| Author |
Message |
gbhughs1
New Member
Joined: Nov 16, 2006
Posts: 14
|
 Posted:
Wed Jan 10, 2007 1:21 pm |
|
Hello everyone,
Yesterday I got this email from my hosting company:
| Quote: | Hello,
Your client "db_username" was causing very high load on the modena server due to their constant MySQL queries. The account had no less then 2 queries running at a time which seems to be linked to modules.php. Instead of suspending their account, we have disabled the "db_username" database. Please reply back to this e-mail as soon as possible.
---
|
| 1288438 | "username" | localhost | "database" | Query | 0 | update | INSERT INTO `nuke_nsnst_tracked_ips` (`user_id`, `username`, `date`, `ip_addr`, `page`, `user_agent` |
| 1288439 | "username" | localhost | "database" | Query | 0 | System lock | INSERT INTO `nuke_nsnst_tracked_ips` (`user_id`, `username`, `date`, `ip_addr`, `page`, `user_agent` |
root@modena [~]# ps aux | grep real
"username" 10256 15.6 0.2 21532 10912 ? RN 19:17 0:00 /usr/bin/php modules.php
"username" 10810 11.0 0.1 18968 8152 ? SN 19:17 0:00 /usr/bin/php modules.php
"username" 6156 23.0 0.2 19144 8316 ? RN 19:17 0:00 /usr/bin/php modules.php
--- |
What is this?
And how could I prevent it from happening again?
This is probably a very newbie question for all you experts, but I am not (an expert) and need help with this issue!!!!
Thanks in advance
BTW I am using the v2.02.02 Distro and the nuke sentinel program that came in this pack. |
| |
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Wed Jan 10, 2007 1:33 pm |
|
If you are using the original Sentinel that came with RN 2.02.02 you need to upgrade and apply all the latest patches.
If you are getting a high number of queries to nuke_nsnst_tracked_ips, it may suggest a DOS attack, but I'm not an expert and probably barking up the wrong tree. |
| |
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 1:35 pm |
|
Is the newest version v2.4.x?? |
| |
|
|
|
|
jakec
|
| Posted:
Wed Jan 10, 2007 1:38 pm |
|
Nope, 2.5.04.
Here's the link: [ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
jakec
|
| Posted:
Wed Jan 10, 2007 1:40 pm |
|
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 1:41 pm |
|
Thanks jakec!!
Does anyone else have any suggestions for me?
(not that I didn't appreciate yours jakec  ) |
| |
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 1:43 pm |
|
| jakec wrote: | | Do you have any logs? |
Raw Access Logs ??
Error log?? |
| |
|
|
|
|
jakec
|
| Posted:
Wed Jan 10, 2007 1:46 pm |
|
Access logs to help you try and determine what was causing the constant queries. |
| |
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 1:50 pm |
|
Yes and the ones I downloaded yesterday doesn't give me the time frame it happened in.
The logs I downloaded came after the db was suspended. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Jan 10, 2007 2:22 pm |
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 2:27 pm |
|
I kinda thought this was odd too!!
Any suggestions on hosting?
I know raven has hosting, but I can't seem to find the link that gets me to this section of his domain..... |
| |
|
|
|
|
jakec
|
| Posted:
Wed Jan 10, 2007 2:29 pm |
|
I assumed by that they meant they were getting a large number of queries to those specific tables.
Can I ask who you are currently hosting with? |
| |
|
|
|
|
jakec
|
| Posted:
Wed Jan 10, 2007 2:32 pm |
|
There's a link to his webhosting site on the homepage here.
A number of the admins here also run their own hosting company's, but it would be rude to mention any names when this is Raven's site. |
| |
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 2:33 pm |
|
| jakec wrote: | | Can I ask who you are currently hosting with? |
Hostgator (reseller account) so multiple domains.
| jakec wrote: | | I assumed by that they meant they were getting a large number of queries to those specific tables. |
They have yet to clarify this for me.........
(19 hrs and still counting) |
| |
|
|
|
|
gbhughs1
|
| Posted:
Wed Jan 10, 2007 7:06 pm |
|
Once they let me back in I found this in the tracked ips
89.120.221.17 (ip) 2007-01-09 @ 19:21:25 (time) 19803 (hits) |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Wed Jan 10, 2007 7:33 pm |
|
19803? Thats nuts. If this was lagging your server out, or they were getting dossed by this ip, Then the server configuration alone should have stopped that.
It would seem to me personally, and this is a personal remark, not representing anyone of this sites opinion, Your host is putting the servers stability in the clients hands. If this was a perfect world, then frankly, that would be ok, but because all it takes is one domain wide open to get dossed, It must be the hosts responsibility.
Ok one more thing I forgot to mention, Make sure that the amount of visits isnt in total. If the have made 19803 hits since your site has been up, as high as it is, its plausible. But if even half those hits were done at any one time, the server should have banned them.
Just my two cents. Most wont advertise on this forums, Its Raven's forums, I hear Ravens is one of the best. I'm sure that if Raven cant fit your needs, he would be happy to point you to someone who can. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
  
  |
|
evaders99
|
| Posted:
Wed Jan 10, 2007 9:57 pm |
|
Looks like some guys in Romania tried to DOS your server. So its not a fault of phpNuke. You need to ask your host about how they handle such attacks |
| |
|
|
|
|
jakec
|
| Posted:
Thu Jan 11, 2007 2:19 am |
|
Definately upgrade to the latest Sentinel, this should provide some protected to any future attacks. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
