Some of you may have noticed that this site was down for a couple of hours this afternoon. Sorry about that – the server crashed.
On several occasions the server has crashed when I email out the news bulletin. It has happened at least 3 times now.
Seems that just after emailing the bulletin one source based in the UK makes so many requests on the server that it crashes. It looks as if it could be malicious.
Anyone out there with a technical bent who understands these things? The operation who host my server aren’t shedding much light on the problem.
Can’t have the server crashing every time the news bulletin goes out.
The 1st thing I would do is get the IP address of the source, and it sounds like you have that. You could then try a reverse DNS lookup, to get the domain name (if there is one associated to that address), then do a WHOIS lookup, and you may be able to identify the owner of the source. Of course if this is some underhand DOS attack, then they may have covered their tracks, but ulitmately it’s normally pretty easy to track down the source. I would also ask for a copy of the logs that show the potential “attacks”.
I’m pretty sure that DOS attacks are illegal in UK law, so if this really looks like an attack. I’d be inclined to contact the police with all the data you can get. See what they have to say.
Sometimes, it is possible for a system to crash another system inadvertently, I remember in my 1st big IT job, I trashed all the servers one night, I was testing some new network management software, and all the systems I was working with had a (at that point unkown) bug. When my systems talked to them they just crashed 😳
PM me if you need any help tracking this down, and I’ll see what I can do.
Your host should be able to track the source of the attack for you and ban the IP (most do it automatically.) It does sound like one of the email addresses you are sending the bulletin to is used as a trigger for the attack.
With the information you have provided it’s difficult to get a real understanding of how this could be happening. For example how are you sending the email? Is it via the mass mailing part of the BB, if it is I have not received my email so despite what your host is telling you it could just be timing out the server? In other words sending so many emails is crashing the server. PHPBB (the software you are using) runs under php (the clue is in the name i know) and hosts set limits on the amount of time a script (the mass email is a script) can run, once it reaches the limit it times out.
The first thing I would do Mark is upgrade the bulletin board software, you are using currently you use PHPBB 2.#something# which went out of date some two years ago, PHPBB 3.04 is the most current version http://www.phpbb.com/downloads/. Start with the most uptodate software and move on from there.
As with El anciano if you PM me we can exchange phone numbers and i can talk you through some of this stuff if you want.
The server will have settings which restrict certain things:
RouterMaxEffectiveSize=xxx (xxx = size in KB)
& / or
MailDispatchThreshold=xxx (xxx being a limit to number of emails can be sent from one domain site hosted on the server
I had a different problem when my host brought in new servers and I have 15+ email addresses to check and they hadn’t changed the setting to allow 1 IP to connect to more than 4 accounts. At the end they found the setting on the server and did the change.
I presume this will be the same and a server setting restricts mass mailing for spam reasons etc..!
Also the problem with the UK ip could be that reveiving ISP checks the ip address/domain of the sender and as the route going through this ISP you get multiple requests creating a dos attack.
The first thing I would do Mark is upgrade the bulletin board software, you are using currently you use PHPBB 2.#something# which went out of date some two years ago, PHPBB 3.04 is the most current version http://www.phpbb.com/downloads/. Start with the most uptodate software and move on from there.
phpbb 2.0.23 is the current version for 2.0x and is still being updated/maintained by the phpbb team. Of course you can upgrade to the newer version of 3.x if you wish, but you do not need to (YET).
Ian
Author
Posts
Viewing 5 reply threads
The forum ‘Spanish Real Estate Chatter’ is closed to new topics and replies.