自架的Debian網站掛了

這個版面主要討論 debian 在 server 端的應用問題, server 種類繁多..舉凡 Web Server 、 File Server、 DHCP Server..等等。

版主: 阿信

自架的Debian網站掛了

文章aeolustw » 週一 3月 08, 2010 8:06 am

查看 /var/log/apache2/error.log 及 /var/log/apache2/access.log
同時網站回應的非常慢,還沒斷線.
是否是該IP讓網站掛點?
還是其它原因造成?
Google有的說跟 sleep time有關?
Thanks.

/var/log/apache2/error.log

[Sun Mar 07 21:47:31 2010] [warn] child process 21176 still did not exit, sending a SIGTERM
......
......
......
[Sun Mar 07 21:47:36 2010] [warn] child process 21368 still did not exit, sending a SIGTERM
[Sun Mar 07 21:47:36 2010] [warn] child process 21369 still did not exit, sending a SIGTERM
[Sun Mar 07 21:47:36 2010] [warn] child process 21375 still did not exit, sending a SIGTERM
[Sun Mar 07 21:47:38 2010] [error] child process 21176 still did not exit, sending a SIGKILL
[Sun Mar 07 21:47:38 2010] [error] child process 21177 still did not exit, sending a SIGKILL
[Sun Mar 07 21:47:38 2010] [error] child process 21178 still did not exit, sending a SIGKILL
......
......
[Sun Mar 07 21:47:39 2010] [error] could not make child process 21419 exit, attempting to continue anyway
[Sun Mar 07 21:47:39 2010] [error] could not make child process 21186 exit, attempting to continue anyway
[Sun Mar 07 21:47:39 2010] [error] could not make child process 21423 exit, attempting to continue anyway
......
......
......
[Sun Mar 07 21:47:39 2010] [error] could not make child process 21361 exit, attempting to continue anyway
[Sun Mar 07 21:47:39 2010] [error] could not make child process 21368 exit, attempting to continue anyway
[Sun Mar 07 21:47:39 2010] [error] could not make child process 21369 exit, attempting to continue anyway


差不多時間 /var/log/apache2/access.log

58.60.14.236 - - [07/Mar/2010:21:34:38 +0800] "GET /forum/index.php?/topic/18806-%E6%96%B0%E7%AB%B9%E5%B8%82%E7%81%AB%E8%BB%8A%E7%AB%99%E4%B8%AD%E6%AD%A3%E5%8F%B0%E5%85%8D%E8%B2%BB%E5%81%9C%E8%BB%8A/page__view__findpost__p__21647?s=2448a203db73479037f64dfaab8bcab3' HTTP/1.1" 200 3415 "http://ipb.tw/forum/index.php?/topic/18806-%E6%96%B0%E7%AB%B9%E5%B8%82%E7%81%AB%E8%BB%8A%E7%AB%99%E4%B8%AD%E6%AD%A3%E5%8F%B0%E5%85%8D%E8%B2%BB%E5%81%9C%E8%BB%8A/page__view__findpost__p__21647?s=2448a203db73479037f64dfaab8bcab3'" "Mozilla/4.0 (compatible; MSIE 6.0)"
58.60.14.241 - - [07/Mar/2010:21:34:38 +0800] "GET /forum/index.php?app=core&module=help?s=e030c88d41020d043efa929ea3df1929 HTTP/1.1" 200 3415 "http://ipb.tw/forum/index.php?app=core&module=help?s=e030c88d41020d043efa929ea3df1929" "Mozilla/4.0 (compatible; MSIE 6.0)"
58.60.14.241 - - [07/Mar/2010:21:34:27 +0800] "GET /forum/index.php?/forum/396-%E7%B6%B2%E5%9F%9F%E6%94%B6%E9%9B%86/?s=56f80f86a59c38613d025b54d8744a70 HTTP/1.1" 200 3415 "http://ipb.tw/forum/index.php?/forum/396-%E7%B6%B2%E5%9F%9F%E6%94%B6%E9%9B%86/?s=56f80f86a59c38613d025b54d8744a70" "Mozilla/4.0 (compatible; MSIE 6.0)"
......
......
......
61.247.222.82 - - [07/Mar/2010:21:54:48 +0800] "GET /cgi-bin/openwebmail/openwebmail.pl HTTP/1.1" 200 5632 "-" "Yeti/1.0 (NHN Corp.; http://help.naver.com/robots/)"
58.60.14.231 - - [07/Mar/2010:21:55:23 +0800] "GET /forum/index.php?/user/1-aeolus/?s=2df023d942bb0395cc95b22f646af7f6 HTTP/1.1" 200 107623 "http://ipb.tw/forum/index.php?/user/1-aeolus/?s=2df023d942bb0395cc95b22f646af7f6" "Mozilla/4.0 (compatible; MSIE 6.0)"
58.60.14.241 - - [07/Mar/2010:21:55:24 +0800] "GET /forum/index.php?/user/1665-%E6%96%B0%E8%90%AC%E4%BB%81/?s=2df023d942bb0395cc95b22f646af7f6 HTTP/1.1" 200 107656 "http://ipb.tw/forum/index.php?/user/1665-%E6%96%B0%E8%90%AC%E4%BB%81/?s=2df023d942bb0395cc95b22f646af7f6" "Mozilla/4.0 (compatible; MSIE 6.0)"
......
......
......
58.60.14.231 - - [07/Mar/2010:21:57:33 +0800] "GET /forum/index.php?/topic/18814-%E5%8C%97%E5%B8%82%E5%A5%BD%E5%90%83%E7%9A%84%E7%87%89%E7%BE%8A%E8%82%89%E6%B9%AF/page__view__getnewpost?s=4b2e2748955e47c9ccdd99a97505d746' HTTP/1.1" 200 157480 "http://ipb.tw/forum/index.php?/topic/18814-%E5%8C%97%E5%B8%82%E5%A5%BD%E5%90%83%E7%9A%84%E7%87%89%E7%BE%8A%E8%82%89%E6%B9%AF/page__view__getnewpost?s=4b2e2748955e47c9ccdd99a97505d746'" "Mozilla/4.0 (compatible; MSIE 6.0)"
58.60.14.231 - - [07/Mar/2010:21:57:21 +0800] "GET /forum/index.php?/topic/1779-%E5%8D%81%E4%B8%80%E6%9C%88%E5%8D%81%E5%9B%9B%E6%97%A5/page__view__getnewpost?s=b9f1acf578e3b3a8221c31a0e2ba5d5f' HTTP/1.1" 200 152363 "http://ipb.tw/forum/index.php?/topic/1779-%E5%8D%81%E4%B8%80%E6%9C%88%E5%8D%81%E5%9B%9B%E6%97%A5/page__view__getnewpost?s=b9f1acf578e3b3a8221c31a0e2ba5d5f'" "Mozilla/4.0 (compatible; MSIE 6.0)"
58.60.14.236 - - [07/Mar/2010:21:56:55 +0800] "GET /forum/index.php?/index?s=b5c56f3455b32aca70e8de481195e40c HTTP/1.1" 200 191704 "http://ipb.tw/forum/index.php?/index?s=b5c56f3455b32aca70e8de481195e40c" "Mozilla/4.0 (compatible; MSIE 6.0)"
圖檔
個人網站
測試Linux Server+光世代
主站,購物,相簿...
頭像
aeolustw
可愛的小學生
可愛的小學生
 
文章: 78
註冊時間: 週六 11月 01, 2008 9:36 pm
來自: Taiwan

Re: 自架的Debian網站掛了

文章aeolustw » 週一 3月 08, 2010 9:10 am

類似問題 => http://www.linuxsir.org/bbs/archive/ind ... 76806.html

但是只適合 apache 1.3.x => http://modules.apache.org/search.php?id=493

apache 2.x 怎辦?
圖檔
個人網站
測試Linux Server+光世代
主站,購物,相簿...
頭像
aeolustw
可愛的小學生
可愛的小學生
 
文章: 78
註冊時間: 週六 11月 01, 2008 9:36 pm
來自: Taiwan

Re: 自架的Debian網站掛了

文章aeolustw » 週一 3月 08, 2010 9:15 am

完整參考 => http://www.theserverpages.com/articles/ ... ow-To.html

找到了 => libapache2-mod-evasive

問題是怎麼設定?

For Apache v2.0:

<IfModule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

The above are the default options that are setup (even if you do not have this section in your httpd.conf).


是不是改成
Code: Select All Code
<IfModule mod-evasive>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>



可否有高人指點是否可行?
Thanks
圖檔
個人網站
測試Linux Server+光世代
主站,購物,相簿...
頭像
aeolustw
可愛的小學生
可愛的小學生
 
文章: 78
註冊時間: 週六 11月 01, 2008 9:36 pm
來自: Taiwan

Re: 自架的Debian網站掛了

文章aeolustw » 週一 3月 08, 2010 4:02 pm

參考 => /usr/share/doc/libapache2-mod-evasive/README.gz

其中
CONFIGURATION

mod_evasive has default options configured, but you may also add the
following block to your httpd.conf:

APACHE v1.3
-----------

<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

APACHE v2.0
-----------
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

</IfModule>


測試
TESTING

Want to make sure it's working? Run test.pl, and view the response codes.
It's best to run it several times on the same machine as the web server until
you get 403 Forbidden messages. Some larger servers with high child counts
may require more of a beating than smaller servers before blacklisting
addresses.

Please don't use this script to DoS others without their permission.


測試結果
......
......
......
HTTP/1.1 302 Found
HTTP/1.1 302 Found
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
......
......
......
圖檔
個人網站
測試Linux Server+光世代
主站,購物,相簿...
頭像
aeolustw
可愛的小學生
可愛的小學生
 
文章: 78
註冊時間: 週六 11月 01, 2008 9:36 pm
來自: Taiwan


回到 debian server

誰在線上

正在瀏覽這個版面的使用者:沒有註冊會員 和 1 位訪客