1
whitedragon
My site is acting strange! Possible infection.

I know there is something wrong with my site, but I don’t know what. My site was working normally for 8 days and then, after 8 days, it's acting really strange. Since then, absolutely every day between 11:00 & 12:00, and 23:00 & 23:35 it's banning every member from the site including me! When that comes, everyone are banned from the site, and when we want to log in again, it says "wrong password" and no one can log in for about 5-10 min. After 5-10 min, every one can log in normally. I really don't know what’s is wrong. I have XOOPS 2.0.7.1 and I have anitDos 1.1 module.

2
tl
Re: My site is acting strange! Possible infection.
  • 2004/9/6 12:06

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


I would check with your webhost first.

It seems that your webhost had been backing up MySQL database during the time windows. The database was locked while it was being backed up.

3
m0nty
Re: My site is acting strange! Possible infection.
  • 2004/9/6 12:10

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


try disabling AntiDOS and see if it occurs then..

if not then, it is likely that either you have set the antidos module up incorrectly.

make sure that it is not switched on for webmasters group.. also if it's banning ur members group too, then make it so that the registered group doesn't have access to it..

when i used this module, i only made it visible and accessible to the guests group..

if you have a chat module it can affect that and issue a ban inappropriately..

4
whitedragon
Re: My site is acting strange! Possible infection.

I know that the problem is not in backing up the site because I must manually use backing up system, my web host can't do that.
And also I know that the problem is not in antiDOS because the problems started before I installed that module. I installed it because I though that maybe someone wants to hack me.
Any other solutions?

5
tl
Re: My site is acting strange! Possible infection.
  • 2004/9/6 18:24

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Quote:
I know that the problem is not in backing up the site because I must manually use backing up system, my web host can't do that.


I would still check with the host. Web hosting companies usually do their own system-wide backup every day, including user data.

6
m0nty
Re: My site is acting strange! Possible infection.
  • 2004/9/6 18:50

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i'd find it hard to believe that u were being hacked, altho i'm not saying u shud completely rule it out..

but due to the exact timing and the periods that u can't login would definitely suggest something on the server/hosts side..

it's a very rare occurence that a hacker would p*ss about, playing games like that for so long without either defacing the site or leaving a mark somewhere..

usually during backup of the sql database, some sites receive the error message: error in mysql, unable to connect to database.. not always the case tho as hosts and configurations vary..


7
whitedragon
Re: My site is acting strange! Possible infection.

Quote:

m0nty wrote:
i'd find it hard to believe that u were being hacked, altho i'm not saying u shud completely rule it out..

but due to the exact timing and the periods that u can't login would definitely suggest something on the server/hosts side..

it's a very rare occurence that a hacker would p*ss about, playing games like that for so long without either defacing the site or leaving a mark somewhere..

usually during backup of the sql database, some sites receive the error message: error in mysql, unable to connect to database.. not always the case tho as hosts and configurations vary..



Today it was not as usual. Today that thing with banning happened 5 times!! Does that have to do maybe with custom session settings? It's really annoying, when I have the biggest number of members on the site, my site went crazy. It's really annoying.

8
DonXoop
Re: My site is acting strange! Possible infection.

I'm a little confused by the term "Banning". Is it technicaly a temporary refusal to allow a login with a "wrong password" error? Also, what happens to a user already logged in when the problem happens? Are they kicked off or continue to function? Does the site function normally as an anonymous user during this time?

Given my understanding of the problem it doesn't sound like an evil crack of xoops. It could however be any of several things:
. AntiDos misconfig.
. Custom sessions.
. MySQL issues.
. Content accelerator (reverse proxy).

Too many things to try but easiest is to first:
. disable AntiDos (also have a look at any IPs listed as actually banned), don't use a cache for this module.
. Disable custom sessions. (are you using the "Remember Me" hack?)


9
whitedragon
Re: My site is acting strange! Possible infection.

Quote:

DonXoop wrote:
I'm a little confused by the term "Banning". Is it technicaly a temporary refusal to allow a login with a "wrong password" error? Also, what happens to a user already logged in when the problem happens? Are they kicked off or continue to function? Does the site function normally as an anonymous user during this time?

Given my understanding of the problem it doesn't sound like an evil crack of xoops. It could however be any of several things:
. AntiDos misconfig.
. Custom sessions.
. MySQL issues.
. Content accelerator (reverse proxy).

Too many things to try but easiest is to first:
. disable AntiDos (also have a look at any IPs listed as actually banned), don't use a cache for this module.
. Disable custom sessions. (are you using the "Remember Me" hack?)



With banning I mean a temporary refusal to allow a login with a "wrong password" error. The users who are in that moments loged in are temporally ( 5-10min.) kicked out. And during this kicking, my site is acting totally normal only no one can log in.

10
MadFish
Re: My site is acting strange! Possible infection.
  • 2004/9/7 9:42

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


Just a theory...have you tried deactivating anti-DOS for a day to see if the problem lies there ?

Login

Who's Online

373 user(s) are online (289 user(s) are browsing Support Forums)


Members: 0


Guests: 373


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits