Response Time
24 — 48 hours
I have been getting way too many POST request sent to com_komento which I believe is bringing my website down with 500 error. I first got the following errors and too many php processes (200) were reached:
I got like 1000s lines in my error log like the ones above all within 3-5 mins of time. After that I did the following:
1) PHP Processes: First I increased the php processes max_children from 150 to 200. But even after increase, it keeps reaching the limit and I think its probably because of the continued request like the above.
2) Disabled Komento for Guest.
3) Disabled Komento Completely by going to Komento->Integration->K2->Enable Comments set to "No". Note I use Komento with K2 integration only.
Even after disabling Komento in step 3 above, in my access log I can still see requests coming in like this:
My questions are:
1) How is the above post request still sent to the server eventhough Komento is disabled? Does this confirm that the above requests are probably sent by Bots directly posting to the URL they tracked from before?
2) How to make sure requests like above doesn't consume and overload my server? I am getting 1000s of hits to the above URL that is bringing my site down with max php processes reached and 500 errors when this happens. Do I need to set a special rule in fail2Ban or nginx settings to drop these connections?
Can you shed some lights? I havent provided my website access info and I was hoping you can assist me with the info provided.
I've got Joomla! 3.4.8, Komento 2.0.5
2016/06/16 14:26:26 [error] 2628#2628: *84701500 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 118.208.69.28, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"
2016/06/16 14:26:27 [error] 2622#2622: *84709362 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 101.181.157.233, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"
2016/06/16 14:26:27 [error] 2630#2630: *84707665 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 113.61.79.133, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"
2016/06/16 14:26:28 [error] 2629#2629: *84730958 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 155.205.208.220, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"
2016/06/16 14:26:28 [error] 2628#2628: *84726789 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 144.138.88.121, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"
2016/06/16 14:26:29 [error] 2627#2627: *84727909 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 203.25.141.6, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"I got like 1000s lines in my error log like the ones above all within 3-5 mins of time. After that I did the following:
1) PHP Processes: First I increased the php processes max_children from 150 to 200. But even after increase, it keeps reaching the limit and I think its probably because of the continued request like the above.
2) Disabled Komento for Guest.
3) Disabled Komento Completely by going to Komento->Integration->K2->Enable Comments set to "No". Note I use Komento with K2 integration only.
Even after disabling Komento in step 3 above, in my access log I can still see requests coming in like this:
101.177.167.203 - - [16/Jun/2016:14:41:05 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; LCJB; rv:11.0) like Gecko"
202.174.36.75 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36"
139.130.202.29 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
58.106.238.73 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
121.222.251.75 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
120.155.170.107 - - [16/Jun/2016:14:41:07 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2480.0 Safari/537.36"
27.253.41.150 - - [16/Jun/2016:14:41:07 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
60.226.16.180 - - [16/Jun/2016:14:41:07 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
110.143.13.209 - - [16/Jun/2016:14:41:09 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36"
My questions are:
1) How is the above post request still sent to the server eventhough Komento is disabled? Does this confirm that the above requests are probably sent by Bots directly posting to the URL they tracked from before?
2) How to make sure requests like above doesn't consume and overload my server? I am getting 1000s of hits to the above URL that is bringing my site down with max php processes reached and 500 errors when this happens. Do I need to set a special rule in fail2Ban or nginx settings to drop these connections?
Can you shed some lights? I havent provided my website access info and I was hoping you can assist me with the info provided.
I've got Joomla! 3.4.8, Komento 2.0.5
10 Replies
The replies under this section are restricted to logged in users or users with an active subscription with us
