homepage Welcome to WebmasterWorld Guest from 54.226.0.225
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
high server load
jon22




msg:4580387
 7:23 pm on Jun 2, 2013 (gmt 0)

My host contacted me about high server load on one of my domains which is fairly new with minimal traffic, I have it on a shared account with a number of other domains. I usually start sites on a shared server to keep costs down, anyway, checked aw stats and there is around 7gb usage from a specific IP address, when I hit the IP in the browser it lands on one of my other sites on the server, I don't really understand it, what does it mean? could it be a hacker or something?

 

brotherhood of LAN




msg:4580389
 7:28 pm on Jun 2, 2013 (gmt 0)

There would be a number of domains on a particular IP of a shared host, unless they specifically offer you a dedicated IP.

Have you checked the log files of the site in question to see if there's qualification of that 7GB bandwidth usage?

jon22




msg:4580405
 8:32 pm on Jun 2, 2013 (gmt 0)

Don't have a dedicated IP. Most entries in the access log look like this, from the same ip:

##IP address## - - [02/Jun/2013:07:12:11 +0100] "GET /comments/vote.php HTTP/1.1" 200 75646 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

host seems to think it's an attack from automated software

brotherhood of LAN




msg:4580409
 9:04 pm on Jun 2, 2013 (gmt 0)

It seems /comments/vote.php is getting a 200 response. Is that part of your site?

Either way you could ban the IP in .htaccess, and serve a much smaller 403 response rather than the 75 Kilobyte vote.php file.

Seems a script is broken or it's a low tech way of abusing your site... one IP hammering your site shouldn't be a big deal to you or your host.

jon22




msg:4581138
 9:47 pm on Jun 4, 2013 (gmt 0)

yes, that folder should be blocked by robots anyway.

Well I've banned the IP, still not sure of the exact reason behind it, thanks a lot for your help though :)

jon22




msg:4581143
 10:05 pm on Jun 4, 2013 (gmt 0)

my host just told me there is still high server load.

One theory is could someone be using my server IP against me (and possibly others) in the hope that the IP eventually gets blacklisted for abuse or something?

londrum




msg:4581144
 10:10 pm on Jun 4, 2013 (gmt 0)

does the vote form work properly? maybe it goes into some kind of an endless loop when the input is blank.

lucy24




msg:4581146
 10:20 pm on Jun 4, 2013 (gmt 0)

"high server load" simply isn't enough information. You need to take a closer look at logs and see what's happening.

using my server IP against me

Do you mean, using your IP as a proxy? That would show up in logs as a request for a page with full protocol-plus-domain-- and the domain isn't your own. But if the host himself isn't blocking proxies, he's got a ### of a nerve complaining about any resultant server load :)

my host just told me

This post came in less than twenty minutes after the previous one :) That's not a lot of time to see any changes. When did you ban the offending IP?

jon22




msg:4581159
 11:05 pm on Jun 4, 2013 (gmt 0)

i blocked it a couple of days ago, after my last post I checked my email and saw my host had emailed again.

The voting system is disabled.

Okay just so I'm understanding this, the access log shows my server / IP accessing the file right? If it was in a loop it wouldn't keep making new requests, would it?

jon22




msg:4581160
 11:09 pm on Jun 4, 2013 (gmt 0)

Do you mean, using your IP as a proxy?


Not sure, just being paranoid :)

What questions should I be asking my host? Shouldn't they be the ones investigating it, I don't really know what I'm looking at on the logs to be honest.

lucy24




msg:4581161
 11:26 pm on Jun 4, 2013 (gmt 0)

First thing to ask: What kind of overload are we talking about?

High bandwidth alone? This in turn can either mean that your site is more popular than expected-- which you said isn't the case-- or that somebody is using it as a proxy to get at some other site(s).

Excessive computing resources? This can happen if a site is much more php-intensive or database-intensive than earlier sites you've had.

when I hit the IP in the browser it lands on one of my other sites on the server

Did you mean, the offending site's IP? Not any of your own? Then you get to the possibility of a DNS problem.

Does the offending IP belong to the same host? Doesn't have to be the same physical server, just the same owner somewhere alone the line.

the access log shows my server / IP accessing the file right? If it was in a loop it wouldn't keep making new requests, would it?

This is obscure. Do you mean that this is what the log actually does show-- or what the log would show under such-and-such circumstances?

An infinite-redirect loop that is intercepted by the browser will show up in logs as a series of identical requests, each met by a 301 response. The exact number is up to the browser; last time I tested (one human request, one browser) there were ten requests. A 301 by itself is the smallest kind of response, since there's no page being served at all. But if there are lots of them, the request itself could overload the server.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved