| Author |
Message |
Hawkeye
MD user level 5
Joined: Dec 31, 2003
Posts: 61
Location: Sydney, Australia
Member
|
 Posted:
July 26, 2008 - 02:38 AM |
 
|
| Post subject: Is this a bug or security issue? |
I have had my site suspended for the second time as there are 100 simultaneous SQL requests being performed on my site which has 4 members but surprisingly between 58-65 'Guests'. Its not that interesting a site and has been made as a proof of concept demo for other people.
The message from the host site (www.hostrocket.com) is as follows:
Dear Customer:
We regret to inform you that your hosting account for hyperbariconline.com was temporarily suspended by the server. Please read the following notice regarding the details of the suspension as well as what steps you can take to help us get your site back up and running again as quickly as possible, with as little inconvenience as possible to you and your sites visitors:
Your account has once again been suspended due to excessive resource usage. About 100 instances of the following process were running and hanging:
/usr/bin/php /home/hyperba/public_html/hawkeyemedical/index.php
In addition, about 100 MySQL processes were running to server requests to your hyperba_hawkeyemedical database, using a query beginning like the following:
INSERT INTO hawk_phpbb_search_wordmatch (post_id, word_id, title_match)
This is causing the server to become slow and unresponsive for both your site, and other users on the system. Please contact us as soon as possible to discuss the situation..
I am not sure why this is happening as I haven't changed anything for at least two months and the 'Guest Users' numbers are making me suspicious that this is a deliberate attack.
I am using MDPro 1.0821
I can't access the site (incl ftp) until I can sort out what the actual issue is.
Any ideas?
Cheers Hawkeye |
|
|
|
|
dmiranda
MD Staff
Joined: Dec 07, 2003
Posts: 770
Location: Kenya
bannato
|
| Posted:
July 28, 2008 - 01:06 AM |
|
|
YOu have obviously installed phpbb. Try first disabling it, to see if that is the problem. How can you do that without having at least ftp access, I do not know. Can you use phpmyadmin? |
_________________
We know what you are missing
http://www.hmtraveller.com |
|
|
|
|
Hawkeye
MD user level 5
Joined: Dec 31, 2003
Posts: 61
Location: Sydney, Australia
bannato
|
| Posted:
July 28, 2008 - 02:32 AM |
|
|
I have installed MDForums so I am assuming that I have an historical process from phpbb in that as I haven't actually used phpbb as a discrete install.
It has been working fine up until this point. I have some more info from the server people and I have had 935 accesses for the site (which is more than expected with the discrete IP's that I am further investigating now.
Beginning to feel that this is an attack via a security hole at this stage.
Cheers Hawkeye |
|
|
|
|
|
dmiranda
MD Staff
Joined: Dec 07, 2003
Posts: 770
Location: Kenya
bannato
|
| Posted:
July 28, 2008 - 12:36 PM |
|
|
That is what I mean. Mdforum is a port of phpbb2. For starters, get them to disable mdforum, to see if that is the entry point. |
_________________
We know what you are missing
http://www.hmtraveller.com |
|
|
|
|
|
|
| |
Forum FAQ
Search
Usergroups
Preferences
Options forum
Watched Topics
Latest forum posts
Log in to check your private messages
Log in
