Results 1 to 7 of 7
  1. #1

    Default site 'connection problems' since friday

    I manage a site bcsbc.com hosted on server wsl02009 . The site has been OK until this friday. I first noticed 'cannot connect' issues while in the Joomla back end. Since then, it has gotten worse.

    - It is a website for a school
    - Running Joomla 2.5.14
    - Running Securitycheckpro
    - PHP should be up to date.

    Symptoms
    - Getting errors accessing the site and the joomla back end. I'm also getting errors when using filezilla of "Connection timed out. Could not connect to the server"..
    - Leads from the site are dropping off.

    Information
    - Westhost techs said on 2 occasions that the processes and memory look OK.
    - Joomla ext admin tools says that the integrity is OK.
    - Securitycheck pro logs do not show anything out of the ordinary
    - I have had difficulty getting to the server logs due to the FTP connection issues so I don't know if they are normal or not.
    - "Google has not detected any malware on this site." according to webmaster tools.
    - the sitemonitor service is showing that the downtime occurs roughly every 2 to three hours with a duration of 3 to 5 minutes.
    - I have not received anything definitive from westhost's level three support.


    I'd appreciate any thoughts on this.


    ------------------------------
    PHP Built On Linux bcsbc.com 2.6.9-103.ELsmp #1 SMP Fri Nov 11 14:34:02 EST 2011 i686
    Database Version 5.1.52
    Database Collation utf8_general_ci
    PHP Version 5.3.8
    Web Server Apache/2.0.52 (Red Hat)
    WebServer to PHP Interface apache2handler
    Joomla! Version Joomla! 2.5.14 Stable [ Ember ] 01-August-2013 14:00 GMT
    Joomla! Platform Version Joomla Platform 11.4.0 Stable [ Brian Kernighan ] 03-Jan-2012 00:00 GMT
    User Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
    ----------------------------------------------


    Setting Value

    Safe Mode Off
    Open basedir None
    Display Errors Off
    Short Open Tags On
    File Uploads On
    Magic Quotes On
    Register Globals Off
    Output Buffering Off
    Session Save Path /tmp
    Session Auto Start 0
    XML Enabled Yes
    Zlib Enabled Yes
    Native ZIP Enabled Yes
    Disabled Functions passthru,proc_open,shell_exec,system
    Mbstring Enabled Yes
    Iconv Available Yes

    --------------------------------------------------------

  2. #2
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,721

    Default

    Is this a shared or dedicated server? Shared server means that it could be another client/account on the server and really the only thing you can do is keep support informed that it is happening so they can continue to monitor things. Dedicated server will of course mean it could be an issue with this site or perhaps another you have added to the server yourself.

    I sounds to me that you have taken the right steps in this. Try a simple html test page that has some of the photos on it that are loaded on the home page and see if it is slow to load. My reasoning for that is it would perhaps let you know if it is PHP that is slowing things down if the HTML page loads ok. Since you are having FTP connection issue my guess is that it is not just PHP but never hurts to try. I just visited the home page and it took a bit for it to load so there is defiantly something going on. Track the times when the site is slow or not available (8:33 am CT for me here) and see if there is any pattern if any. These times might be able to help WestHost determine what is going on.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  3. #3
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,721

    Default

    BTW: Do keep communicating with support. It is not uncommon for a connection between a computer and server to slow and often it can be either the clients computer or the network itself and it gets sorted out in time by itself. You want to make sure they realize it is on going. Actually if you are speaking with level 3 techs already you should be ok but wanted to mention that.

    One other thing when you do your test page try to include some of the other resources the PHP page uses. For example it may be pulling javascript and CSS files from the server also. Could be using images for backgrounds etc. Might not be relevant in this instance but when testing in general doing this can help narrow down where a bottle neck is. Say a very simple HTML page is fine you add in some images and it is still fine, then you add in a script file and you get a delay... now you know there may be something up with the script file. Process of elimination. Same when testing a PHP program like Jommala. These quite often allow add ons or extensions. Since these are often done by third parties, they may not be optimized as well as the base program. Removing them all then slowly adding them back in can often show what is going on. Likely this is not applicable here but wanted to add in this information for others and future reference.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  4. #4

    Default

    WJD - Thanks for the tips..

    It is a shared server. I'm going to take a look at the logs and see if i can correlate any traffic to our site with the downtime.

    It seems to be establishing a regular pattern of every 2-3 hours and down for 3-5 minutes.

    Level 3 asked for a tracert today.. I set up a batch file to ping every mintue and run a tracert if the ping fails. That has been cooking for an hour now. We''ll see if that produces any results.

    Also, I don't have any visibility of the ticket. I tried logging in with my email and my client's email but could not see the ticket. I'm trying to get that resolved.

    The batch file is

    ---------------------------------
    :top
    setlocal
    set host=www.bcsbc.com
    set logfile=nettest.log
    echo %date% %time%>>%logfile%
    ping %host%>>%logfile%
    if ERRORLEVEL 1 tracert %host%>>%logfile
    endlocal
    ping 192.0.2.2 -n 1 -w 60000 > nul
    goto top
    -----------------------------------------

    I also set up another one that runs a tracert every 10 minutes without looking for a failed ping.


    My guesses right now are

    - A DOS going on against a neighbor
    - A neighbor running a chron job that sucks resources
    - A failing router
    - A possible issue with a Joomla extension (which you mentioned).

  5. #5

    Default

    Tech support said it was apparently a syn_flood attack. The site owners are now starting to have issues with pop3 email.

    I realize that DOS attacks are very difficult to stop and that westhost is limited in it's options. Too bad they can't bust the guys responsible and have them playing "Don't dare drop the soap" for the next ten years.

    Does anyone have an opinion as to if a dedicated server would help if we were not the target?? I figure that the traffic would have to come through some shared routers but that the server resources would not be gobbled up by the flood attack.

  6. #6
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,721

    Default

    As I understand it, it may help to be on a dedicated server if they are not actually hitting your domain or IP. http://en.wikipedia.org/wiki/SYN_flood Seems to me the nature of these attacks are to consume resources. Granted yes it also they may add to the traffic through the routers but I think that is minimal. In fact I had a browse of one paper that suggest catching such attacks at the leaf routers because overhead would be minimal. http://www.cs.wm.edu/~hnw/paper/attack.pdf
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  7. #7

    Default

    WJD -

    It looks like everything is up and running. The last prob I had was that I could not install Joomla extensions. It turns out that Joomla uses the folder \plugins and Site manager uses the same folder.

    The move to the new server resulted in \plugins being owned by the root. Tech support fixed that and it appears that everything is up and running.

    It's amazing that there are enough compromisable machines out there to allow people to build botnets.. Things haven't changed in the last 20 years.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •