服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 阿帕奇随机发起攻击
Intereting Posts
使用DMZconfigurationCisco Pix 515并且不configurationNAT 监控第3层隐形开关的带宽 在启动rhel 7之前,有没有办法知道networking接口名称? 中继访问被拒绝 – 结合外部邮件服务 ERR_SSL_VERSION_OR_CIPHER_MISMATCH CSF cc_deny不起作用 为什么“jobs”不显示我在后台打开的ssh隧道? 如何在Unix中build立一个公共的Git仓库 ESXi 5.0未显示RAID运行状况(DELL PERC H200) 是否有可能使用工作台连接到Linux服务器,并将输出发送到CSV或文本文件? KVM低networking速度 如何用storcli扩展RAID5arrays? 如何在Linux中configurationVMWare Workstation以接受RDP连接 如何设置与ssl请求一起使用的apache代理中继? 如何更改Google云计算上的反向DNS?

阿帕奇随机发起攻击

最近,看起来我们的VPS上的Apache2守护进程看起来是随机的问题。

第一次login之前的事情去地狱 

[Tue Jun 25 23:07:18 2013] [error] [client 173.245.51.242] PHP Warning: Invalid argument supplied for foreach() in /var/www/libraries/joomla/access/access.php on line 409 [Tue Jun 25 23:07:19 2013] [error] [client 108.162.224.23] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55

任何问题之前的日志都会显示比我预期更多的PHP错误,维护网站的开发人员在这里没有发现任何问题 

 [Tue Jun 25 23:18:01 2013] [error] [client 103.22.200.24] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 [Tue Jun 25 23:18:05 2013] [error] [client 173.245.51.242] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 [Tue Jun 25 23:18:19 2013] [error] [client 103.22.200.63] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 [Tue Jun 25 23:18:24 2013] [error] [client 103.22.200.24] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 [Tue Jun 25 23:18:33 2013] [error] [client 173.245.53.153] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 [Tue Jun 25 23:18:35 2013] [error] [client 108.162.225.139] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 [Tue Jun 25 23:18:52 2013] [error] [client 108.162.231.144] PHP Notice: Trying to get property of non-object in /var/www/administrator/includes/application.php on line 276 [Tue Jun 25 23:18:59 2013] [error] [client 108.162.231.144] PHP Notice: Undefined property: stdClass::$params in /var/www/administrator/includes/application.php on line 277 [Tue Jun 25 23:19:05 2013] [error] [client 108.162.231.243] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 [Tue Jun 25 23:19:22 2013] [error] [client 108.162.219.100] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 [Tue Jun 25 23:19:39 2013] [error] [client 103.22.200.163] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 [Tue Jun 25 23:19:38 2013] [error] [client 173.245.49.138] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 [Tue Jun 25 23:19:50 2013] [error] [client 103.22.200.24] PHP Notice: Trying to get property of non-object in /var/www/administrator/includes/application.php on line 276 [Tue Jun 25 23:19:50 2013] [error] [client 103.22.200.24] PHP Notice: Undefined property: stdClass::$params in /var/www/administrator/includes/application.php on line 277

我已经看到这发生在htop,虚拟内存枯竭,并开始看到这一点 

 [Tue Jun 25 23:54:45 2013] [warn] child process 30976 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 30978 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 30979 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 30829 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 30830 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 32009 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 31929 still did not exit, sending a SIGTERM [Tue Jun 25 23:54:45 2013] [warn] child process 31037 still did not exit, sending a SIGTERM

在这一点上一切都慢慢爬行,系统基本上是不可用的 

 [Tue Jun 25 23:54:50 2013] [error] could not make child process 30976 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 30830 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 31929 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 30834 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 31050 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 30438 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 31052 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 32080 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 30838 exit, attempting to continue anyway [Tue Jun 25 23:54:50 2013] [error] could not make child process 32179 exit, attempting to continue anyway

重启httpd固定的东西虽然有时系统太慢,VM需要重启。

一些基本知识: 

 Linux version 2.6.32-358.11.1.el6.x86_64 ([email protected].centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Wed Jun 12 03:34:52 UTC 2013 [user@server ~]$ httpd -V Server version: Apache/2.2.15 (Unix) Server built: May 16 2012 22:32:26 Server's Module Magic Number: 20051115:24 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" [user@server ~]$ php -v PHP 5.3.3 (cli) (built: Jul 12 2013 20:35:47) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies [user@server ~]$ mysql -v Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 264224 Server version: 5.1.69 Source distribution top - 00:52:46 up 19 days, 2:47, 1 user, load average: 0.00, 0.00, 0.00 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 0.3%us, 0.3%sy, 0.0%ni, 99.3%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1016516k total, 883812k used, 132704k free, 61112k buffers Swap: 2064376k total, 157088k used, 1907288k free, 227368k cached
  • 服务器被设置为默认的max_childs和其他mpm_worker值
  • 网站在Cloudflare后面,因此在上面的日志中的less数IP地址
  • 虚拟机CPU是1Ghz,1GB内存,没有磁盘IO限制,我的虚拟磁盘没有满
  • 试图切换到mpm_prefork但有MySQL支持的问题
  • PHP模块没有什么特别之处
  • 网站运行webmin作为前端,它的作用是前端Web服务器,MTA(后缀),MDB(dovecot)和文件服务器(proftpd)

我不知道我应该继续进行什么方向,我可以启用PHPdebugging,如果它是在Joomla导致的问题,但我的经验是有限的,所以我宁愿知道去哪里一审。

目前这种情况在过去几个月里只发生过三次,虽然没有真正的模式,但似乎并没有像深夜发生的那样与负荷有关。

任何build议将不胜感激。

你肯定有一个陷入困境的PHP循环。 检查这些文件:

  • /var/www/libraries/joomla/access/access.php
  • /var/www/libraries/joomla/language/helper.php
  • /var/www/administrator/includes/application.php