server died today afternoon
#1
Posted 21 October 2008 - 07:50 PM
#2
Posted 21 October 2008 - 08:30 PM
The MySQL forum database was reduced by -80% from over 1Gb to less than 200Mb and the software was optimized to support a very high demand so I thought that all of these reactions on the server were strange until I checked the bandwidth stats for all our server domains that clearly displayed an anomaly.
http://livexp.boot-land.net has used over 500Gb of bandwidth over the last 9 days, this should total 1,5~2Tb worth of data that are creeping up the CPU/RAM resources needed by Apache to supply the demanded files.
It's not easy to download such amount of data in such short time. Comparing to last month - liveXP was using around 10Gb per day and now was already going on 70Gb used today.
--------
I'm working to solve this matter.
#3
Posted 21 October 2008 - 10:28 PM
This means around 584 project downloads per hour or nine requests per minute..
I don't know if most of them come from the same IP or not, the stats software (analog 6.0) doesn't account these values and it is difficult to block access to the bots or scripts doing this sort of things.
#4
Posted 21 October 2008 - 10:44 PM
Error @ homepage:
[codebox]<br /> <b>Warning</b>: require(./mkportal/conf_mk.php) [<a href='function.require'>function.require</a>]: failed to open stream: No such file or directory in <b>/home/.fluke/nuno_brito/boot-land.net/index.php</b> on line <b>28</b><br /> <br /> <b>Fatal error</b>: require() [<a href='function.require'>function.require</a>]: Failed opening required './mkportal/conf_mk.php' (include_path='.:/usr/local/php5/lib/php:/usr/local/lib/php') in <b>/home/.fluke/nuno_brito/boot-land.net/index.php</b> on line <b>28</b><br /> [/codebox] [codebox] Warning: require(./mkportal/conf_mk.php) [function.require]: failed to open stream: No such file or directory in /home/.fluke/nuno_brito/boot-land.net/index.php on line 28 Fatal error: require() [function.require]: Failed opening required './mkportal/conf_mk.php' (include_path='.:/usr/local/php5/lib/php:/usr/local/lib/php') in /home/.fluke/nuno_brito/boot-land.net/index.php on line 28
[/codebox]
#5
Posted 21 October 2008 - 11:16 PM
Never saw any use in that feature anyhow.
#6
Posted 22 October 2008 - 04:42 AM
http://www.robotstxt.org/
Dramastic
#7
Posted 22 October 2008 - 09:48 AM
To be sure that it is nor introduced by a new WinBuilder version, I made a test under the debugger.Looking on the specific subdomain logs for the last three days it shows 42065 downloads of updates.ini
This means around 584 project downloads per hour or nine requests per minute..
I don't know if most of them come from the same IP or not, the stats software (analog 6.0) doesn't account these values and it is difficult to block access to the bots or scripts doing this sort of things.
Result:
updates.ini is only downloaded when the user enters the download page.
Peter
#8
Posted 22 October 2008 - 10:09 AM
I did a download of a 'complete' LiveXP.
It started using my full bandwith, showing with small files just a flicker, and with bigger files the megabytes changing.
Then it became slower and slower, showing kilobytes changing.
Anywhen the 'downloaded' number did not change for several seconds and than started again changing slowly.
After finishing the file, download stopped.
I restarted: It run with the old speed and continued until all files were download.
The stop between is an issue Ill look for in the source.
But the server's hehaviour is strange.
Peter
#9
Posted 22 October 2008 - 12:30 PM
We can however limit it's access permission on .htaccess if we know which IP it is using.
The LiveXP location is perfectly indexed by regular crawler bots and these "things" are different because they are massively downloading all files or at least one single big sized file simultaneously until the server gets in overload.
Last night it was necessary to reboot the server several times to get things working again, this seemed like the only remedy.
The subdomains became a weak point because we never had any issues before, guess it will be necessary to remove direct link download from livexp.boot-land.net and only allow from the respective index.html or from a wb client if this sort of thing continues.
-----
I also thought it was related to winbuilder and even mentioned this to Peter about two days ago when testing the newer beta but now I'm convinced that this odd behavior came from the server.
-----
There are at least three ways to consume such level of bandwidth so quickly.
#1 someone scripts several wb instances to continuously loop download everything from the available server.
#2 another server online loops several instances of webget to download big sized files
#3 the number of wb users increased beyond expected results too quickly (being mentioned on a magazine or popular website for example)
One quick solution would be disabling the liveXP server by renaming updates.ini and we'd quickly discover if methods #1 or #3 mentioned above are valid or not. If it's #2 it can be later today.
#10
Posted 22 October 2008 - 12:35 PM
Yesterday I saw archive.orgs as user, and they host coplete web site copies!It's not a "regular" bot to be controlled by robots.txt
We can however limit it's access permission on .htaccess if we know which IP it is using.
Maybe you try to exclude their IP
Peter
#11
Posted 22 October 2008 - 10:19 PM
I'm used to topics that keep the 'new post mark' no matter how often i visit them.
But today the marks appear and disapear without any methode to it.
Some 'old' topics get the mark all of a sudden again, while a new one does not!
#12
Posted 22 October 2008 - 10:48 PM
Wouldn't make much sense for archive.org to download 40~70Gb per day.
----
MedEvil, we're working on this matter.
As you requested, the default list of available web servers has been modified. If LiveXP continues to be targeted I'll temporarily disable it and talk with Galapo to move onto an alternative location until things get back to normal.
This is mostly affecting the forums, I'm also in conversations with R1Soft as they are interested in sponsoring a dedicated web server to be used by our community for whatever necessary and I wouldn't mind using it as external location to balance the server load. More details should be posted as soon as the dust settles.
#13
Posted 22 October 2008 - 11:00 PM
Regards,
Galapo.
#14
Posted 23 October 2008 - 01:30 AM
sub-links ok but main heading gives this message
also, I assume you know you have to login everytime you leave boot-land and come back, even a second later.
#15
Posted 23 October 2008 - 02:54 AM
http://www.freshsoftware.com/xns/
or just use "netstat" from DOS prompt..
Dramastic
#16
Posted 23 October 2008 - 09:16 AM
On http://boot-land.net it's "normal" to see the error message.
I've removed completely mkPortal to test if it was being targeted or not, I'll be updating the portal page with a static HTML page to avoid slurp of resources.
------
Galapo: Don't worry. It's not liveXP's fault, this is likely an automated script meant to achieve such levels of bandwidth usage.
The author might as well have chosen other single big sized files like the UXP project with 600 Mb (uxp.zip).
----
Dramastic:
Our server is a debian machine with apache located on a Virtual Private Server hosting to which I have no root access nor X windows available.
This should hopefully change soon enough.
#17
Posted 23 October 2008 - 06:56 PM
http://www.boot-land...amp;#entry48011
Is this a new feature for the 'admins' or does everyone see these?
#18
Posted 24 October 2008 - 01:42 AM
Virtual Private Server hosting
Perhaps then ask the provider for some insight & assistance in the matter. I am sure they are not interested in using that amount of bandwidth unnecessarily either....
Dramastic
#19
Posted 26 October 2008 - 06:30 PM
Boot-land works so fine, makes me long for the speed my old 14,4 modem gave me!
Without attacking anyone, but it seems the more Boot-Land gets optimized, the worst the performance gets.
#20
Posted 26 October 2008 - 11:07 PM
#21
Posted 26 October 2008 - 11:17 PM
If this can help:The board is optimized and now the troubles are occurring on the sub domains..
I can temporarilys delete all my boot-land.net subdomain pages and transfer them to my own server (what since a while I'm already already doing because of FTP troubles. Currently I try to make a copy to boot-land.net whenever FTP is possible)
Peter
#22
Posted 27 October 2008 - 12:29 AM
What we need is good counter measures to prevent the server from being attacked.
At the moment they only seem to be picking on LiveXP. I'll try to see if during the next week this can be solved.
#23
Posted 27 October 2008 - 01:02 PM
Since you say that your current log analyses don't provide the required IP address information (?!), that would seem to leave only one other option. IP address blocking is seldom very effective in any case. Since DHCP and other allocation methods re-assign addresses frequently, you'd be as likely to block the innocent as the guilty.
#24
Posted 27 October 2008 - 08:07 PM
I just did an FTP upload of around 10 MB 'nightly' w/o any troubles
The speed has been constantly at 669.?? kbps. Only the ?? changed.
That is using full bandwidth of my connection.
Who changed what?
Peter
#25
Posted 27 October 2008 - 09:44 PM
Regards,
Galapo.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users