Announcement

Collapse
No announcement yet.

Nightly Site Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Is there a spike in network trafic of any kind?

    Are you hitting alot of swap?

    Comment


    • #17
      It was on shared dual XEON's it was fine except at these times each night, there was no increase in users viewing at these times

      Comment


      • #18
        With out access to more info it would be very hard to pinpoint a specific problem.

        Comment


        • #19
          What about if you was to look at the database would you be able to see.

          Comment


          • #20
            No, in order to investigate any sort of attack like this you are going to need to have some sort of root access to the server, to look at logs, and possibly the datacenter to look at bandwith charts from the switches

            Comment


            • #21
              A possibly extreme but may well help simple thing to do would be to turn the board off from about 30mins before to 30 mins after the attack, and monitor the usage both while the board is off and when it is turned back on.

              It may help eliminate the board as being involved in this cpu usage.

              Comment


              • #22
                Originally posted by Steve Machol
                The vB crons would not cause this. Personally I think the most likely cause is s some server cron jobs since the timing is the same every day, but you said you have ruled that out.
                From my understanding this happened before and after moving servers, so it would have to be within vB itself somewhere and that lead me to the vB cronjobs.

                Comment


                • #23
                  Originally posted by Icheb
                  From my understanding this happened before and after moving servers, so it would have to be within vB itself somewhere and that lead me to the vB cronjobs.
                  Any idea how this was fixed

                  If I was to turn the board off would it stop all updates, cron-wise?
                  Last edited by rh2004; Mon 21 Mar '05, 4:12am.

                  Comment


                  • #24
                    Check your server for rootkits.

                    Comment


                    • #25
                      You said you changed hosts in two days. Did this also happen before moving servers? If not, it's probably the server itself. If yes and you only moved vB to the new server, then it has to be within vB.

                      Comment


                      • #26
                        Icheb, not true, someone could be attacking his site.

                        Comment


                        • #27
                          OK but I have the site running ok here for 2 nights on another server with no users using it.

                          It also did happen before moving

                          Comment


                          • #28
                            No other ideas.. anyone

                            I will move it back to my dedicated another day, can someone just confirm that when I disable the board it will stop the cron's running etc, I mean when I just hit 'run now' they run fine in a few seconds.

                            Comment


                            • #29
                              You said you are on a shared server, correct? If so, then how do you know there are no cron jobs runnning duriing this time. Many hosts (the good ones) run daily backup scripts for instance.
                              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                              Change CKEditor Colors to Match Style (for 4.1.4 and above)

                              Steve Machol Photography


                              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                              Comment


                              • #30
                                Because its always my account which is using the high load, cp updates and backup's don't use 50-90 of a server CPU

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X