Lunar Pages

[ned]

Hi,
I was trying to install your script at LunarPages and my account has been suspended because they say they were getting 1000+ php processes spamming their server. Lunarpages has an extremely low tolerance for any problems. They said my script was probably being exploited but I really doubt it. I suspect it actually has something to do with their server config. The script was attempting to execute, but was not being allowed.

Any ideas?

[tomsommer]

That's interesting, one of our customers (in the company I work for) just installed serendipity, and that too caused a shitload of connections to the server - I didn't have a chance to debug this, but it sounds like there is a problem.

Their page was not announced so it could be something during installation?

[ned]

This is the error in the error log:


[Sat Jun 12 14:16:20 2004] [error] [client 217.85.238.84] File does not exist:
/
home/jeffbl2/public_html/favicon.ico
[Sat Jun 12 14:16:20 2004] [error] [client 217.85.238.84] File does not exist:
/
home/jeffbl2/public_html/404.shtml
[Sat Jun 12 14:16:23 2004] [error] [client 217.85.238.84] attempt to invoke
dire
ctory as script: /home/jeffbl2/public_html/cgi-bin
[Sat Jun 12 14:16:23 2004] [error] [client 217.85.238.84] File does not exist:
/
home/jeffbl2/public_html/403.shtml
[Sat Jun 12 16:03:30 2004] [crit] [client 68.47.231.126] (13)Permission
denied:
/home/jeffbl2/public_html/.htaccess pcfg_openfile: unable to check htaccess
file
, ensure it is readable
[Sat Jun 12 16:26:38 2004] [crit] [client 68.47.231.126] (13)Permission
denied:
/home/jeffbl2/public_html/.htaccess pcfg_openfile: unable to check htaccess
file
, ensure it is readable


But you have to unstand you or something within that software is bringing the
server to its knees. The support deal is dealing with a flood of complaints
about the outage the ensued. If the problem was not so severe we would be more
than happy to help, but Im sure you can understand why I have to suspend your
account.


Thanks
Simon

Also, I wanted to use Serendipity for my main page, so I installed it to the root directory.

[tomsommer]

Could they send your entire access and error logs? If you ask nicely?

I understand all too well their position Since I also work for a hosting company

[ned]

I asked. Here is the reply:

Hi,

Those are the only errors relating to your account.

You may want to ask if there is any kind of mailing script that can be
exploited within the software.

Simon

And this from an earlier message:

Same thing has just happened. 1000+ php processes from your site. They appear to attack other servers of ours by spamming.

Im afraid we will not be able to host your account due to this and you will
need to make other hosting arrangements as this sernedipity application of yours is been exploited.

--They gave me 2 chances. One more strike and I'm out.

[tomsommer]

so shut down s9y.... it would be nice if they would take a look at the access log to see which files were being opened to cause this "attack" - hence the reason I wanted to see the access log

[ned]

When I clicked on the "install" link on the welcome page, that is exactly when it happened the second time. Within 2 minutes, they shut me down.

I never even got it installed.

thx

[tomsommer]

Well during install we open a connection to /nonexistant on your server to see if the server allows .htaccess files and ErrorDocuments - It might be the reason for this, but I don't see how it could cause all these processeses.

Will try a clean install on my server tomorrow... to see what's going on

[ned]

"What rewrite method did you select during installation?"

Sorry, I'm not sure I understand the question. I simply uploaded all serendipty files and accessed the root directory to bring up the install page. Only one page comes up with a single link. I had temporarily set permissions to 777.

[tomsommer]

I'm on it

[risc_*]

I'm betting there exist a .0001% chance what I have to say will be all that useful but... you nor I will ever know till I say it so...

I've installed serendipity a good 2 dozen times over the last week, I play around with the setting and little things like that until I mess it up (or just trying to get it to work) and I noticed that the install process can/has brought my servers to its knees a few times. Both at home at on my hosting companies end. Typically the "outage" last about 5 mins and only occures when the install link "serendipity_admin.php" carries with it a PHPSESSID (of course the install page never show appears and your browser times out). Otherwise, everything hums along just fine.

[tomsommer]

Okay, so they are not using trans_sid?

[tomsommer]

Ey, that might be it - the server our customer was on also has trans_sid set to ON... will debug

[tomsommer]

Okay, the problem seems to be fixed in v.0.7, it's due to the check of .htaccess handling on your server, where we are not sending enough headers to the server, and so it gets confused and doesn't fetch the correct page during checkup of 404.

Try a nightly build (a few days ago) - If your host lets you try

[garvinhicking]

There's been a lot of activity in this thread, just my $0.02:

I had that extreme serverload as well and could track it down to the database 'localhost ' (with faulty blank at the end) db name specification. With that the server spawned endless mysql connection; don't know the cause because I could track no nested loop in the s9y install script.