidth/traffic on multiple interfaces. I have setup interface aliases so I have eth0, eth0:0, eth0:1 and the issue I'm running into is that it seems snmp cannot tell the diff between the aliased interfaces. I've found references in the cacti forums of using ipchains rules to track the bandwidth, but I've not found a good howto that explains what I need to get going on this.
Any clues/hints?
What script/application can I install on my linux box to track the bandwidth per each domain?
I currently have no CP, on lighttpd.
I have FreeBsd with Cpanel.someone is running attacking perl script from my server.Below is information about that script but it shows / path in command lsof -p 30251 | grep cwd.
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
29018 root 96 0 35968K 30528K select 0:03 2.71% 2.69% perl
newinst# lsof -p 30251 | grep cwd
lsof: WARNING: compiled for FreeBSD release 5.5-STABLE; this is 5.3-RELEASE.
perl 29018 root cwd VDIR 4,12 1024 2 /
newinst# ls -la / | more
total 22413
drwxr-xr-x 25 root wheel 1024 May 16 03:23 .
drwxr-xr-x 25 root wheel 1024 May 16 03:23 ..
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .black
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .black.bak
-rw-r--r-- 2 root wheel 801 Nov 5 2004 .cshrc
-rw-r--r-- 1 root wheel 355 Feb 21 2007 .new
-rw-r--r-- 2 root wheel 251 Nov 5 2004 .profile
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .rbl.db
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .rbl.db.bak
drwxrwxr-x 2 root operator 512 Jul 19 2005 .snap
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .uribl.db
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .uribl.db.bak
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .white
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .white.bak
-r--r--r-- 1 root wheel 6184 Nov 5 2004 COPYRIGHT
drwx--x--x 3 root wheel 512 Aug 20 2005 backup
drwxr-xr-x 2 root wheel 1024 Dec 28 2006 bin
drwxr-xr-x 5 root wheel 512 Jul 19 2005 boot
drwxr-xr-x 2 root wheel 512 Jul 19 2005 cdrom
lrwxr-xr-x 1 root wheel 10 Jul 19 2005 compat -> usr/compat
-rw-r--r-- 1 root wheel 177 Dec 5 12:15 cpgd.c
dr-xr-xr-x 4 root wheel 512 May 16 16:23 dev
drwxr-xr-x 2 root wheel 512 Jul 19 2005 dist
-rw------- 1 root wheel 4096 May 13 15:58 entropy
drwxr-xr-x 28 root wheel 4608 May 19 11:57 etc
drwx--x--x 501 root wheel 9216 May 19 01:33 home
drwxr-xr-x 3 root wheel 1024 Jul 19 2005 lib
drwxr-xr-x 2 root wheel 512 Jul 19 2005 libexec
drwxr-xr-x 2 root wheel 512 Nov 5 2004 mnt
drwxr-xr-x 3 root wheel 512 Jul 21 2005 nonexistent
drwxr-xr-x 8 root wheel 512 Oct 30 2007 opt
-rw------- 1 root wheel 22786048 May 16 04:51 perl.core
dr-xr-xr-x 1 root wheel 0 May 19 11:57 proc
drwxr-xr-x 2 root wheel 2560 Jul 19 2005 rescue
drwxr-xr-x 13 root wheel 1024 May 19 01:33 root
drwxr-xr-x 2 root wheel 2560 Jul 19 2005 sbin
drwxr-xr-x 5 root wheel 13824 May 19 01:22 scripts
drwxr-xr-x 4 root wheel 1024 Jul 19 2005 stand
lrwxrwxrwx 1 root wheel 11 Jul 19 2005 sys -> usr/src/sys
drwxrwxrwt 9 root wheel 31744 May 19 11:57 tmp
drwxr-xr-x 21 root wheel 512 Dec 5 12:12 usr
drwxrwxrwx 24 root wheel 512 May 16 16:24 var
where it is localted at/path.
I'd like to track the email user agents that our clients use. Basically, I'd like to have something that looks like that:
[url]
I'm wondering if theres anything I can install on the server that will either filter or track outgoing spam. I don't want to limit the number of emails sent per hour or anything, I just want to be able to maybe search through some flagged emails or something. Or if they send the exact same email more than x times it can disable their account... I'm not sure
View 1 Replies View RelatedOften when it comes to choosing or recommending a host, I tend to favor the ones that are larger, and more established such as Hotgator or Downtown Host. But in some other threads, I have seen plenty of people swear by some smaller hosts. Are there some good examples of small hosts that have been around for 3 or more years and have a great reputation?
View 12 Replies View RelatedI've been trying to use mod_forensics – [url]-- which has helped on one server track down some one causing the segmentation fault due to trying to abuse FrontPage shtml.dll, but on another server also suffering from regular segmentation faults, this tool has not helped.
What other tools are available to track down the cause(s) of Apache segmentation faults?
