Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
gbhughs1
New Member
New Member


Joined: Nov 16, 2006
Posts: 14

PostPosted: Wed Jan 10, 2007 1:21 pm Reply with quote

Hello everyone,

Yesterday I got this email from my hosting company:

Quote:
Hello,
Your client "db_username" was causing very high load on the modena server due to their constant MySQL queries. The account had no less then 2 queries running at a time which seems to be linked to modules.php. Instead of suspending their account, we have disabled the "db_username" database. Please reply back to this e-mail as soon as possible.

---
|
| 1288438 | "username" | localhost | "database" | Query | 0 | update | INSERT INTO `nuke_nsnst_tracked_ips` (`user_id`, `username`, `date`, `ip_addr`, `page`, `user_agent` |
| 1288439 | "username" | localhost | "database" | Query | 0 | System lock | INSERT INTO `nuke_nsnst_tracked_ips` (`user_id`, `username`, `date`, `ip_addr`, `page`, `user_agent` |


root@modena [~]# ps aux | grep real
"username" 10256 15.6 0.2 21532 10912 ? RN 19:17 0:00 /usr/bin/php modules.php
"username" 10810 11.0 0.1 18968 8152 ? SN 19:17 0:00 /usr/bin/php modules.php
"username" 6156 23.0 0.2 19144 8316 ? RN 19:17 0:00 /usr/bin/php modules.php
---


What is this?

And how could I prevent it from happening again?

This is probably a very newbie question for all you experts, but I am not (an expert) and need help with this issue!!!!

Thanks in advance

BTW I am using the v2.02.02 Distro and the nuke sentinel program that came in this pack.
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Wed Jan 10, 2007 1:33 pm Reply with quote

If you are using the original Sentinel that came with RN 2.02.02 you need to upgrade and apply all the latest patches.

If you are getting a high number of queries to nuke_nsnst_tracked_ips, it may suggest a DOS attack, but I'm not an expert and probably barking up the wrong tree.
 
View user's profile Send private message
gbhughs1
PostPosted: Wed Jan 10, 2007 1:35 pm Reply with quote

Is the newest version v2.4.x??
 
jakec
PostPosted: Wed Jan 10, 2007 1:38 pm Reply with quote

Nope, 2.5.04.

Here's the link: Only registered users can see links on this board! Get registered or login!
 
jakec
PostPosted: Wed Jan 10, 2007 1:40 pm Reply with quote

Do you have any logs?
 
gbhughs1
PostPosted: Wed Jan 10, 2007 1:41 pm Reply with quote

Thanks jakec!!

Does anyone else have any suggestions for me?
(not that I didn't appreciate yours jakec Wink )
 
gbhughs1
PostPosted: Wed Jan 10, 2007 1:43 pm Reply with quote

jakec wrote:
Do you have any logs?


Raw Access Logs ??

Error log??
 
jakec
PostPosted: Wed Jan 10, 2007 1:46 pm Reply with quote

Access logs to help you try and determine what was causing the constant queries.
 
gbhughs1
PostPosted: Wed Jan 10, 2007 1:50 pm Reply with quote

Yes and the ones I downloaded yesterday doesn't give me the time frame it happened in.

The logs I downloaded came after the db was suspended.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Jan 10, 2007 2:22 pm Reply with quote

This line does not make any sense
Code:


The account had no less then 2 queries running at a time which seems to be linked to modules.php

phpNuke is a database intensive script. It can do many queries on one page load, obviously a lot more than 2.
I suggest getting a better host.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
gbhughs1
PostPosted: Wed Jan 10, 2007 2:27 pm Reply with quote

I kinda thought this was odd too!!

Any suggestions on hosting?
I know raven has hosting, but I can't seem to find the link that gets me to this section of his domain.....
 
jakec
PostPosted: Wed Jan 10, 2007 2:29 pm Reply with quote

I assumed by that they meant they were getting a large number of queries to those specific tables.

Can I ask who you are currently hosting with?
 
jakec
PostPosted: Wed Jan 10, 2007 2:32 pm Reply with quote

There's a link to his webhosting site on the homepage here.

A number of the admins here also run their own hosting company's, but it would be rude to mention any names when this is Raven's site. Wink
 
gbhughs1
PostPosted: Wed Jan 10, 2007 2:33 pm Reply with quote

jakec wrote:
Can I ask who you are currently hosting with?


Hostgator (reseller account) so multiple domains.

jakec wrote:
I assumed by that they meant they were getting a large number of queries to those specific tables.


They have yet to clarify this for me.........
(19 hrs and still counting)
 
gbhughs1
PostPosted: Wed Jan 10, 2007 7:06 pm Reply with quote

Once they let me back in I found this in the tracked ips

89.120.221.17 (ip) 2007-01-09 @ 19:21:25 (time) 19803 (hits)
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Wed Jan 10, 2007 7:33 pm Reply with quote

19803? Thats nuts. If this was lagging your server out, or they were getting dossed by this ip, Then the server configuration alone should have stopped that.

It would seem to me personally, and this is a personal remark, not representing anyone of this sites opinion, Your host is putting the servers stability in the clients hands. If this was a perfect world, then frankly, that would be ok, but because all it takes is one domain wide open to get dossed, It must be the hosts responsibility.


Ok one more thing I forgot to mention, Make sure that the amount of visits isnt in total. If the have made 19803 hits since your site has been up, as high as it is, its plausible. But if even half those hits were done at any one time, the server should have banned them.

Just my two cents. Most wont advertise on this forums, Its Raven's forums, I hear Ravens is one of the best. I'm sure that if Raven cant fit your needs, he would be happy to point you to someone who can.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
evaders99
PostPosted: Wed Jan 10, 2007 9:57 pm Reply with quote

Looks like some guys in Romania tried to DOS your server. So its not a fault of phpNuke. You need to ask your host about how they handle such attacks
 
jakec
PostPosted: Thu Jan 11, 2007 2:19 am Reply with quote

Definately upgrade to the latest Sentinel, this should provide some protected to any future attacks.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©