jaymc

I actually have error logs enabled, it was access logs I disable as it causes way to much i/o I can see some weird stuff in the logs, here is example [Thu Jun 05 16:18:17 2008] [error] [client 72.36.x.x] script '/var/www/cgi-bin/proxy.php' not found or unable to stat [Thu Jun 05 16:25:11 2008] [error] [client 67.18.x.x] client denied by server configuration: /var/www/html/images/proxy5, referer: http://12e1b435e5/ Incedently, "/var/www/html/images/" is my first VHOST, which has a deny all on it, as in the past these requests where hitting my initial VHOST which was a forum, of which the home page had 24 queries running on it, hence it killed mysql Its obvious its still going on, do you think this is the proxy situation still I can give you the complete log file if you want over MSN

Install webmin, that has a control panel to do all kinds Including mail Its very easy google > webmin

How can I get invalid connections via netstat -apn |grep :80 That just shows me 7000 connections, no relation to whats going on in apache I have the PIDs of the apache spoofs, is there a way to trace that down to a tcp connection. I notice netstat -p does not display the PID

I dont keep logs, slows the server down However, server-status is practically LIVE LOGS? If you want to see that, I can show you, although its perfectly clean apart from thouse ..reading.. connections in the screenshot I have just found an IP address in my TCP logs, that appears over 1000 times on port :80 I just actually spoke to the guy whos IP it was, guarintee knows nothing about computers, is it possible he has some sort of spyware thats hammering my connection? However, I banned his IP via .htaccess deny all, 0 connections in TCP which is great, however, still the ..reading.. connections flooding in is ..reading.. a special apache thing or a blatant spoof Edit Actually, I have found quite a few IP address which appear 30+ times in netstat log, is it 1 tcp connection for each request, e.g a page with 50 images on will require 50 seperate tcp connections?

I attached an image in my first posts use this link anyway http://www.phpfreaks.com/forums/index.php?action=dlattach;topic=200537.0;attach=4475;image How can there be 5711 tcp:80 connections Server limit 200 maxClients 200 Should prevent that right? By the way, nearly all of those 5000+tcp connections on :80 are in the state of TIME_WAIT I dumped netstat -n to a text file, all 7000 lines, at a glance the IPs do not seem to be the same

Hmmm netstat -apn |grep :80 |awk {'print $5'} |wc -l Showed 5711 Oh dear? I cant up max clients, as it basically uses everything it can, if I set it to 700 it would hit that, but before it got to that, the server would be crippled anyway Maybe it is not the old proxy issue, although I did see a get in there, with a valid IP address for http://python.org which is obviously nothing to do with my server, especially with it being a GET Do you think my server is being blasted with spoof requests Also, if I can get the PID of the apache request, how can i match that with a TCP connection, to get the IP!

I am aware of an issue on my server where as I accidently left the apache proxy module enabled, after a few months my servers IP was indexed on a lot of proxy websites A year on and Im still getting a load of hits, obviously not being processed by apache but they still count as a client connection This is causing apache to max out on connections and spiral the server load out of control I need a way to stop this, I cant change the IP address of the server, so thats out the question Here is an abstract from apache server-status module so you can see what apache see's Notice no IP address or request, I think the question marks and ..reading.. are spoofed headers This may not even be the proxy issue? Perhaps my server is getting spammed to hell by a script kiddy How can I stop this? [attachment deleted by admin]

Ok, I guess I will go re code

Cheers

Your WHOIS Search Results If the domain is not registered with Network Solutions, we are unable to provide the WHOIS information for this extension. its a co.uk domain, I dont think I can use whois service as most are stating only com, org etc Either way, that website did not pick up my domain. It is active by the way, still has another year left

Yes I am using IP tables but I cant block 80 as have webserver running.. and thats where the requests are coming in from sysctl.conf gave this kernel.sysrq=0 net.ipv4.ip_forward=0 net.ipv4.conf.default.accept_source_route=0 net.ipv4.conf.default.rp_filter=1 kernel.panic=3 kernel.core_uses_pid=1 What can I do with that?

My ap Ok No, probably deleted years ago

I have forgot which website/company I registered a domain name with I have loads, all over the place, so not as dumb as it sounds, or maybe it is ! Anyway, how can I find out where my domain name was purchased from (the website which will have the admin panel to update name servers etc) whois etc just displays the main registrar, like daily.co.uk and internic I need the company such as godaddy or registerfly Can this be done? If so, how

People killing my machine by requesting webpages over and over, causing apache to hit its max clients of 200 Because thats whats happening I had a proxy enabled (apaches module one) about a year ago until I realised it was open to the public, by then it was listed on those proxy websites, since then I get requests all the time, all of which fail but still count as an apache request, hence I max out on connections It is not 1 particular IP address, and via server-status sometimes it does not even give the IP, it just shows a question mark, which I suppose is spoofed headers What can I do to stop this? I cant change the IP of my server, as they are querying via the domain name The proxy port was :80, so I cant block that either

I have my code set out like this index.php : <html><head><title></title></head> <body> TABLES ETC HERE FOR BANNER <div><? echo include("webpages/page.php"); ?></div> </body> </html> The problem is, inside page.php is raw html and some mixed php. Because the html is not defined within the PHP when I use include it dumps the contents of page.php inside the div. To get the title coming frm page.php, i would need to include page.php before the head of the master index.php In doing this, the contents of page.php are outputed inside the <head> I tried using ob_start() to buffer the output, but in doing that, I was unable to retrieve the $pageTitle variable which was set inside of page.php Just to note, there are about 200 page.php type files, so not so feasable to go in and change it all, especially the way i have mixed raw html and php within those files, rather than all html inside php variables

Yeh I thought I would have to do that Also, you say greedy? Will this have any negative in pact if I use (.+) for everything?

Due to the setup of my php code, this is the only easy option without complete re structuring everything I've already wrote If its not going to cause a problem its better this way

But putting it after </body> and before </html> does display it in the title bar in both firefox and IE So, zero issues, apart from if google does not read it..

I use a lot of Mod ReWrite to produce nice URL's, see the example below RewriteRule ^hub/(.+)/(.+)/(.+)?$ ?open=hub&page=$1&catID=$2 [L] However, I want users to be taken to ?open=hub&page=&catID= if anything after hub/ is not defined Here is the full url www.site.com/hub/view_topics/123/topic.html # This works with the above mod rewrite www.site.com/hub # This does not work, it just loads a 404 When going to www.site.com/hub I would rather it produce this ?open=hub&page=&catID= How can this be done?

Forget my reasons, im having a nightmare with php and dynamic pages in which I need to generat the html <title> tag I had a brain storm, if I put the <title><? echo $hurray; ?></title> before </body></html> I get what I want I have checked in IE and FIREFOX and they both read the title tag no problems at all However, the reason for all of this is for google, will google have any issues pulling out my title if its all the way down at the bottom of the page, more importantly, not in the head? I know its not best practice and probably un heard of, but the circumstances of time have led me to this Can I get away with it, rather dirty?

Cool Thanks

<? $num = 0; $cheese = <<<EOT hello "mate" "" AND . $num+1} . AND "" ha EOT; echo $cheese; ?> Can you help with syntax?

Did not work

I use EOT a lot to save adding slashes when I want to use quotes etc, however, I have ran into an annoying problem check this $number = 3; $cheese = <<<EOT I like to use "quotes" without slashing them, but I can do things like adding $number+1 should come out as 4, but you cant execute code inside of this Am i missing something? EOT;

I managed to find a way to store the contents in a variable, even when echoed from within that script function test() { ob_start(); include("page.php"); $ret = ob_get_contents(); return $ret; } page.php <table><tr><td>content here</td></tr></table> <? $pageTitle = "hello"; echo hello again; ?> <table><tr><td>test</td></tr></table> The problem now is, because of object buffering, variables I set inside page.php cant be used outside of the function/object buffer Thus rendering it a failure