Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Major Issue With Internet


  • Please log in to reply
10 replies to this topic

#1 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 04 September 2010 - 11:45 PM

Hi guys, I have an issue here that my hosting company says is my ISP's problem, but nobody can fix the issue. We have tried everything from malware and virus control (through the guys at this site) flushing DNS, using OpenDNS, clearing cache, new modem/router all browsers and still the problem continues. I have had this domain name for more than 2 years and ythis problem has only been apparent for the past 3 weeks. It seems to effect sites on my hosted server. Okay so what happens is that when I browse to a site (not all sites, just a select few on my server) like www.aceslegacy.com the page loads fast and complete! Another site is www.erooky.com where the same occurs the first connect. As soon as I reload the page, the loading is slow, various web elements/images are missing, and I can't get back to a normal complete site again, until I close the browser and reopen a fresh one. You guys will not be able to replicate the problem, and when I look at the site through "pagewash" I see it perfectly. The problems are occurring on each of 3 computers in the house (2 hard wired to router and 1 wireless), 2 PC's and one MAC and each is using a different browser. (Chrome, Safari, and Firefox) The problem also occurs with IE7 & 8. Any new ideas on this would be greatly appreciated. Regards Bryce

    Advertisements

Register to Remove


#2 Nahumi

Nahumi

    Advanced Member

  • Visiting Tech
  • PipPipPipPip
  • 688 posts
  • Interests:Technical Support
    Software Development

Posted 05 September 2010 - 09:31 AM

Hello allwinners, Sorry to hear you're having problems. Just to clarify, you have multiple websites which are externally hosted by the same company, which worked before, but you are now unable to access? Cheers, Nahumi
Nahumi

Visiting Tech
@jamescpegg | FreeTrakr
The help you receive here is free.
If you wish, you may Donate to help keep us online..

#3 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 05 September 2010 - 04:57 PM

Hi Nahumi, Yes this is right. Although I can access every site as I ahve for 2 years, I now sometimes receive a 101 error, or I get most images missing after the pages load. It is always perfect on the first load, but as soon as I refresh the page, I lose the elements, or I get this 101 error. Thanks for your time. Bryce

#4 Nahumi

Nahumi

    Advanced Member

  • Visiting Tech
  • PipPipPipPip
  • 688 posts
  • Interests:Technical Support
    Software Development

Posted 05 September 2010 - 05:25 PM

Okay, here are a few suggestions :

1. Luckily I came across this free tool the other day:

http://www.yougetsig...-on-web-server/

Type in your website, and click "Check". It will take a few minutes, but it will give you a list of all the websites being hosted from the same server as yours. This tool is completely free, it will not charge you. Try a few and see if you can connect normally and quickly.

If you get a lot of errors or most of the websites you try don't work, try talking to your hosting company again. It's possible that their firewall is singling your IP address out.

2. You could also check the obvious problem, which is that either the server is not performing, or your web page is malfunctioning. Pingdom offers some useful free tools:

http://www.pingdom.com/

They offer a free account which will track one website. Once setup, you will be able to see graphics depicting the uptime and response time of your website. Don't bother paying for the paid accounts, just sign up to the Free account.

3. To see whether your web page itself is performing okay, try Pingdom's free tool:

http://tools.pingdom.com/

Simply type in your website address and click "Test Now". Don't worry, this one is also completely free and it's quite handy to see how well the actual web page is performing.

4. It is also possible that manually deleting your browser's cache didn't work. Try pressing "Shift + F5" when viewing your website to force your website to discard the cache and re-download all the images and code directly from the server. If this seems to fix the problem, you might want to try reinstalling your browser to see if that permanently fixes the problem


Just out of interest, you aren't using the EXPIRES Meta Tag by any chance are you?

Cheers,
Nahumi
Nahumi

Visiting Tech
@jamescpegg | FreeTrakr
The help you receive here is free.
If you wish, you may Donate to help keep us online..

#5 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 05 September 2010 - 05:36 PM

Thanks again Nahumi,

I will try each of the suggestions above and see what happens. The interesting thing about this problem is that it happens across multiple browsers, but...

1. The first time I access the site from a new browser window it appears fine
2. When I refresh I either get missing elements or the following error

This webpage is not available.

The webpage at http://www.aceslegacy.com/ might be temporarily down or it may have moved permanently to a new web address.

More information on this error
Below is the original error message

Error 101 (net::ERR_CONNECTION_RESET): Unknown error.

3. If I close down the window that is being refreshed and open another browser window and browse to the site, again it appears perfect. (However this is not the case if I have two or more browsers open at the same time, browsing to the same site)

I will post the outcome of your suggestions when complete.

Regards
Bryce

edit:

Okay so heres something interesting,..... I hust conducted a search as your first suggestion mentions and okay there are hundreds of sites on that server.

I tried the first site and it was difficult to tell if there were any errors, as pages would not refresh at all. I could navigate around the site using the menu bar, but when I tried refreshing, the page would stay static.

However when I tried the next site on the list, the page loaded perfectly when I first loaded it, and then when I refreshed, some elements on the page were missing. In their place were placeholders, which is exactly what I see 80% of the time on my own sites.

When you say "it is possible they are singling out my IP address" do you mean the IP address of the site or the computer? The reason I ask is that we are on a dynamic IP system, and the problem is also occurring on 3 computers in the house.

Further Edit:

All sites checked so far are taken an extremely long time to load

Edited by allwinners, 05 September 2010 - 06:04 PM.


#6 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 06 September 2010 - 12:54 AM

I have just heard back from my hosting company and they have provided this report. They suggest that if these connections are not being made by me that there may be a malicious software or something running. However we did all this cleanup last week and I thought all that was resolved.

From Hostgator.com

Hello, Bryce.

First, let me assure you that my appreciation is genuine. You've attempted to load other sites on the same Shared server; I thought this to be remarkable.

Here is what I'm seeing on the server (the last 10 entries from the search):

root@gt2 [~]# grep 122.58.142.139 /var/log/messages | tail
Sep 5 19:22:24 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=27535 DF PROTO=TCP SPT=53804 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:22:27 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=241 ID=6383 DF PROTO=TCP SPT=53804 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:22:39 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=49792 DF PROTO=TCP SPT=53762 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:22:40 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=61226 DF PROTO=TCP SPT=53786 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:22:44 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=3506 DF PROTO=TCP SPT=53749 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:22:51 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=50125 DF PROTO=TCP SPT=53754 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:23:49 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=11739 DF PROTO=TCP SPT=53834 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:23:51 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=13501 DF PROTO=TCP SPT=53834 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:23:52 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=52 TOS=0x00 PREC=0x00 TTL=241 ID=21982 DF PROTO=TCP SPT=53834 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0
Sep 5 19:23:53 gt2 kernel: APACHE-FLOOD : IN=eth0 OUT= MAC=00:1e:c9:44:65:c5:00:1a:a1:82:26:3f:08:00 SRC=122.58.142.139 DST=74.54.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=241 ID=31329 DF PROTO=TCP SPT=53834 DPT=80 WINDOW=4380 RES=0x00 SYN URGP=0

Note your IP address in the "SRC" field. The threshold is 20 new, invalid, or "untracked" connections within a 5 second period. Normal usage, such as making a change and then refreshing the website in a browser, will not trigger this rule.

The following excerpts are from the Apache error log. Note the timestamps at the beginning of each entry:

root@gt2 [/usr/local/apache/logs]# grep 122.58.142.139 error_log
[Sun Sep 05 18:45:38 2010] [error] [client 122.58.142.139] File does not exist: /home/editnew/public_html/favicon.ico
[Sun Sep 05 18:45:38 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:45:43 2010] [error] [client 122.58.142.139] File does not exist: /home/thedigi/public_html/favicon.ico
[Sun Sep 05 18:45:43 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:45:54 2010] [error] [client 122.58.142.139] File does not exist: /home/thedigi/public_html/favicon.ico
[Sun Sep 05 18:45:54 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:45:59 2010] [error] [client 122.58.142.139] File does not exist: /home/thedigi/public_html/favicon.ico
[Sun Sep 05 18:45:59 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:46:36 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:46:36 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:46:45 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:46:45 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:46:59 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:46:59 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:05 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:05 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:07 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:07 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:11 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:11 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:14 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:14 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:16 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:16 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:18 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:18 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:21 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:21 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:36 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:36 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:38 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:38 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:48 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:48 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:49 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:49 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:51 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:51 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:52 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:52 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:53 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:53 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:55 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:55 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:47:58 2010] [error] [client 122.58.142.139] File does not exist: /home/elm1505/public_html/favicon.ico
[Sun Sep 05 18:47:58 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:48:17 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:48:17 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:48:26 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:48:26 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:48:42 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:48:42 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:49:14 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:49:14 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:49:37 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:49:37 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:55:23 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:55:23 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:55:29 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:55:29 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:56:04 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:56:04 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 18:57:37 2010] [error] [client 122.58.142.139] File does not exist: /home/global26/public_html/favicon.ico
[Sun Sep 05 18:57:37 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:17 2010] [error] [client 122.58.142.139] File does not exist: /home/pozitif/public_html/favicon.ico
[Sun Sep 05 19:14:17 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:23 2010] [error] [client 122.58.142.139] File does not exist: /home/pozitif/public_html/favicon.ico
[Sun Sep 05 19:14:23 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:28 2010] [error] [client 122.58.142.139] File does not exist: /home/pozitif/public_html/favicon.ico
[Sun Sep 05 19:14:28 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:30 2010] [error] [client 122.58.142.139] File does not exist: /home/pozitif/public_html/favicon.ico
[Sun Sep 05 19:14:30 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:32 2010] [error] [client 122.58.142.139] File does not exist: /home/pozitif/public_html/favicon.ico
[Sun Sep 05 19:14:32 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:37 2010] [crit] [client 122.58.142.139] (13)Permission denied: /home/publiemp/public_html/publiempleat/PUBLIEMPLEAT/history/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.publiempl...BLIEMPLEAT.html
[Sun Sep 05 19:14:37 2010] [crit] [client 122.58.142.139] (13)Permission denied: /home/publiemp/public_html/publiempleat/PUBLIEMPLEAT/history/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.publiempl...BLIEMPLEAT.html
[Sun Sep 05 19:14:38 2010] [error] [client 122.58.142.139] File does not exist: /home/publiemp/public_html/favicon.ico
[Sun Sep 05 19:14:38 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:14:59 2010] [crit] [client 122.58.142.139] (13)Permission denied: /home/publiemp/public_html/publiempleat/PUBLIEMPLEAT/history/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.publiempl...BLIEMPLEAT.html
[Sun Sep 05 19:14:59 2010] [crit] [client 122.58.142.139] (13)Permission denied: /home/publiemp/public_html/publiempleat/PUBLIEMPLEAT/history/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.publiempl...BLIEMPLEAT.html
[Sun Sep 05 19:15:00 2010] [error] [client 122.58.142.139] File does not exist: /home/publiemp/public_html/favicon.ico
[Sun Sep 05 19:15:00 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:17:12 2010] [error] [client 122.58.142.139] File does not exist: /home/love/public_html/favicon.ico
[Sun Sep 05 19:17:12 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:19:54 2010] [error] [client 122.58.142.139] File does not exist: /home/love/public_html/favicon.ico
[Sun Sep 05 19:19:54 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:21:32 2010] [error] [client 122.58.142.139] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (/wp-content/plugins/one-click-plugin-updater)|(www/delivery/ajs.php)|(www/admin/dashboard.php)|(/wp-content/(themes|uploads)(?:/(\\\\w+))*/(tim)?thumb.php|/pl/download\\\\?file=http|/index\\\\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedi ..." against "REQUEST_FILENAME" required. [file "/opt/mod_security/hg_rules.conf"] [line "69"] [id "1234234"] [msg "JITP:1234234"] [hostname "www.ezytrak.com"] [uri "/cgi-bin/tsource/refer.cgi"] [unique_id "TIQ0DEo221IAACj6@NMAAACX"]
[Sun Sep 05 19:21:32 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/403.shtml, referer: http://ezytrak.com/
[Sun Sep 05 19:21:35 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:21:35 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:21:45 2010] [error] [client 122.58.142.139] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (/wp-content/plugins/one-click-plugin-updater)|(www/delivery/ajs.php)|(www/admin/dashboard.php)|(/wp-content/(themes|uploads)(?:/(\\\\w+))*/(tim)?thumb.php|/pl/download\\\\?file=http|/index\\\\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedi ..." against "REQUEST_FILENAME" required. [file "/opt/mod_security/hg_rules.conf"] [line "69"] [id "1234234"] [msg "JITP:1234234"] [hostname "www.ezytrak.com"] [uri "/cgi-bin/tsource/refer.cgi"] [unique_id "TIQ0GUo221IAAAV-VegAAAAL"]
[Sun Sep 05 19:21:46 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/403.shtml, referer: http://ezytrak.com/
[Sun Sep 05 19:21:52 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:21:52 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:22:10 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:22:10 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:22:28 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:22:28 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:22:36 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:22:36 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:22:54 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:22:54 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html
[Sun Sep 05 19:23:56 2010] [error] [client 122.58.142.139] File does not exist: /home/wwwezyt/public_html/favicon.ico
[Sun Sep 05 19:23:56 2010] [error] [client 122.58.142.139] script not found or unable to stat: /usr/local/cpanel/cgi-sys/404.html

It's possible that you are not initiating these connections, but they appear to be coming from your IP address. Given the number and frequency of the connections hitting the server, it's possible that your system is infected with malicious software. Please don't misunderstand my reason for stating this; I'm simply trying to troubleshoot the issue as it is presented.

Thanks
Bryce

#7 Nahumi

Nahumi

    Advanced Member

  • Visiting Tech
  • PipPipPipPip
  • 688 posts
  • Interests:Technical Support
    Software Development

Posted 06 September 2010 - 10:51 AM

Right, okay. When I mean singling your IP address out, I mean that the firewall could be blocking the IP that your ISP gives you. When you're on a LAN, which all your home computers are, you get given an internal dynamic IP address. The hosting company's server, however, only uses the external IP address which is given to your router/modem by your ISP. Usually these tend to be static IP's that get changed every so often. ISP's tend to use static IP's because they have to buy the addresses in bulk, having a high turnover of IP addresses would cost them a small fortune. So are you sure your external IP is dynamic? The logs from the server do come in quite handy, although I'm not quite sure why your hosting administrator thinks its remarkable that you're accessing other websites on their server. Anyway, essentially what's happening is that the firewall on your hosting company's' server is noticing that your computer, or a computer using your IP address, is making too many connections. This is called Flood Protection, which is what your hosting administrator seems to be referring to. Malware could be to blame, but it seems to be a bit targeted. Just to be on the safe side, I think it would be worth starting a topic on the Malware forum to make sure that you don't have any Malware. If everything turns out to be okay, post back here and we can look at the possibility that either your router or network card is sending out too many requests.
Nahumi

Visiting Tech
@jamescpegg | FreeTrakr
The help you receive here is free.
If you wish, you may Donate to help keep us online..

#8 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 06 September 2010 - 04:33 PM

I completed a malware scan yesterday using malwarebytes and it came up with 3 trojans, after the PC was completely cleaned last week. I have deleted those, and then ran MWB again, for a clean result. I then used the MS Malicious software tool and it too gave clean results. At that point I switched the firewall on, and started again to look at the problem.

Now, this may come in handy with some of your future visitors..... When I had deciphered the report from the hosting company, I checked all 3 computers and the router, once again. There seemed to be no instances of malware on anything, and the router was working fine. I then again spoke with the hosting company, and when discussing the issue an interesting thing came to light.

When I questioned why after 2 years with no problems I was all of a sudden getting this type of flooding. He said to me that certain scripts and programs could actually generate code close enough to that used by the security protocol used at the server end. As an example he told me that it was common for the Wordpress themes that use "timthumb" for placing thumbnails, to trigger this rule.

There was my connecting factor! - On both of the sites having the trouble I am using that exact same setup. I asked him if he could white-list these two sites to bypass the error, he agreed, and all tests after that point resolved almost perfect results. So today I am going to be running the site as if nothing had happened and see if I generate any errors as I was getting before.

Thanks for your assistance. This has been 3 weeks of pure frustration, and to be told 3 times by the hosting company that it is not an issue they could deal with, (initially) is even more frustrating. I will post my work results here later today. This should (at this stage) serve as a warning to anybody running Wordpress themes that work with the "timthumb" framework.

#9 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 06 September 2010 - 05:43 PM

Okay so as promise I will update the situation now. The perfect results that appeared last night were coincidence, and this morning it took all of 5 minutes for the problems to recur. It would still pay people to be aware of the possible conflict with "timthumd" and the hosts firewall. I am using Hostgator for my sites, and this is an issue for them. I am in the process of conducting a fulls can for malware, but so far a clean bill of health.

#10 Nahumi

Nahumi

    Advanced Member

  • Visiting Tech
  • PipPipPipPip
  • 688 posts
  • Interests:Technical Support
    Software Development

Posted 07 September 2010 - 03:45 AM

Thanks for the info on WordPress. I've recently had a redirect issue with WordPress, so I know how "fragile" the system can be. To check whether it is WordPress, you could create a new folder in the public_html folder and put a test page on there. Just do a simple html table with a few images and colours. Try navigating to that and see if it loads properly. It might be worth getting Hostgator to check the log too, just to confirm whether it shows the same sort of behaviour.
Nahumi

Visiting Tech
@jamescpegg | FreeTrakr
The help you receive here is free.
If you wish, you may Donate to help keep us online..

#11 allwinners

allwinners

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 07 September 2010 - 06:27 AM

You're welcome Nahumi, I did create a new index page earlier today and loaded just one large image and two words of text. The page loads perfectly every time, and even after multiple page refreshes. I have sent this information to the hosting company and am awaiting their response.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users