com_komento request hammering my site
By Neel on Thursday, 16 June 2016
Posted in Technical Issues
Replies 10
Likes 0
Views 1.2K
Votes 0
I have been getting way too many POST request sent to com_komento which I believe is bringing my website down with 500 error. I first got the following errors and too many php processes (200) were reached:

2016/06/16 14:26:26 [error] 2628#2628: *84701500 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 118.208.69.28, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"

2016/06/16 14:26:27 [error] 2622#2622: *84709362 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 101.181.157.233, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"

2016/06/16 14:26:27 [error] 2630#2630: *84707665 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 113.61.79.133, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"

2016/06/16 14:26:28 [error] 2629#2629: *84730958 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 155.205.208.220, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"

2016/06/16 14:26:28 [error] 2628#2628: *84726789 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 144.138.88.121, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"

2016/06/16 14:26:29 [error] 2627#2627: *84727909 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 203.25.141.6, server: example.com.au, request: "POST /?option=com_komento HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com.au", referrer: "http://example.com.au/xyz"


I got like 1000s lines in my error log like the ones above all within 3-5 mins of time. After that I did the following:

1) PHP Processes: First I increased the php processes max_children from 150 to 200. But even after increase, it keeps reaching the limit and I think its probably because of the continued request like the above.

2) Disabled Komento for Guest.

3) Disabled Komento Completely by going to Komento->Integration->K2->Enable Comments set to "No". Note I use Komento with K2 integration only.

Even after disabling Komento in step 3 above, in my access log I can still see requests coming in like this:

101.177.167.203 - - [16/Jun/2016:14:41:05 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; LCJB; rv:11.0) like Gecko"

202.174.36.75 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36"

139.130.202.29 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"

58.106.238.73 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"

121.222.251.75 - - [16/Jun/2016:14:41:06 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"

120.155.170.107 - - [16/Jun/2016:14:41:07 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2480.0 Safari/537.36"

27.253.41.150 - - [16/Jun/2016:14:41:07 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"

60.226.16.180 - - [16/Jun/2016:14:41:07 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"

110.143.13.209 - - [16/Jun/2016:14:41:09 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36"


My questions are:

1) How is the above post request still sent to the server eventhough Komento is disabled? Does this confirm that the above requests are probably sent by Bots directly posting to the URL they tracked from before?

2) How to make sure requests like above doesn't consume and overload my server? I am getting 1000s of hits to the above URL that is bringing my site down with max php processes reached and 500 errors when this happens. Do I need to set a special rule in fail2Ban or nginx settings to drop these connections?

Can you shed some lights? I havent provided my website access info and I was hoping you can assist me with the info provided.

I've got Joomla! 3.4.8, Komento 2.0.5
Hi Neel,

It looks like your subscription has expired and in order for you to continue requesting for support, you will need an active subscription. If you have already renewed, please let us know so that we can correct this for your account.
Seems like you still using older version of Komento, would you mind to update it to the latest version? and see it is this issue still persist?

Thanks for understanding
Muhammad Fadhli
·
Thursday, 16 June 2016 13:44
·
0 Likes
·
0 Votes
·
0 Comments
·
I understand that. But considering that I had purchased the installed version when I had a subscription would you consider sharing your suggestions as a good will gesture?

I will not be updating Komento since I am trying to disable it completely along with dropping all requests to com_komento. So can you kindly share your thoughts on:

1) How is the above post request still sent to the server eventhough Komento is disabled? Does this confirm that the above requests are probably sent by Bots directly posting to the URL they tracked from before?

2) How to make sure requests like above doesn't consume and overload my server? Do I need to set a special rule in fail2Ban or nginx settings to drop these connections?
Neel
·
Thursday, 16 June 2016 13:49
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Neel,

Unfortunately, we not really sure why this still generated as you have already disable the komento because we don't have the exact views for this issue.
There are some possibility for the request is keep generate, can you double confirm that the setting of Live Notification (Integrations>K2>Layout>Comment Item) and Send mail on page load(Integrations>K2>Notification>Mail Notifications) is disable?
Muhammad Fadhli
·
Thursday, 16 June 2016 16:02
·
0 Likes
·
0 Votes
·
0 Comments
·
Thank you for your response Fadhli. I Disabled Live Notification in Komento (Integrations->K2->Layout->Comment Item) and the Send mail on page load was already disabled. I also unpublished the User-Comments app in EasySocial component. I checked from Firefox firebug and I dont see any POST or notification ping made to com_komento url. I tested the same URLS as seen in log both as a guest and logged in user and I dont see any query to Komento nor any komento resources loaded on page ever since the komento was disabled. Not sure where the request is coming from.
Neel
·
Thursday, 16 June 2016 16:27
·
0 Likes
·
0 Votes
·
0 Comments
·
I checked from Firefox firebug and I dont see any POST or notification ping made to com_komento url. I tested the same URLS as seen in log both as a guest and logged in user and I dont see any query to Komento nor any komento resources loaded on page ever since the komento was disabled.

Thanks for the heads up
Muhammad Fadhli
·
Thursday, 16 June 2016 16:47
·
0 Likes
·
0 Votes
·
0 Comments
·
Sorry, my last post was probably misunderstood. What I meant was, when I view from firebug I dont see any ping done to com_komento at all. However in my log I can still see the POST request to com_komento coming from other ip addresses. So I dont know if this is happening due to them browsing from an old cached page that probably still has Komento notification pings in source code (if that is possible) or if they are bots posting directly to my server URL.

Other than Komento notification settings you mentioned in your last post, is there anywhere else that pings com_komento at all?
Neel
·
Thursday, 16 June 2016 16:55
·
0 Likes
·
0 Votes
·
0 Comments
·
Hey Neel,

May i know what is this exact page url ? (http://example.com.au/xyz)
101.177.167.203 - - [16/Jun/2016:14:41:05 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com.au/xyz" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; LCJB; rv:11.0) like Gecko"


I believe these log files info is someone access on your site one of the page, it frigged the Komento request to your server.

Can you try clear all of your log file data before you try access that URL `http://example.com.au/xyz` then double check the log files and see is it will generate again?
Arlex Wong
·
Thursday, 16 June 2016 17:50
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Arlex,

Thank you for your response and hope you are doing well.

I cleared the log and analysed the access log again. I noted down the urls that were triggering the com_komento and I went to the exact same url. The request from my ip during the page load did not trigger any komento in that page.

When I browed the pages, the log looked like this for my ip address:

144.xxx.xx.xx - - [16/Jun/2016:21:28:34 +1000] "POST /?option=com_easysocial&_ts=1466076513265 HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:44 +1000] "GET /page2 HTTP/1.1" 200 13728 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:44 +1000] "GET /media/k2/items/cache/x4653e069ed7369840191e8bf38ab8dc9_S.jpg.pagespeed.ic.QO4-0CX6uo.webp HTTP/1.1" 200 15932 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:44 +1000] "GET /media/k2/items/cache/xd26f2d3a8ff5583681ac68eec63fdc44_S.jpg.pagespeed.ic.Twgk7I27WY.webp HTTP/1.1" 200 9460 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:44 +1000] "GET /media/k2/items/cache/xc66733db6fd9c6779ab24f57f69f5201_S.jpg.pagespeed.ic._rzI1Brptc.webp HTTP/1.1" 200 23616 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:45 +1000] "GET /media/k2/items/cache/x2ec788b5d2483f73e1f9efd1de8baaf4_S.jpg.pagespeed.ic.QzYf02zBFQ.webp HTTP/1.1" 200 8934 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:45 +1000] "GET /modules/mod_news_pro_gk5/cache/300x180xk2.items.cache.d26f2d3a8ff5583681ac68eec63fdc44_Mnsp-195.jpg.pagespeed.ic.1Fk2HSRIvp.webp HTTP/1.1" 200 8086 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:45 +1000] "GET /modules/mod_news_pro_gk5/cache/300x180xk2.items.cache.391d45802a606be64095bd7b66c67316_Mnsp-195.jpg.pagespeed.ic.lezi2ocjpw.webp HTTP/1.1" 200 9774 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:48 +1000] "POST /ngx_pagespeed_beacon?url=http%3A%2F%2Fexample.com%2Farticles%2Fchildcare-programming HTTP/1.1" 204 0 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:28:59 +1000] "GET /page1 HTTP/1.1" 200 17328 "http://example.com/page2" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:29:00 +1000] "GET /modules/mod_news_pro_gk5/cache/300x180xk2.items.cache.eb800d55c6f0176e166b1567b2249535_Mnsp-195.jpg.pagespeed.ic.8-VGhKh5-d.webp HTTP/1.1" 200 7866 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:29:00 +1000] "GET /modules/mod_news_pro_gk5/cache/300x180xk2.items.cache.85217272b4e7187cce0880e98f060661_Mnsp-195.jpg.pagespeed.ic.lwN3CD8lQZ.webp HTTP/1.1" 200 7202 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:29:00 +1000] "GET /modules/mod_news_pro_gk5/cache/300x180xk2.items.cache.cdbf366d9f51982d2973fefc5c0ec9b1_Mnsp-195.jpg.pagespeed.ic.sYJZWPcowo.webp HTTP/1.1" 200 2782 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:29:03 +1000] "POST /ngx_pagespeed_beacon?url=http%3A%2F%2Fexample.com%2Farticles%2Fchildcare-programming%2Fhow-educators-can-promote-eylf-learning-outcomes HTTP/1.1" 204 0 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:31:04 +1000] "POST /?option=com_easysocial&_ts=1466076662276 HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"

144.xxx.xx.xx - - [16/Jun/2016:21:32:03 +1000] "POST /?option=com_easysocial&_ts=1466076722281 HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36"



When analysing the log entry of one of the ip address that kept requesting for com_komento, their access files are only that request alone. Like this:

25.xxx.xx.01 -- [16/Jun/2016:21:28:38 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:29:08 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:29:39 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:30:09 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:30:39 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:31:09 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:31:39 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:32:10 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

25.xxx.xx.01 -- [16/Jun/2016:21:32:40 +1000] "POST /?option=com_komento HTTP/1.1" 200 44 "http://example.com/page1" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"


Do you see the pattern? If its a full page load from a url, shouldn't the access log for that ip show requests for other files as well, similar to mine?

Could it be due to a cached file or an old inactive open tab is still sending the request even after disabling Komento and its notifications? I can see the 30 second increment in some of them and I have disabled the Komento notifications and also set the time interval to 0. Could an old opened tab still trigger all these request? Is there a way to safely drop these requests?
Neel
·
Thursday, 16 June 2016 19:52
·
0 Likes
·
0 Votes
·
0 Comments
·
hey there,

I am sorry for the missed up this post,

It seems like those requests are generating on the fly mini configurations. This will be addressed in Komento 2.1.

By the way, can you try temporary modify this file -> JoomlaFolder\components\com_komento\controllers\captcha.php (check my attached screenshot below and comment out that code)

And following attached screenshot turn off some of the settings and see is it can help a little bit?
Arlex Wong
·
Tuesday, 11 October 2016 14:17
·
0 Likes
·
0 Votes
·
0 Comments
·
I am sorry Neel, but as much as we would like to assist you, we will not be able to assist you any further as it would be unfair to our other customers who have been actively supporting us by renewing their subscriptions.

Thanks for understanding.
Mark
·
Tuesday, 11 October 2016 17:12
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post