This site crashes when news bulletin goes out

LoadingFavourite

This topic contains 5 replies, has 4 voices, and was last updated by Profile photo of Anonymous Anonymous 7 years, 7 months ago.

  • Author
    Posts
  • #54919
    Profile photo of Anonymous
    Anonymous
    Participant

    Some of you may have noticed that this site was down for a couple of hours this afternoon. Sorry about that – the server crashed.

    On several occasions the server has crashed when I email out the news bulletin. It has happened at least 3 times now.

    Seems that just after emailing the bulletin one source based in the UK makes so many requests on the server that it crashes. It looks as if it could be malicious.

    Anyone out there with a technical bent who understands these things? The operation who host my server aren’t shedding much light on the problem.

    Can’t have the server crashing every time the news bulletin goes out.

    Mark

  • #91686
    Profile photo of Anonymous
    Anonymous
    Participant

    The 1st thing I would do is get the IP address of the source, and it sounds like you have that. You could then try a reverse DNS lookup, to get the domain name (if there is one associated to that address), then do a WHOIS lookup, and you may be able to identify the owner of the source. Of course if this is some underhand DOS attack, then they may have covered their tracks, but ulitmately it’s normally pretty easy to track down the source. I would also ask for a copy of the logs that show the potential “attacks”.

    I’m pretty sure that DOS attacks are illegal in UK law, so if this really looks like an attack. I’d be inclined to contact the police with all the data you can get. See what they have to say.

    Sometimes, it is possible for a system to crash another system inadvertently, I remember in my 1st big IT job, I trashed all the servers one night, I was testing some new network management software, and all the systems I was working with had a (at that point unkown) bug. When my systems talked to them they just crashed 😳

    PM me if you need any help tracking this down, and I’ll see what I can do.

  • #91693
    Profile photo of Anonymous
    Anonymous
    Participant

    I agree with El anciano it sounds like a DOS attack on the face of it which are illegal in the UK http://www.theregister.co.uk/2006/11/12/uk_bans_denial_of_service_attacks/ whether the Police would be interested for a forum (no offence intended) i doubt it, Amazon maybe 😕

    Your host should be able to track the source of the attack for you and ban the IP (most do it automatically.) It does sound like one of the email addresses you are sending the bulletin to is used as a trigger for the attack.

    With the information you have provided it’s difficult to get a real understanding of how this could be happening. For example how are you sending the email? Is it via the mass mailing part of the BB, if it is I have not received my email so despite what your host is telling you it could just be timing out the server? In other words sending so many emails is crashing the server. PHPBB (the software you are using) runs under php (the clue is in the name i know) and hosts set limits on the amount of time a script (the mass email is a script) can run, once it reaches the limit it times out.

    The first thing I would do Mark is upgrade the bulletin board software, you are using currently you use PHPBB 2.#something# which went out of date some two years ago, PHPBB 3.04 is the most current version http://www.phpbb.com/downloads/. Start with the most uptodate software and move on from there.

    As with El anciano if you PM me we can exchange phone numbers and i can talk you through some of this stuff if you want.

    Regards

    Paul

  • #91700
    Profile photo of Anonymous
    Anonymous
    Participant

    Thanks for the advice.

    As you point out, I need to install the latest version as a start.

    My hosting company are looking into the latest crash. If and when they give me more information on the cause I’ll get back to you.

    Mark

  • #91780
    Profile photo of Anonymous
    Anonymous
    Participant

    The server will have settings which restrict certain things:

    RouterMaxEffectiveSize=xxx (xxx = size in KB)

    & / or

    MailDispatchThreshold=xxx (xxx being a limit to number of emails can be sent from one domain site hosted on the server

    I had a different problem when my host brought in new servers and I have 15+ email addresses to check and they hadn’t changed the setting to allow 1 IP to connect to more than 4 accounts. At the end they found the setting on the server and did the change.

    I presume this will be the same and a server setting restricts mass mailing for spam reasons etc..!

    Also the problem with the UK ip could be that reveiving ISP checks the ip address/domain of the sender and as the route going through this ISP you get multiple requests creating a dos attack.

    Ian

  • #91781
    Profile photo of Anonymous
    Anonymous
    Participant

    @p800aul wrote:

    The first thing I would do Mark is upgrade the bulletin board software, you are using currently you use PHPBB 2.#something# which went out of date some two years ago, PHPBB 3.04 is the most current version http://www.phpbb.com/downloads/. Start with the most uptodate software and move on from there.

    phpbb 2.0.23 is the current version for 2.0x and is still being updated/maintained by the phpbb team. Of course you can upgrade to the newer version of 3.x if you wish, but you do not need to (YET).

    Ian

You must be logged in to reply to this topic.