Jump to content

[Solved] Three weird things: db timeout, password rejection, and phpMyAdmin crash


badrihippo

Recommended Posts

Hi all,

Something weird happened just now and I'm a little freaked. Three things, actually.

 

Some background: I run a Ghost site on Heroku, which uses a HelioHost database via "remote MySQL". Today, the site failed to startup due to an application timeout, which I assume was a timeout while trying to connect to the database (it was working fine in the morning so I can't think of any other explanation).

 

When I tried to sign in, the password was rejected thrice. That might have been just me in a panic, but I know what my password's supposed to be, so was wondering if someone's broken in and changed it. In any case, I reset via email to a different one.

 

After signing in, I tried opening phpMyAdmin to test the database, but it fails with an error:

No response from subprocess (php): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file.

 

 

As a side note: Tommy's cPanel seems much slower than usual. This might be unrelated, but it may also explain all the errors (maybe the password checks and database calls all timed out).

 

If possible, would you admins be able to do the following:

  • Send me IPs and login times for my last 3 cPanel logins (I got the last one's IP, but I'm travelling so would need a couple others to compare). Maybe also password reset logs or something to see if there's anything suspicious.
  • Look into phpMyAdmin and remote SQL and see if others are having issues too
  • Not sure what else, but maybe something in the syslogs to indicate what may be happening?

Thanks in advance!

 

Link to comment
Share on other sites

Update: The remote SQL (via Ghost) is back in action! phpMyAdmin still crashing though. Maybe it was a load issue after all? :blink:

Update to the update: it's down again :( database requests are timing out

Edited by badrihippo
Link to comment
Share on other sites

Something/someone was overloading Tommy earlier. It looks like it was a DoS attack, which isn't terribly uncommon...we sometimes get hit with these, usually as retaliation for things like banning someone's phishing site.

 

If it were internal (software malfunction or abusive user), they'd end up suspended, typically within a few minutes. The fact it lasted for hours alone suggests external causes. That's backed up by Tommy's firewall log having a ton of new blocked IPs from China today...

 

Notice all the orange and red betwen 1500 and 2000 UTC): http://heliohost.grd.net.pl/monitor/ During such events, it's not uncommon for connections to fail or for things to randomly hang or crash. If you're logging in using our website, an Invalid Password message will be display if the server is down and cannot be contacted to verify your password (it really should be modified to report that the server timed out verifying the password).

 

The event in question has since subsided and service should have returned to normal. If your account is still not working, please let us know and we'll get it going again for you :)

  • Like 1
Link to comment
Share on other sites

Oh, yes. It's back to working now! That's a relief (Side note: didn't imagine I would be relieved by a DDoS attack :P). Then my guess about timeouts was correct.

 

I'd checked for news updates on Twitter but didn't realise there was a Discord channel too. Is that the new "go-to" place for updates?

Link to comment
Share on other sites

Not necessarily as the updates are posted in the 'News' section here as well, but you could still join Discord as you could get help within a few minutes, from the active community and with the one-to-one interaction in the chat. Ofc all updates are posted there. :)

Link to comment
Share on other sites

Discord is best for real-time stuff. An ongoing attack is likely to be discussed in Discord (or possibly a forum help request) first, and assuming it subsides quickly, will never make it to the News forum or other media channels.

 

Planned events such as migrations, server updates, maintenance, etc. are always announced in the News forum, as are unplanned events with an extended impact (extended DoS attacks lasting longer than a day or so, disk failures, etc.)

 

Twitter and Facebook are managed by a bot and will post the same announcements made in the News forum. They aren't manned.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...