Thursday, February 01, 2007

[WordPress] Tech Help

Our Well Fed sites are currently down, and when I inquired, the server host said this, "Your domain was being flooded with http and mysql requests causing the server to become unresponsive to other users. Your web access was temporarily disabled to give this flood time to subside." Our sites remain down until the "attack" is over. They say there's nothing they can do to prevent this from happening (second time in as many months). Any ideas?

Written by Cate from Sweetnicks and Well Fed.

11 comments:

Anita (Married... with dinner) said...

Hi Cate... I feel you pain. But I don't think this is a WordPress issue, unless the WellFed sites are hosted by WP. (Since you have your own domain, I am guessing they aren't.)

Jocelyn:McAuliflower said...

Definitely not a word press issue.
It's not even really a host issue.

I have attacks on my site- esp when attention has been brought to it (boingboing for example triggered attacks).

You/(insert tech person here) need to trace route where the attacks are coming from and block those ip addresses while reporting the abusive behavior.

It is likely an attack on your servers, with hopes to compromise their security.

While they can't prevent this from happening, they can definitly catch it mid act and stop the demands.

My Sweets/web tech expert has been working on a word press plugin to monitor live traffic and alert us to excessive requests (several page loads from one ip over the course of a minute). I'll note to send you info about it when he has it out of beta.

Cate said...

Sigh ... it's been a long day. Well Fed sites are in WordPress, but the server host is the one bringing down the sites "until the attack subsides." I find it unacceptable that they would bring down all 15 sites without letting me know first, and told them so. They just sent me a long e-mail, but part of it was "Are you expecting an increase in traffic ? Do you have heavily dynamic pages that you could perhaps work to improve the performance of such as caching of content, cutting down database queries or the way in which those queries are performed, checking for proper indexes on databases, etc." To me, do I expect an increase in traffic is a rather silly question. I work hard on marketing and spreading the word on the sites, of course we expect traffic increases. They also sent me some plug-in to install in the meantime while I plead for them to bring the sites back up ...

Anonymous said...

Easy solution, buy your own server, co-locate it in a decent data centre and don't run windoze anything on it. Yes, nothing comes cheap. You get what you pay for. Insert relevent cliche.

Elise said...

Hi Cate,

I think the best thing to do is to go to the Wordpress forum and ask about it there. (http://wordpress.org/support/) In particular ask what vulnerabilities exist within WP such that a flood attack would bring the server to its knees. And see what you can install to help prevent it.

In the Movable Type world that I inhabit there are several things within the program itself that stop flood attacks in their tracks. Still, attackers are always looking for more openings to exploit. It is an ongoing battle.

Regarding hosts, I couldn't agree more with everyone else. Best is to have your own server, that can be expensive, obviously. Second best is to have an amazing web host and not a cheapo. My host is Hurricane Electric - http://www.he.net. The last time something odd was happening on my server because of my code, the support at HE gave me a phone call to let me know that they might have to shut down my site. I called them back immediately and got the code fixed within a day. HE has 24 hour telephone support. Their website is horrible. They don't do CPanel. They expect you to know how to do shell. But, every support person they hire is completely brilliant. And they've always been helpful, including walking me through any shell commands I needed to deal with my site.

Sara, Ms Adventures in Italy said...

I'm curious about your hosting - Yahoo seems to do this sometimes with my Wordpress site (even though my other, non-WP sites on the same domain are available)

An increase in traffic shouldn't be a reason for shutting down a site!

Cate said...

Thanks for all the comments so far. I am in complete agreement that I need to move hosts (we are with Site5 now), but am working on just getting the sites back up first. Still all down. They told me they would re-enable them last night, they were up for about 2 minutes, and brought down again. They gave me a WP plug-in to install on all the sites, which I had someone do last night, but it can't be activated with the sites being down. I've sent them another e-mail this morning and am just waiting. Sigh... another long day.

Liz said...

Hey Cate, Good luck getting this sorted and with... the waiting game. Yikes!

Anonymous said...

It's your host. Not you.

Yes, they're attacking you because they are probing for some vulnerability, but a great deal of that responsibility of fending off such attacks is the host's. (They don't give you the tools to even see that stuff, how can you be held responsible?)

Move hosts as soon as possible. Part of this, I've heard, is a way for the hosts to get you to switch over to dedicated servers (for a premium of course).

Yes, it costs more for a responsible, reliable host who doesn't play those bait and switch games of low cost hosting and bandwidth (but never tell you about caps on mysql requests or cpu usage). I had a similar issue with my last host, altho they moved me to a "quarantine server" which meant that at least my sites were viewable while we worked on resolving the issue (which was solved by moving hosts!).

Good luck and you have my sincerest condolences (seriously, it's a hugely stressful thing and they should add it to the list of most stressful events along with buying a house).

Anonymous said...

Resource Usage Restrictions

Processes
Processes invoked by the web server, cron, shell or any other method should not exceed the following limitations:

* Consume more than 16 MB of RAM.
* Utilize in excess of 15 seconds of CPU time.
* Number of open files should not exceed 64.
* Create core dumps.
* Number of simultaneous processes should not exceed 5.
* Execute a script/binary that forks in a way to create a fork bomb.
* Programs may not run in the background or listen on a network port. If you require a bot, service or daemon, you should consider a dedicated server, as very few shared web hosts allow this type of program.

Database Restrictions

* All users are restricted to 15 concurrent MySQL connections.
* Each database is restricted to 2 GB of disk space.
* Database queries should not exceed 3,000 per hour.
* Database changes (insert/update/delete) should not exceed 1,000 queries per hour.
* Database servers should not be used as a hosted solution. Database access should only be used for the web site hosted by Site5.

Anonymous said...

Sorry.... that last comment was site5 CPU policy in regards to the discussion here.