Search the Community

We recently moved our site to a new hosting company. Since moving, our traffic stats are about 10% of what they were previously. I've been trying to figure this out for while, but I'm at a loss. I'm hoping some Apache guru can spot the issue. I ran this command to see who was accessing the server. # netstat -tn 2>/dev/null | grep :443 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head 22 138.201.194.181 18 156.26.45.19 8 104.28.85.11 4 85.237.194.119 3 167.94.195.128 2 98.156.0.18 2 46.161.11.28 2 193.218.190.123 2 173.242.192.184 2 157.55.39.49 Then I greped the logs for the IPs. grep "138.201.194.101" /var/log/httpd/stovebolt/* # grep "156.26.45.19" /var/log/httpd/stovebolt/* | wc -l 235 grep -l "156.26.45.19" /var/log/httpd/stovebolt/* /var/log/httpd/stovebolt/ssl_request_log So, one IP isn't in any logs, even though it has the most connections. The next IP is in the logs, but only in the ssl_request.log, not the access.log. That makes no sense to me at all. I've engaged the support staff at the hosting company but so far they've come up with nothing. My IP doesn't show up in the logs, and I'm on the site every day doing moderation work, accepting new registrations on the forum, approving posts of new members, etc. grep -l "70.121.63.82" /var/log/httpd/stovebolt/* /var/log/httpd/stovebolt/access.log-20220619 /var/log/httpd/stovebolt/error.log-20220619 /var/log/httpd/stovebolt/ssl_access_log /var/log/httpd/stovebolt/ssl_request_log /var/log/httpd/stovebolt/ssl_request.log-20220619 grep "70.121.63.82" /var/log/httpd/stovebolt/ssl_access_log 70.121.63.82 - - [05/Jul/2022:15:19:07 -0400] "-" 408 - 70.121.63.82 - - [05/Jul/2022:15:19:08 -0400] "-" 408 - 70.121.63.82 - - [05/Jul/2022:15:20:20 -0400] "-" 408 - 70.121.63.82 - - [05/Jul/2022:15:20:20 -0400] "-" 408 - This is my log info. The server is on EDT, which is where the owners are located. (The server itself is located in CDT.) date Tue Jul 5 15:39:11 EDT 2022 ls /var/log/httpd/stovebolt/ access.log access.log-20220626 error.log error.log-20220626 ssl_access_log ssl_request.log ssl_request.log-20220626 access.log-20220619 access.log-20220703 error.log-20220619 error.log-20220703 ssl_request_log ssl_request.log-20220619 ssl_request.log-20220703 # grep -A1 ".log" /etc/httpd/conf.d/stovebolt.conf TransferLog /var/log/httpd/stovebolt/access.log ErrorLog /var/log/httpd/stovebolt/error.log # LogLevel alert rewrite:trace3 -- CustomLog "/var/log/httpd/stovebolt/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Hi, Apologies if this isn't the right forum for this question. I couldn't find the perfect forum for my question, but I'm hoping someone can help. Basically, I've been having problems with a site I manage, with the site going down regularly, 401 Forbidden error pages cropping up reguarly, as well as Server Configuration Error pages, although only ever sporadically. I've been trying everything to work out the issue but no luck as of yet. However, one thing that seems strange is the following messages that I'm getting in the access logs. Now, this shouldn't be a problem as Facebook often creates messages like these when it's accessing files from a server. However, there are thousands of messages like this that reference files that don't exist. Honestly, it's constantly trying to access .jpg files that don't exist, and so I suspect this is what's causing the server to keep crashing. Has anyone had anything similar to this before? comono.co.uk 173.252.88.88 - - [20/Nov/2015:13:13:46 +0000] "GET /uploads/2009/9/28/873128bf77.jpg HTTP/1.1" 403 379 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)" Thanks, Russ

I am running the MindTouch Core 10.1.3 CMS web application on a 2008 R2 SP1 server and am running into issues. I have posted the issue over on those forums and ServerFault but I think it is more related to PHP itself and the environment. The problem doesn't happen locally with a similar VM on our network, just on the public one hosted online. Basically, every few hours or so, we will receive an HTTP error 500 message either in the browser or in the logs. This happens when browsing pages and is especially reproducible when uploading files (usually between 5-10MB). Simply refreshing the page or trying to upload the file again will allow it to eventually complete. In IIS, I see several entries of the following under FailedReqLogfiles: ModuleName ManagedPipelineHandler Notification 128 HttpStatus 500 HttpReason Internal Server Error HttpSubStatus 0 ErrorCode 0 ConfigExceptionInfo Notification EXECUTE_REQUEST_HANDLER ErrorCode The operation completed successfully. (0x0) The PHP version is 5.2.14 (version that ships with MindTouch). I will also see some entries in the PHP error log that show: [05-Mar-2013 15:03:31] PHP Warning: implode() [<a href='function.implode'>function.implode</a>]: Invalid arguments passed in C:\Program Files (x86)\MindTouch\MindTouch\web\skins\error-settings.php on line 93 The server is a virtual machine with 4GB RAM and 4 vCPUs. It is hosted in the cloud and accessible over the web. What things can I look at to troubleshoot this issue? Are there settings on the properties of the App Pool that I should review? Any help is greatly appreciated.