Jump to content

Recommended Posts

Posted

Hi,

Normally my server load is around 1 or a bit lower but time to time it just peaks to 10s. During that time I trace to processes ( using WHM / cPanel ) and find out that several requests like follows are logged.

Seems there is a program looking for a poor php that it can attack. Actually I dont worry about them cause that is internet but the some pages get an error page from IPS script as ;

The page you requested does not exist

Error Code 1S160/2

which I believe causes the load to server where others just get a white blank  page.

Any way to overcome the issue so that non existent pages are not processed by IPS script but server instead to cause a much less CPU load ?


access("/home/myaccount/public_html/system/Dispatcher.php", F_OK) = -1 ENOENT (No such file or directory)
access("/home/myaccount/public_html/system/Dispatcher/Dispatcher.php", F_OK) = 0
open("/home/myaccount/public_html/system/Dispatcher/Dispatcher.php", O_RDONLY) = 4

access("/home/myaccount/public_html/system/Request.php", F_OK) = -1 ENOENT (No such file or directory)
access("/home/myaccount/public_html/system/Request/Request.php", F_OK) = 0
open("/home/myaccount/public_html/system/Request/Request.php", O_RDONLY) = 4

access("/home/myaccount/public_html/system/Session.php", F_OK) = -1 ENOENT (No such file or directory)
access("/home/myaccount/public_html/system/Session/Session.php", F_OK) = 0
open("/home/myaccount/public_html/system/Session/Session.php", O_RDONLY) = 4

access("/home/myaccount/public_html/system/Redis.php", F_OK) = -1 ENOENT (No such file or directory)
access("/home/myaccount/public_html/system/Redis/Redis.php", F_OK) = 0
open("/home/myaccount/public_html/system/Redis/Redis.php", O_RDONLY) = 4

access("/home/myaccount/public_html/system/Settings.php", F_OK) = -1 ENOENT (No such file or directory)
access("/home/myaccount/public_html/system/Settings/Settings.php", F_OK) = 0
open("/home/myaccount/public_html/system/Settings/Settings.php", O_RDONLY) = 6

access("/home/myaccount/public_html/system/Lang.php", F_OK) = -1 ENOENT (No such file or directory)
access("/home/myaccount/public_html/system/Lang/Lang.php", F_OK) = 0
open("/home/myaccount/public_html/system/Lang/Lang.php", O_RDONLY) = 6

 

Posted
1 hour ago, ABGenc said:

Any way to overcome the issue so that non existent pages are not processed by IPS script but server instead to cause a much less CPU load ?

Yes, look into using a firewall to block these connections.

Unfortunately, the request has to go to IPS to see if there's an address to return. There aren't files on your server for every thread, forum, etc.

Cut them off before they hit your webserver.

Posted
1 hour ago, Paul E. said:

Yes, look into using a firewall to block these connections.

Unfortunately, the request has to go to IPS to see if there's an address to return. There aren't files on your server for every thread, forum, etc.

Cut them off before they hit your webserver.

I have a builtin firewall on the server but you can not write a rule for this behaviour.

To make it a bit clearer,

If the access this link  --> <YourDomain>/system/Redis/Redis.php ( the file exists ) you get a rapid blank page as a response which does not hit IPS and consumes almost no CPU

But it you access this --> <YourDomain>/system/Redis.php ( no such file ) you get "The page you requested does not exist" from IPS which definitely consumes more CPU

and if the number of the second one rises my load gets higher.

I wonder if this can be achieved by a setting in IPS or extra htaccess codes.

Posted

This is happening because your server checks for the presence of a file on the filesystem first. If found, it executes or serves the file.

If not found, it passes to IPS, and IPS has to work to determine if the URI if the request represents something to serve out, if the request has permission, and whether or not to return the not found error.

You can identify the traffic that is asking for things it shouldn't be asking for and block it with a firewall, either on your server or in-between your server and the requestor.

This configuration may be complex and depends entirely on your environment, yet the behavior you are seeing is precisely by design otherwise.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...