You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 163 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Huuuge Problem [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
_tuxx_
Nuke Cadet
Nuke Cadet


Joined: May 18, 2004
Posts: 6


PostPosted: Tue May 18, 2004 5:30 am Reply with quoteBack to top

Hello, i have a huge problem and i really dont know whats the cause, i am running nuke 7.1 heavily modded with points, shop, games, and a shoutbox installed. my problem is that every host i am on suspends my site because of server abuse, cpu overload. i managed to get the error log and it looks something like this :
Code:

9993 admin65 /usr/bin/php UNIQUE_ID=usp-9EIxsZcAAGzF610AAABb HTTP_X_FORWARDED_FOR=24.150.44.231 SERVER_PORT=80 HTTP_HOST=sitename.com DOCUMENT_ROOT=/var/www/html SCRIPT_FILENAME=/var/www/html/index232.php REQUEST_URI=/index232.php SCRIPT_NAME=/index232.php HTTP_VIA=1.0 wc09 (NetCache NetApp/5.5R3) SCRIPT_URI=http://sitename.com/index232.php HTTP_CONNECTION=keep-alive PATH_INFO=/index232.php REMOTE_PORT=63754 PATH=/usr/local/bin:/usr/bin:/bin SCRIPT_URL=/index232.php PWD=/var/www/interpreters SERVER_ADMIN=email@sitename.com REDIRECT_STATUS=200 SITE_CGIROOT=/var/www/cgi-bin HTTP_ACCEPT_LANGUAGE=en PATH_TRANSLATED=/var/www/html/index232.php HTTP_ACCEPT=*/* SITE_HTMLROOT=/var/www/html REMOTE_ADDR=66.185.85.76 SHLVL=1 SERVER_NAME=www.sitename.com  SERVER_SOFTWARE=Apache/2.0.48 (Fedora) QUERY_STRING= SITE_ROOT=/ SERVER_ADDR=66.49.180.189 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REDIRECT_URL=/index232.php REQUEST_METHOD=GET _=/usr/bin/php
9874 admin65 /usr/bin/php UNIQUE_ID=uZyzSEIxsZcAAGmUU0YAAAAE HTTP_X_FORWARDED_FOR=24.150.44.231 SERVER_PORT=80 HTTP_HOST=sitename.com DOCUMENT_ROOT=/var/www/html SCRIPT_FILENAME=/var/www/html/index232.php REQUEST_URI=/index232.php SCRIPT_NAME=/index232.php HTTP_VIA=1.0 MA-C6100-C (NetCache NetApp/5.2.1R2D1) SCRIPT_URI=http://sitename.com/index232.php HTTP_CONNECTION=keep-alive PATH_INFO=/index232.php REMOTE_PORT=24473 PATH=/usr/local/bin:/usr/bin:/bin SCRIPT_URL=/index232.php PWD=/var/www/interpreters SERVER_ADMIN=email@sitename.com REDIRECT_STATUS=200 SITE_CGIROOT=/var/www/cgi-bin HTTP_ACCEPT_LANGUAGE=en PATH_TRANSLATED=/var/www/html/index232.php HTTP_ACCEPT=*/* SITE_HTMLROOT=/var/www/html REMOTE_ADDR=62.42.228.7 SHLVL=1 SERVER_NAME=www.sitename.com  SERVER_SOFTWARE=Apache/2.0.48 (Fedora) QUERY_STRING= SITE_ROOT=/ SERVER_ADDR=66.49.180.189 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REDIRECT_URL=/index232.php REQUEST_METHOD=GET _=/usr/bin/php
9837 admin65 /usr/bin/php UNIQUE_ID=uYJEvUIxsZcAAGs3nWgAAAAe SERVER_PORT=80 HTTP_HOST=sitename.com DOCUMENT_ROOT=/var/www/html SCRIPT_FILENAME=/var/www/html/index232.php REQUEST_URI=/index232.php SCRIPT_NAME=/index232.php SCRIPT_URI=http://sitename.com/index232.php HTTP_CONNECTION=close PATH_INFO=/index232.php REMOTE_PORT=55088 PATH=/usr/local/bin:/usr/bin:/bin SCRIPT_URL=/index232.php PWD=/var/www/interpreters SERVER_ADMIN=email@sitename.com REDIRECT_STATUS=200 SITE_CGIROOT=/var/www/cgi-bin HTTP_ACCEPT_LANGUAGE=en PATH_TRANSLATED=/var/www/html/index232.php HTTP_ACCEPT=*/* SITE_HTMLROOT=/var/www/html REMOTE_ADDR=195.72.69.17 SHLVL=1 SERVER_NAME=www.sitename.com  HTTP_PC_REMOTE_ADDR=24.150.44.231 SERVER_SOFTWARE=Apache/2.0.48 (Fedora) QUERY_STRING= SITE_ROOT=/ SERVER_ADDR=66.49.180.189 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REDIRECT_URL=/index232.php REQUEST_METHOD=GET _=/usr/bin/php
9787 admin65 /usr/bin/php UNIQUE_ID=uTVIYUIxsZcAAGx8VC4AAABQ HTTP_X_FORWARDED_FOR=24.150.44.231 SERVER_PORT=80 HTTP_HOST=sitename.com DOCUMENT_ROOT=/var/www/html SCRIPT_FILENAME=/var/www/html/index232.php REQUEST_URI=/index232.php SCRIPT_NAME=/index232.php HTTP_VIA=1.0 wc09 (NetCache NetApp/5.5R3) SCRIPT_URI=http://sitename.com/index232.php HTTP_CONNECTION=keep-alive PATH_INFO=/index232.php REMOTE_PORT=5350 PATH=/usr/local/bin:/usr/bin:/bin SCRIPT_URL=/index232.php PWD=/var/www/interpreters SERVER_ADMIN=email@sitename.com REDIRECT_STATUS=200 SITE_CGIROOT=/var/www/cgi-bin HTTP_ACCEPT_LANGUAGE=en PATH_TRANSLATED=/var/www/html/index232.php HTTP_ACCEPT=*/* SITE_HTMLROOT=/var/www/html REMOTE_ADDR=66.185.84.204 SHLVL=1 SERVER_NAME=www.sitename.com  SERVER_SOFTWARE=Apache/2.0.48 (Fedora) QUERY_STRING= SITE_ROOT=/ SERVER_ADDR=66.49.180.189 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REDIRECT_URL=/index232.php REQUEST_METHOD=GET _=/usr/bin/php
10134 admin65 /usr/bin/php UNIQUE_ID=uJRwMkIxsZcAAG37VRIAAACE HTTP_X_FORWARDED_FOR=24.150.44.231 SERVER_PORT=80 HTTP_HOST=sitename.com DOCUMENT_ROOT=/var/www/html SCRIPT_FILENAME=/var/www/html/index232.php REQUEST_URI=/index232.php SCRIPT_NAME=/index232.php HTTP_VIA=1.0 apl-netcache-03 (NetCache NetApp/5.5R2) SCRIPT_URI=http://sitename.com/index232.php HTTP_CONNECTION=keep-alive PATH_INFO=/index232.php REMOTE_PORT=8999 PATH=/usr/local/bin:/usr/bin:/bin SCRIPT_URL=/index232.php PWD=/var/www/interpreters SERVER_ADMIN=email@sitename.com REDIRECT_STATUS=200 SITE_CGIROOT=/var/www/cgi-bin HTTP_ACCEPT_LANGUAGE=en PATH_TRANSLATED=/var/www/html/index232.php HTTP_ACCEPT=*/* SITE_HTMLROOT=/var/www/html REMOTE_ADDR=212.253.2.203 SHLVL=1 SERVER_NAME=www.sitename.com  SERVER_SOFTWARE=Apache/2.0.48 (Fedora) QUERY_STRING= SITE_ROOT=/ SERVER_ADDR=66.49.180.189 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REDIRECT_URL=/index232.php REQUEST_METHOD=GET _=/usr/bin/php
9687 admin65 /usr/bin/php UNIQUE_ID=tHP3z0IxsZcAAGsxkacAAAAa HTTP_X_FORWARDED_FOR=24.150.44.231 SERVER_PORT=80 HTTP_HOST=sitename.com DOCUMENT_ROOT=/var/www/html SCRIPT_FILENAME=/var/www/html/index232.php REQUEST_URI=/index232.php SCRIPT_NAME=/index232.php HTTP_VIA=1.0 apl-netcache-02 (NetCache NetApp/5.5R2) SCRIPT_URI=http://sitename.com/index232.php HTTP_CONNECTION=keep-alive PATH_INFO=/index232.php REMOTE_PORT=12222 PATH=/usr/local/bin:/usr/bin:/bin SCRIPT_URL=/index232.php PWD=/var/www/interpreters SERVER_ADMIN=email@sitename.com REDIRECT_STATUS=200 SITE_CGIROOT=/var/www/cgi-bin HTTP_ACCEPT_LANGUAGE=en PATH_TRANSLATED=/var/www/html/index232.php HTTP_ACCEPT=*/* SITE_HTMLROOT=/var/www/html REMOTE_ADDR=212.253.2.202 SHLVL=1 SERVER_NAME=www.sitename.com  SERVER_SOFTWARE=Apache/2.0.48 (Fedora) QUERY_STRING= SITE_ROOT=/ SERVER_ADDR=66.49.180.189 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 REDIRECT_URL=/index232.php REQUEST_METHOD=GET _=/usr/bin/php


i dont know if its site ddos attack because i have only used 8% of the allocated bandwidth , and i dont know if nuke is generating some kind of an error that is bombing the site, i renamed index.php to index232.php everything went fine then a couple of hours it started again.
when i was on an ip based site it was all fine, then when domain resolved i got hit again, i have noticed some site addresses like blockbuster.es in the logs , any ideas pleaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaas ?

p.s. www.sitename.com is my site name, edited for security, i have protector installed ..
Find all posts by _tuxx_View user's profileSend private message
Dunderklumpen
Corporal
Corporal


Joined: Apr 25, 2003
Posts: 53

Location: Sweden

PostPosted: Tue May 18, 2004 5:46 am Reply with quoteBack to top

My advice would be to start all over with a standard, patched site and then add your tweaks one by one and see what happens. A module or a block or something you have added could be the cause of this - creating a large amount of database requests resulting in an overload.
Find all posts by DunderklumpenView user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
_tuxx_
Nuke Cadet
Nuke Cadet


Joined: May 18, 2004
Posts: 6


PostPosted: Tue May 18, 2004 5:57 am Reply with quoteBack to top

so the problem is generated by nuke itself not a Ddos attack ?
Find all posts by _tuxx_View user's profileSend private message
bretonmage
Captain
Captain


Joined: Feb 21, 2004
Posts: 421


PostPosted: Tue May 18, 2004 6:25 am Reply with quoteBack to top

Surely if it was a DDOS attack, your bandwidth would be gone?

_________________
Image
Find all posts by bretonmageView user's profileSend private message
tix
Lieutenant
Lieutenant


Joined: Feb 05, 2004
Posts: 170


PostPosted: Tue May 18, 2004 6:30 am Reply with quoteBack to top

My opinion is to take a new release patch it and then to add all the stuff one by one to see what of all is making the problem.It must be a nuke problem if it was a DoS your bandwith would be gone
Find all posts by tixView user's profileSend private messageVisit poster's website
_tuxx_
Nuke Cadet
Nuke Cadet


Joined: May 18, 2004
Posts: 6


PostPosted: Tue May 18, 2004 7:25 am Reply with quoteBack to top

i am doing that actually right now, i just got a new fresh nuke and installed protector, applying patches now and in the process of adding mods. hope this works Rolling Eyes thanks all.
Find all posts by _tuxx_View user's profileSend private message
_tuxx_
Nuke Cadet
Nuke Cadet


Joined: May 18, 2004
Posts: 6


PostPosted: Tue May 18, 2004 5:00 pm Reply with quoteBack to top

could this error be generated by protector? and is there any way i can have same security but without protector?
Find all posts by _tuxx_View user's profileSend private message
tix
Lieutenant
Lieutenant


Joined: Feb 05, 2004
Posts: 170


PostPosted: Thu May 20, 2004 3:01 am Reply with quoteBack to top

_tuxx_ from the amount of users using protector and considering that noone else had this problem(to my knowledge) i can say no it cant be the protector.
You could have security by UTC,Fortress and admin secure
Find all posts by tixView user's profileSend private messageVisit poster's website
_tuxx_
Nuke Cadet
Nuke Cadet


Joined: May 18, 2004
Posts: 6


PostPosted: Tue May 25, 2004 8:10 am Reply with quoteBack to top

ok, to rule out any confusion i may have aroused, i switched the whole site to phpbb, took me 2 days of non sleep, more coffee than i have consumed in a month and a couple of full ashtreys, 2 days site is up with no problems then bang, i was hit again, so no IT IS NOT PROTECTOR, protector is a wonderful piece of work , i will surely miss it having switched to phpbb Sad what i have learnt about the attack is that its some kind of a proxy bomber that is initiating some sql queries that is overflowing the cpu ( buffer overflow attack (Maybe?)) and i am working on it right now, will scoot to phpbb support places, thank you all for the great help, will be back once i switch back to nuke Laughing
Find all posts by _tuxx_View user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.223 Seconds - 547 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::