I received the following email from Google today. Ran multiple scans on our system and nothing came out - the destination IP address they sent is a Facebook IP. Does this make any sense? We run Facebook Ads - and my only explanation is that somehow a malicious ad made it into their ad network.

Any assistance much appreciated.

Our systems identified that your Google Cloud Platform / API Project ID [] may have been compromised and used for cryptocurrency mining.

This activity was detected as originating from IP XXX and VM ID XX to destination IP 31.13.86.8 on remote port 443 between 2021-12-02 01:34 and 2021-12-02 01:45 (Pacific Time), though it may still be ongoing.

Hello I'm in the process of moving my site to a new host (ie new IP). I run a social site that sends a large volume of (valid) email, and I have built up a good sending reputation with my current IP over the last 2 years.

My migration plan generally is :

1. Move site to new host/IP
2. continue sending site's mail from old IP
3. build up sending reputation of new IP : gradually increase amount of mail sent from new IP, while reducing mail sent from old IP
4. I would like my mail sent from both old and new IP to both be SPF and DKIM signed, and both appear as from [email protected] and return to [email protected]

Some info :

1. No, i cannot keep the old IP
2. Both servers are whm/cpanel based (which I am more comfortable with)
3. Site is php/mysql5.1

The solutions I looked at so far :

Solution (A) :

1. Set old IP as "permitted sender of" mysite.com and send emails from new IP to old IP via authenticated SMTP
2. The good : mail passes SPF and appears as being sent from old IP, nothing specific running on old IP except mail server.
3. the bad : mail does not pas DKIM, and sending from new IP -> old IP -> the world via SMTP is extremely extremely slow. I send 60k+ per day.

Solution (B) :

1. Set old IP as "permitted sender of" mysite.com and send emails from new IP -> old IP via remote SQL. Old IP then crons over any emails in the SQL and sends them out.
2. The good : mail passes SPF and appears as being sent from old IP. Faster than solution A.
3. the bad : mail does not pas DKIM, setup is a bit of a hack and not very maintainable.

Am I missing some very obvious and straightforward solution ?

I have the following issue :

When running a long-running php script (file upload) it timeouts after exactly 30 seconds of activity.

Bizzarely, it only occurs in certain cases - the one i know for sure is it always occurs when uploading a file using the stock android browser - android for chrome is ok.

The error in the apache log is :

(70014)End of file found: mod_fcgid: can't get data from http client

I have already increased every apache/fcgi/php setting that i know that are related to timeouts :

apache

Timeout 180

fcgi

FcgidIdleTimeout 9600 IPCCommTimeout 520 FcgidIOTimeout 520

php

max_execution_time = 360

Are there any other settings related to timeout that I am missing ?

I have an issue that occasionally (once or twice a week, not necessarily during peak hours) that queries on a certain db (the db of the largest of my sites) suddenly stop responding for about an hour. The queries start to pile up, mostly in "sending data" and "statistics" states, eventually load goes way up > 40, and the whole server comes to a halt.

While this issue is happening, if i disable this site, all other sites and dbs on the same server run normally.

I have the output of "SHOW ENGINE INNODB STATUS" during when it was unresponsive, I'm wondering if anyone could tell me if it shows any anomalies - I have removed the section "TRANSACTIONS" that lists all the pending queries, I can add it if it would help.

5.1.70-cll MySQL Community Server, without Innodb plugin, CentOS 5.9

Thanks in advance.

=====================================
130901 17:10:26 INNODB MONITOR OUTPUT
=====================================
Per second averages calculated from the last 50 seconds
----------
SEMAPHORES
----------
OS WAIT ARRAY INFO: reservation count 25977, signal count 14540
--Thread 140248378771776 has waited at btr/btr0cur.c line 467 for 1.00 seconds the semaphore:
S-lock on RW-latch at 0x7f8e273f8ae8 created in file buf/buf0buf.c line 550
a writer (thread id 140248378771776) has reserved it in mode  exclusive
number of readers 0, waiters flag 1
Last time read locked in file btr/btr0sea.c line 794
Last time write locked in file buf/buf0buf.c line 1820
--Thread 140248434157888 has waited at btr/btr0cur.c line 467 for 3.00 seconds the semaphore:
S-lock on RW-latch at 0x7f8e272877c8 created in file buf/buf0buf.c line 550
a writer (thread id 140248434157888) has reserved it in mode  exclusive
number of readers 0, waiters flag 1
Last time read locked in file btr/btr0sea.c line 794
Last time write locked in file buf/buf0buf.c line 1820
Mutex spin waits 0, rounds 550914, OS waits 8104
RW-shared spins 34629, OS waits 16634; RW-excl spins 2759, OS waits 586

--------
FILE I/O
--------
I/O thread 0 state: waiting for i/o request (insert buffer thread)
I/O thread 1 state: waiting for i/o request (log thread)
I/O thread 2 state: doing file i/o (read thread) ev set
I/O thread 3 state: waiting for i/o request (write thread)
Pending normal aio reads: 172, aio writes: 0,
ibuf aio reads: 0, log i/o's: 0, sync i/o's: 0
Pending flushes (fsync) log: 0; buffer pool: 0
105909 OS file reads, 8365 OS file writes, 4079 OS fsyncs
1 pending preads, 1 pending pwrites
106.42 reads/s, 19475 avg bytes/read, 9.50 writes/s, 4.68 fsyncs/s
-------------------------------------
INSERT BUFFER AND ADAPTIVE HASH INDEX
-------------------------------------
Ibuf: size 20, free list len 70, seg size 91,
1099 inserts, 8617 merged recs, 2154 merges
Hash table size 1888559, node heap has 2598 buffer(s)
8189.64 hash searches/s, 941.80 non-hash searches/s
---
LOG
---
Log sequence number 196 2706819157
Log flushed up to   196 2706818752
Last checkpoint at  196 2705105219
0 pending log writes, 0 pending chkp writes
3880 log i/o's done, 4.42 log i/o's/second
----------------------
BUFFER POOL AND MEMORY
----------------------
Total memory allocated 1061750976; in additional pool allocated 1048576
Dictionary memory allocated 1530760
Buffer pool size   58240
Free buffers       0
Database pages     55642
Modified db pages  1543
Pending reads 172
Pending writes: LRU 120, flush list 0, single page 0
Pages read 127164, created 59, written 5866
126.52 reads/s, 0.08 creates/s, 5.82 writes/s
Buffer pool hit rate 996 / 1000
--------------
ROW OPERATIONS
--------------
8 queries inside InnoDB, 27 queries in queue
17 read views open inside InnoDB
Main thread process no. 2504, id 140248394586432, state: sleeping
Number of rows inserted 963, updated 4397, deleted 5, read 43384960
1.56 inserts/s, 4.92 updates/s, 0.00 deletes/s, 17291.99 reads/s
----------------------------
END OF INNODB MONITOR OUTPUT
============================

I run a reasonably busy (700,000 page views/day, php/mysql) site that gets steady traffic (normally no spikes). The last two days, around peak usage time, and for about an hour, my site had suddenly gone from being very fast to unresponsive, for about an hour, and then back to being super fast.

The CPU load jumps dramatically at 2:10AM :

12:00:01 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
12:10:01 AM         1       270      2.54      3.56      4.00
12:20:01 AM        10       270      5.58      5.09      4.61
12:30:01 AM         9       297     10.06      9.63      7.22
12:40:01 AM         7       296      3.42      5.17      6.15
12:50:02 AM         8       291      4.36      4.57      5.43
01:00:02 AM        20       297      9.38      7.57      6.49
01:10:01 AM         6       279      5.83      6.86      6.90
01:20:01 AM        11       263      5.77      5.43      5.98
01:30:01 AM         2       291      6.70      5.56      5.66
01:40:01 AM         2       285      3.73      5.09      5.37
01:50:01 AM         6       285      3.84      4.65      5.11
02:00:01 AM         8       283      2.56      3.72      4.45
02:10:01 AM         2       431     14.67     10.88      7.34
02:20:01 AM         1       425      7.10     11.48      9.73
02:30:01 AM         4       453     10.30     12.79     11.23
02:40:01 AM         2       440     14.12     16.13     13.41

Here are my stats :

Hostgator VPS Level 7, 2 x 2GHz CPU, 3.2G RAM, CentOS 5.9, Apache 2.2.19, MySQL

• Mysql did not show any abnormal load during this time
• Apache was showing all workers in "W" state.
• Rebooting, restarting mysql, restarting apache all did not resolve the issue
• Nothing abnormal in apache error log (except lots of 503 errors during this time)

I'm really not sure where to start investigating this issue. I'd appreciate any pointers with :

1 - how to fully diagnose this issue now 2 - or what tools to install/ commands to run to capture extra data when it happens again.

thanks in advance.

I'm stuck trying to solve a MySQL issue. A few times an hour, for about 60s, MyuSQL becomes unresponsive, causing our site to be inaccessible during that period. I enabled the slow query log and found nothing amiss (all the queries during the outage are very slow, naturally, but no one query seems to be causing the issue).

I disabled all (my) cron jobs, and the issue still persists.

I ran top during the outage and MySQL is pretty much not even running - which makes me feel that it's not a load/bad query issue.

top screenshot is here : Some stats on my vps :

1.8GB RAM, 2.2Ghz proc. mysql 5.1.56. My site runs blindingly fast except during these periods when it locks up. Average cpu usage is 40%.

Here is my my.cnf :

[mysqld]

safe-show-database tmp_table_size = 24M

max_heap_table_size = 32M

query_cache_limit=1M

query_cache_size=70M

query_cache_type=1

max_connections=200

collation_server=utf8_unicode_ci character_set_server=utf8

delayed_insert_timeout=40

interactive_timeout=10

wait_timeout=400

connect_timeout=20

thread_cache_size=64

key_buffer=50M

join_buffer=1M

max_connect_errors=20

max_allowed_packet=8M

table_cache=1024

record_buffer=1M

sort_buffer_size=2M

read_buffer_size=2M

read_rnd_buffer_size=1M

thread_concurrency=2

myisam_sort_buffer_size=32M

innodb_buffer_pool_size=200M

Any advice on how to track down this issue highly appreciated.

I have a VPS with 768 MB RAM and a 1.13 GHZ processor. I run a php/mysql dating site and the performance is excellent and server load is generally very low.

Sometimes I place ads on Facebook and at peak times I can get 100-150 clicks within a few seconds - this causes the server to run out of memory :

Cannot allocate memory: couldn't create child process: /opt/suphp/sbin/suphp ....

And all users receive an error 500 page.

I am just wondering if this sounds reasonable or not - to me 100-150 does not seem to be a number that should cause apache to run out of memory.

Any advice/recommendations how to diagnose the issue highly appreciated.

I am getting these errors on some pages in my site (php/apache/linux/mysql vps) on intervals and can't seem to find any reproducible scenario :

Handler for (null) returned invalid result code 70007

or

Handler for (null) returned invalid result code 70014

It occurs mainly on pages where file (image) uploads are done. It then causes a 500 error.

Google hasn't returned anything conclusive, has anybody come across these errors ?

i'm running a hostgator vps php/apache/linux/mysql

i have a problem that i cannot seem to properly diagnose/fix :

1. sometimes when loading a page, the browser will load have the page, then it hangs for 10-15s, sometimes more, then load the rest of the page
2. if during the hang, i refresh the page, it loads quickly
3. there is no abnormal load either on apache or sql, no broken links, bad javascript or so

I'm quite sure this is a server-side issue but have no idea where to start looking, any pointers much appreciated. i can attach any logs or config files that could help.

my site has outgrown the shared hosting account it's on and i've setup a VPS that i'll be moving to soon. I cannot keep the same IP between my new account and the old one and I'm a bit at loss as to how to minimize user downtime while the new IP is reflected in all DNS caches. Note I cannot have the site running on both accounts at the same time as it's a dating site and this would cause data inconsistency.

Here's what i am planning to do :

1. Put up a 'under maintenance' page on old host
2. Get the site up and running on new host, and update domain to point to new host.
3. Hope downtime isn't too long.

Would it be a good idea to have a link on the page in (1) that opens the new site but using it's ip ? Or even redirect all requests at the old host, to the new one (again by ip) ?

Any advice much appreciated.

i'm running a site on a shared host while image hosting is done on amazon s3. i've opened a second shared host account for backups. here's my setup :

A -> site on shared host, pushes images to B (s3 api) and C (via sftp), and daily backups to B (s3 api) and C (via sftp)

B -> amazon s3 buckets for main images host and bucket for backups

C -> second account on shared host, acts at backup of images host B and backup of data of A. Host only allows one sftp account which has full root access but is jailshelled.

my problem with this setup is that A is a point of total failure - anybody who gets access to A will be able to (worst case), wipe A, B and C.

Can somebody please recommend a better setup ? thanks in advance.

I've recently moved the images from my site to s3. I'm having nightmares about someone getting hold of the access keys, going in and deleting all my buckets.

Please share some s3 security tips and what to do in case of such a scenario ? (please don't say "keep your keys in a safe place").

When I had the images with my (regular) hosting company, I could rest knowing they keep daily snapshot backups so worst case I would ever lose is 1 day of data.

thanks in advance.

i'm moving my hosted site (same host) to a static IP, I understand there will be some downtime due to DNS caching - does anybody have any tips how to minimize this time and to avoid my users seeing "page not found?"

thanks in advance

I currently have a site that's hosted in Texas.

The majority of my users are from Egypt and I'm a bit concerned that the current hosting is not the optimal in terms of performance. The site is not slow but for how can I know if, for example, hosting it in Europe or Asia is better ?

To clarify I need to know there is a way that I can test different hosting options - for example how can I test the average response time between Egypt and a host in Texas, the average response time between Egypt and a host in the UK ?