2012-11-14T07:49:30 *** arvind_khadri has joined #amclug 2012-11-14T07:58:49 ,later tell ecthiender http://ask.slashdot.org/story/12/11/09/2226249/ask-slashdot-which-virtual-machine-software-for-a-beginner 2012-11-14T07:58:49 arvind_khadri: The operation succeeded. 2012-11-14T08:20:11 *** arvind_k has joined #amclug 2012-11-14T08:23:32 *** arvind_khadri has quit IRC (Ping timeout: 248 seconds) 2012-11-14T08:32:25 *** pradi has joined #amclug 2012-11-14T08:48:06 *** pradi has quit IRC (Ping timeout: 264 seconds) 2012-11-14T09:00:24 *** pradi has joined #amclug 2012-11-14T09:02:36 *** pradi has quit IRC (Read error: Connection reset by peer) 2012-11-14T09:04:26 *** pradi has joined #amclug 2012-11-14T10:08:21 *** pradi has quit IRC (Quit: Leaving.) 2012-11-14T10:13:34 *** pradi has joined #amclug 2012-11-14T11:35:07 *** pradi has quit IRC (Quit: Leaving.) 2012-11-14T11:55:25 *** pradi has joined #amclug 2012-11-14T13:01:24 *** pradi has quit IRC (Quit: Leaving.) 2012-11-14T13:19:01 *** pradi has joined #amclug 2012-11-14T14:54:28 *** arvind_k has quit IRC (Ping timeout: 265 seconds) 2012-11-14T15:39:07 *** pradi has quit IRC (Quit: Leaving.) 2012-11-14T18:17:14 *** ecthiender has joined #amclug 2012-11-14T18:43:01 *** arvind_khadri has joined #amclug 2012-11-14T18:44:33 arvind_khadri, are any of these perl scripts were running? http://pastie.org/private/5inra5o2twoz7c0m4uu4nq 2012-11-14T18:44:34 Title: Private Paste - Pastie (at pastie.org) 2012-11-14T18:45:27 ecthiender, nope, all the processes were just named perl. 2012-11-14T18:45:45 arvind_khadri, so it was just the perl interpreter running :O 2012-11-14T18:46:31 ecthiender, I think we should move everything to nginx and let the apache run to duplicate the program. Yes it was just the interpreter running 2012-11-14T18:46:44 so that was fine 2012-11-14T18:47:07 apache run to duplicate to which program? arvind_khadri ? 2012-11-14T18:47:29 ecthiender, this whole memory and cpu consumption problem 2012-11-14T18:47:32 I didnt get you 2012-11-14T18:47:46 s/program/problem/ 2012-11-14T18:47:47 What arvind_khadri meant to say was: ecthiender, I think we should move everything to nginx and let the apache run to duplicate the problem. Yes it was just the interpreter running 2012-11-14T18:48:04 duplicate the problem? 2012-11-14T18:48:16 arvind_khadri, ? 2012-11-14T18:48:19 ecthiender, this whole memory and cpu consumption problem 2012-11-14T18:48:51 how will you duplicate it? 2012-11-14T18:49:01 you have to run apache then 2012-11-14T18:49:39 ecthiender, that is what am saying, we will let it run. 2012-11-14T18:49:54 and nginx? 2012-11-14T18:50:08 arvind_khadri, ^ 2012-11-14T18:50:11 we will run the apache thing in a sandbox. 2012-11-14T18:51:17 ecthiender, ^ 2012-11-14T18:51:40 you have to run it in a different port other than 80. and pass some (or all) of the requests to apache then 2012-11-14T18:51:54 arvind_khadri, what will be the whole point of this? 2012-11-14T18:52:40 arvind_khadri, either we sit and figure out what was the problem now. or we move to nginx and completely ditch apache. 2012-11-14T18:52:58 i think so. 2012-11-14T18:53:05 ecthiender, yes, sounds fine. To find out what caused the spikes, the same problem had caused the earlier server to be billed highly 2012-11-14T18:53:55 so, we should solve it then. But we will have to wait till the problem duplicates. 2012-11-14T18:54:00 spikes? you mean high volume of requests? 2012-11-14T18:54:19 no we can backtrack no. we have some logs right? 2012-11-14T18:54:26 what kind of attack was it? 2012-11-14T18:54:34 what happened exactly? 2012-11-14T18:55:25 arvind_khadri, ^ 2012-11-14T18:56:06 our machine was not under attack. Our machine was used to make the attacks on this particular server called risingnet.net. Dinesh got a mail from heztner saying that risingnet has complained that they are under DOS attack from the server 2012-11-14T18:57:12 ecthiender, ^ 2012-11-14T18:57:39 ecthiender, you can stop running the htop :P you won't see anything again of those sorts for a few days 2012-11-14T18:58:14 arvind_khadri, no. I am monitoring the server :P 2012-11-14T18:59:22 arvind_khadri, and how is the apache problem related to this? 2012-11-14T19:00:32 ecthiender, I am just guessing that the perl scripts might be running the DOS attack, and it is a interpreter running, so I can not even guess what could be running inside them. 2012-11-14T19:01:08 arvind_khadri, there should be the script name listed after it 2012-11-14T19:01:47 even in the previous server there was a very high billing because of exceeding network limit. There was no name next to it. Will show you the next time it happens. 2012-11-14T19:02:29 arvind_khadri, think when does that happen? 2012-11-14T19:02:49 arvind_khadri, what happens when you run a program directly inside the interpreter? 2012-11-14T19:04:14 ecthiender, The program runs that is all, ain't that enough for a cracker? I don't know how to answer that question. 2012-11-14T19:05:23 arvind_khadri, yes. thats what happens. you dont see any script name beside the interpreter's name in the process. 2012-11-14T19:05:41 :) 2012-11-14T19:06:09 and those perl scripts were run by apache? 2012-11-14T19:06:33 yes, by the www-data user. ecthiender 2012-11-14T19:23:00 ecthiender, gn.. see you tmrw. 2012-11-14T19:25:43 *** ecthiender has quit IRC (Ping timeout: 255 seconds) 2012-11-14T19:26:17 *** arvind_khadri has quit IRC (Read error: Operation timed out) 2012-11-14T20:18:12 *** ecthiender has joined #amclug