Announcement

Collapse
No announcement yet.

GAH! And Now It Broke

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DemOnstar
    commented on 's reply
    Yes you did, thanks for that.
    My bad, I replied to the wrong thread. LOL

  • evil-maniac
    replied
    Originally posted by DemOnstar View Post
    Thank you for changing the topic of the forum, no, I mean it. It was all getting at bit techno for me anyway. Totally lost now, lol. Good luck with your configs and APC stuff.
    I already replied to you

    You can also use ConfigServer firewall; which is a set of open source perl scripts that will configure iptables based on a simplified config file. It has Cpanel integration if you are not well versed in using shell. It has the ability to block countries by simply adding the country-code. The issue however is that the more entries you have in iptables the slower connections will be, and blocking entire country ip ranges will do just that.

    Leave a comment:


  • DemOnstar
    replied
    Thank you for changing the topic of the forum, no, I mean it. It was all getting at bit techno for me anyway. Totally lost now, lol.
    Good luck with your configs and APC stuff.

    Leave a comment:


  • evil-maniac
    replied
    So I can replace $config['Cache']['class'][x]'s value with 'vB_Cache_APC' ? It is not listed as one of the options in the comments above the field.

    Leave a comment:


  • Zachery
    replied
    APC also has a inmemory cache support. So you can store information for it directly in the memory.

    Leave a comment:


  • evil-maniac
    commented on 's reply
    You can also use ConfigServer firewall; which is a set of open source perl scripts that will configure iptables based on a simplified config file. It has Cpanel integration if you are not well versed in using shell. It has the ability to block countries by simply adding the country-code. The issue however is that the more entries you have in iptables the slower connections will be, and blocking entire country ip ranges will do just that.

  • evil-maniac
    replied
    . I had switched to the use of APC for all cacheing including $config['Cache']['class'][1] and $config['Cache']['class'][2] in core/includes/config.php.
    ​How does that work; I thought APC was strictly an opcode cache; where as the $config['Cache']['class][x] was for caching SQL objects o_o

    Leave a comment:


  • DemOnstar
    replied
    Thanks for your quick response, my main concern is China as I live there. However, I am still in the novice stages and therefore have very little idea of WTF you are talking about. Maybe I could throw this into the JIRA world and ask for this to be a new feature?

    Any thoughts?

    Done it anyway.
    http://tracker.vbulletin.com/browse/VBV-8358
    Thanks again.

    And because I live in China, it would probably block me too yes?


    Last edited by DemOnstar; Thu 7th Mar '13, 7:34am.

    Leave a comment:


  • Dan Simon
    commented on 's reply
    You'd need to have control over the firewall that sits in front of your server. If you have that, then pull down the zone file for your nation of choice and add all IP blocks to your iptables ruleset, specifying to block/drop the connection. www.ipdeny.com has some automated tools to help with this, though their zone files are slightly outdated.

  • DemOnstar
    commented on 's reply
    Mr Simon, may I ask, how does one block a nation? By nation I mean you are talking of a country?
    If yes, how would I do that?

    In advance, thank you.

  • Dan Simon
    replied
    Yeah -- I've been keeping an eye on them, and blocking a few key nations as necessary.

    Leave a comment:


  • evil-maniac
    replied
    Originally posted by Dan Simon View Post
    Oh...I had also seen some ongoing attack attempts against the forums in the logs. They looked like relatively common sqli and code injection attacks. While they don't appear to have been successful in any form of database modification, it is certainly possible that they were the root cause of the cache corruption.
    I would be worried if I had constant SQLi attacks; A few guides detailing instructions on a working 0-day SQLi exploit have been sold online for 1.2k USD a copy; working on vb5 since the beta.

    Leave a comment:


  • Dan Simon
    replied
    Oh...I had also seen some ongoing attack attempts against the forums in the logs. They looked like relatively common sqli and code injection attacks. While they don't appear to have been successful in any form of database modification, it is certainly possible that they were the root cause of the cache corruption.

    Leave a comment:


  • Dan Simon
    replied
    First off, the problem seems to have been resolved at this point -- Wayne worked with me last night for a bit doing some basic troubleshooting and things went back to normal almost as soon as he started. Thank you both for the support!

    For troubleshooting purposes (in case this happens to someone else), there were no errors logged, either in Apache's error logs or in PHP's error logs. During the onset of the problem, when the cache appeared to have become corrupted and we were getting out of memory errors in PHP for all requests, there was a HUGE amount of logged messages -- all pertaining to the failure of PHP to allocate memory (running past the limit set in /etc/php.ini).

    I _think_ that the failure of the forum home page to display was due to a problem with the Top Active Users widget (widget_top_active_users in the template files). One of the last things that I did before the problem resolved itself was to clear the contents of that template entirely, save the change, restart the server, revert the template (putting the content back in), and then restart the server a second time. I was focusing on that template as it was one of the few items that was unique to the forum home page (vs. all other pages in the forums) and which would display only for authenticated users.

    My suspicion is that all of this had to do with the cacheing mechanism in use. I had switched to the use of APC for all cacheing including $config['Cache']['class'][1] and $config['Cache']['class'][2] in core/includes/config.php. I think that the use of APC for those two caches in particular caused issues with corruption, particularly $config['Cache']['class'][1], which appears to be extremely active. Once corrupted, the problems lingered even after clearing the cache and even switching back to the original cache control mechanisms...which is decidedly odd.

    I'm still using APC for $config['Cache']['class'][0] and $config['Datastore']['class'] -- the performance boost is truly noticeable. No problems so far (fingers crossed).

    Hopefully all of this is of use to someone...

    Leave a comment:


  • Trevor Hannant
    replied
    What's in the server's PHP error logs for the time of the blank pages?

    Leave a comment:

Related Topics

Collapse

Working...
X