Piotr GRD

Connections were fast/slow/times out randomly for some reason. You could try to send several requests to Stevie with just 1 second interval (I tried, from multiple locations just for sure to exclude problem on my side) and have completely different waiting times for the server response every time. Similar situation was on 10/11 September for couple of hours. By the way - the software used for FTP server installed in here is "Pure-FTPd" and maybe this is the reason of confusion with "D" at the end of FTP? : )

Quote: ... Hackers breached Linux.com, linuxfoundation.org and www.kernel.org yesterday. ... Yesterday?... I though that they discovered that kernel.org was compromised on August 28th 2011 already, so more than 2 weeks ago, but no news about when exactly it was hacked, possibly days or even weeks before.

[little bit offtopic] I don't quite understand the purpose of the whole process of changing the main domain of the account in majority of the cases. Why? As long as the old/previous domain name won't be used anymore on the same server by anyone (either by current or by any future owner) it doesn't really matter if it's pointed to the account or not. The new one can be set as parked or addon and used, old can be forgotten completely, as long as DNS won't be set properly to point it here the domain won't be accessible from here anyway. In this specific case of undergroundunion.co.cc - as long as no-one in the future will try to add this domain name to any other account on Stevie it can be left on Syntych's account forever, I see no necessity to remove it. And just for peace of mind and to avoid any unexpected surprises, I am always, on any hosting, registering account with the free subdomain that the hosting is providing as the main domain (I don't use it for any website, though) and then all my own domain names I am pointing either as addon or parked domains. I suggest to all the people the same. [/little bit offtopic]

All depends what the "subject.php" is doing, how many server resources it's using and how often will be called. With just one visitor on your website reloading a "page" every 5 seconds I'm sure it will be fine. With thousands visitors browsing website at the same time and every one of them reloading the "page" every 5 seconds it may be very significant amount of traffic even if "subject.php" is lightweight. You know what kind of traffic your website will have and the common sense should help you decide.

Doesn't PHP-Fusion also log the IPs with posts on the forums etc. so you will know sooner? Anyway. Two things you need to know, though. - If multiple proxies will be in use - so at least one more (transparent, not anonymous) apart of CloudFlare's proxy then HTTP_X_FORWARDED_FOR will contain comma separated multiple IPs, every following proxy will add to which IP it is forwarding at the end of the list. In such case PHP-Fusion may or may not have problems with it, depends how it's coded to handle eventual bans, IP comparison etc. In case of problems we could explode the IPs from this list and use only one. Any PHP programmer will help you with this. - HTTP_X_FORWARDED_FOR is sent in HTTP headers by the client. It can be very easily spoofed, you have no any possibility to check if the IP provided is a real one. So as long as you can more or less trust that CloudFlare's proxy won't cheat you with this, but you can not be 100% sure if the other IPs provided by other proxies (or even regular clients, but especially various malicious bots) are real. You can't do much or anything with this, though.

@ PenTester Windows equivalent is task scheduler. If you're using Windows most probably you have seen it in control panel. What it is doing is practically the same like cron on Unix-like systems. http://en.wikipedia.org/wiki/Cron

One thing you have to keep in mind is that while your desktop is only yours - shared webhhosts are shared between hundreds or thousands or even more users. And the question is: would you be happy if someone else would take too much server resources and makes it unavailable for you and other users? This is why there are various limits on shared webhosts. There is always some way around. One could save the list of files, split it into several parts and execute one after another (not manually, everything can be coded), but still this will be a bit unfair to other users of the server if this will affect them.

I didn't use PHP-Fusion ever, I don't know the code, I have just spent around 3 minutes on the code (PHP-Fusion v7) analysis so I may be wrong, but this looks like may be the solution for you... In latest version - v7.02.03.Full - it's inside the file "maincore.php" in line 80. In different versions it may be different line number or even in different file. There is something like: define("FUSION_IP", $_SERVER['REMOTE_ADDR']); What if you'll replace this line with something like: if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) define("FUSION_IP", $_SERVER['HTTP_X_FORWARDED_FOR']); else define("FUSION_IP", $_SERVER['REMOTE_ADDR']); !!! Remember to always have a backup of original file when doing a modification of anything. This may not work at all or as expected, as I wrote - I spent just three minutes on a big 10+ MB, 1800+ files script. Even if this will work - there could exist some known issues with it (when multiple proxies are in use) so tell me if it works or not to modify the code further. !!! But most of all: Could you create such PHP file: <?php echo 'REMOTE_ADDR: ' . $_SERVER['REMOTE_ADDR'] . '<br/> HTTP_X_FORWARDED_FOR: ' . $_SERVER['HTTP_X_FORWARDED_FOR'] . '<br/> HTTP_VIA: ' . $_SERVER['HTTP_VIA']; ?> Upload it into your website and access it? If you'll find that REMOTE_ADDR is CloudFlare's IP and HTTP_X_FORWARDED_FOR is your own original IP then this is what I've expected. Knowing what is the content of HTTP_VIA may help to create better modification that will work only for CloudFlare's proxies and not for other proxies.

xaav is right. It's not critical in any way. And it is available for long time, if something malicious could be done it would be done by someone already. Most interesting things I found (long time ago) with this are some mp3's (legal or not, djbob?... ;> ) and the couple of years old letter where djbob asks for some funds to buy/get new better server for HelioHost. : )

And all of these is only needed for server side logs. If you care more for logs made by software that you use - some forum/CMS/blog/whatever script - you could get the real visitor IP by doing some small edits in these scripts. Some scripts may already be coded to do what you need. If you code by yourself you may find that Cloudflare's proxy most likely (I can not be sure as I didn't ever use CloudFlare for any of my websites) introduce itself inside of HTTP_VIA and the real visitor IP is most likely provided in HTTP_X_FORWARDED_FOR. I can only guess that mentioned above Apache module is rewriting it into REMOTE_ADDR if detect that CloudFlare's proxy is in use.

For many months if not longer, I don't even remember when I've spot it for the first time.

[slightly offtopic] Does the whole blue area is owned by djbob or he is so big that can not fit in one state, not to mention one city or one apartment? ; D ; ) hehe ; )

You don't need any cron job. You could replace this part of the code: #### If txt file exists get last count and add 1 $hits = file_get_contents("$file.txt"); $hits++; file_put_contents("$file.txt", $hits); } with this: #### If txt file exists get last count and add 1 if (date("Ymd", filemtime("$file.txt")) == date("Ymd")) { $hits = file_get_contents("$file.txt"); $hits++; } else { $hits = 1; } file_put_contents("$file.txt", $hits); } And if you would like to store archive data for previous day for own statistic purposes: #### If txt file exists get last count and add 1 if (date("Ymd", filemtime("$file.txt")) == date("Ymd")) { $hits = file_get_contents("$file.txt"); $hits++; } else { rename("$file.txt", date("Ymd", filemtime("$file.txt")) . "$file.txt"); $hits = 1; } file_put_contents("$file.txt", $hits); } Of course remember to set your desired time zone if it's different than default one set on the server for the counter being resetted at the right midnight, ie.: putenv("TZ=America/New_York"); edit: I didn't see edited by byron "Or you could add this to ...", yet, while writing my reply. What is worth to mention, though, that while byron's edited script with "$ckfile" will do the reset, but not necessarily at the midnight.

dateindiaonline.co.in has set ns1/ns2.heliohost.org nameservers as authoritative. If I'll "spoof" the DNS system the website works and is displayed for me correctly from Stevie. Unfortunatelly at the moment either ns1 or ns2.heliohost.org nameservers does NOT have any records for this domain name, you can check using DIG, ie. this one: http://heliohost.grd.net.pl/dns-checker/ There are two solution: - Fix that can be done by HelioHost staff: update the HelioHost nameservers to contain records for this domain name. - Fix that can be done by the srimanju: use any other nameservers (ie. from domain registrar) and point the domain name to Stevie's IP 216.218.192.170 on that chosen nameservers. Additional note: As the nameservers change has been applied at domain registrar just couple of hours ago - even if the entries on HelioHost nameservers will appear the domain may not work for the whole world instantly.

Or do whatever else will be required and possible to do to fix the problem. Sometimes there may be problem with just one domain - in such case manual update may take less time and resources than full synchronisation. I am mainly trying to diagnose problems and - if possible - create tools that may help to diagnose these problems more easily, quickly, automatically. I can also suggest some solutions, like ie. in here, but every time the decision have to be made by a human admin regarding specific current situation. My tools are only automatic scripts that may not detect some specific situations which can be determined only by human after seeing the data provided by these or other various tools. @ Krydos Thank you. : ) By the way: another diagnostic utility, soon, link will appear on my other utilities.

Yes. Byron's utility let you check these DNS records that entire internet sees. He is most likely using the results returned by dns_get_record() function. My utility checks the DNS records on ns1.heliohost.org and ns2.heliohost.org specifically. This may be different than what entire internet sees, ie. if one does not use HelioHost nameservers as authoritative for the domain name. I am using DIG to query these nameservers. It's something like http://www.spacereg.com/a.rpl?m=dig or http://www.kloth.net/services/dig.php but without possibility to select specific records or custom nameservers. It's designed to check only records on both HelioHost nameservers as quickly as possible - with one click. My tool will be useful in a case of some problems with HelioHost nameservers. Two times already ns2 did not return any records for some of the domains while ns1 did (nameservers were not synchronised). Now anyone, even someone that don't know what the DIG is, can diagnose such problem very quickly. Check "grd.net.pl" for example. This domain is NOT parked on HelioHost, so obviously HelioHost nameservers does not have any records about it. My tool will show that there are no records for this domain on ns1/ns2.heliohost.org. Byron's tool will display you what the entire internet sees, that domain name is pointed to dns/dns2/dns3.home.pl (my registrars nameservers). Check "google.com". Now here you'll be surprised. ; ) Someone did point this domain name to some account on Stevie and using my tool you'll find that HelioHost nameservers points "google.com" to IP 216.218.192.170. This is obviously NOT what entire internet sees, Google does not use HelioHost nameservers as authoritative so records in here does not matter at all, google.com is not served from Stevie for anyone that use public DNS system. edit: Not anymore, records for "google.com" has been deleted on HelioHost nameservers.

Yes, it shows up correctly as the image in Fx3.0 and IE6. (don't comment on IE6, please, it just sits as default on XP, I don't really use IE - any version - so no need to upgrade)

Hmmm... For me it shows just fine. "Content-Type: image/jpeg" alphapete.com/images/header2.JPG HTTP/1.1 200 OK Date: Sun, 21 Aug 2011 16:32:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.6.3 FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1 mod_wsgi/3.3 Python/2.7.1 Last-Modified: Sun, 21 Aug 2011 16:16:19 GMT ETag: "205402e-2f1-4ab0649ca70c0" Accept-Ranges: bytes Content-Length: 753 Content-Type: image/jpeg alphapete.com/images/moon.jpg HTTP/1.1 200 OK Date: Sun, 21 Aug 2011 16:33:20 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.6.3 FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1 mod_wsgi/3.3 Python/2.7.1 Last-Modified: Fri, 29 Jul 2011 21:03:31 GMT ETag: "2054113-725a-4a93b9e8c44c0" Accept-Ranges: bytes Content-Length: 29274 Content-Type: image/jpeg alphapete.com/images/sunset-rays-8-3-2011.jpg HTTP/1.1 200 OK Date: Sun, 21 Aug 2011 16:37:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.6.3 FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1 mod_wsgi/3.3 Python/2.7.1 Last-Modified: Thu, 04 Aug 2011 16:58:33 GMT ETag: "2054655-114cc-4a9b0e586d640" Accept-Ranges: bytes Content-Length: 70860 Content-Type: image/jpeg

Indeed, no records for this domain. And if you'll "spoof" DNSes then "account queued" page is displayed. Possibly account has been deleted? 15 hours ago it worked. Anyway - it's not my account, but naveh's, maybe he/she decide to delete it after these problems. @ krydos No problem. Thank you. : ) But I had plans to write about it later in the topic about monitor, anyway, so it would not be buried. Separate topic is fine if you decide it's better. Besides my pages are linked between each other.

And even not inclined technically people that don't know what the DIG is and how to use it, can use this online utility that I have created 2 days ago especially for this purpose: HelioHost DNS Checker (DIG) - http://heliohost.grd.net.pl/dns-checker/ It will let you query both HelioHost nameservers with just one click. Highlighted "answer section" should be the same on both servers - if not, then as djbob wrote: problem.

At the moment it looks like we are experiencing a "global" issue with all accounts on Johnny being "queued" (for main page) or displaying 404 (for any subpage) for ~2 hours already. This happend from time.

And this is exactly what I am describing - these numbers are the average numbers of processes waiting either for the CPU share or to access the disk to load or write some data. Third number mentioned by you represents the average number of processes for the last 15 minutes. While the images on the forums won't be reloaded every minute by most of the people I think that displaying average for longer time is a good choice made by the person that created it. Seeing a temporary 1 minute peak while 1 minute before and 1 minute later server load is low and fine could be misleading. On the other hand on my graphs you can view the 24 hours history, so viewing such short 1 minute peaks can be sometimes useful. Some can be missed, though, as I query the servers every 2 minutes, but anything significant will be reported by the numbers of average load for longer time periods (5 and 15 minutes). edit after seeing xaav's reply: ... I think that displaying average for longer time is a good choice made by the person that created it, especially if the retrieved from server value is cached.

So called "server load" is the average number of jobs (processes) in the run queue (waiting for CPU share) or waiting for disk I/O (load/write the data). So we can simplify it and describe as CPU and I/O utilization on the server. Inside of cPanel you'll find the average server load for last 1 minute, the tool displayed as the images on the forums uses the value average for last 15 minutes, if I'm right. And on provided by me server monitor you can find graphic presentation of three values - average for last 1, 5 and 15 minutes, so all that are reported by the server itself (well, 2 servers in here).

Just for your information: ns2.heliohost.org still has no records for algalil.heliohost.org, while ns1 has.

Yes, since July 5th 2011 there are two separate nameservers. Previously it was physically only one. Having one was less reliable (if one fail - everything fail - especially if it's on the same machine with overloading everything Johnny), but no need to synchronising anything. Having two is better for reliability, but problems with synchronising the entries on it appear - as we can see for the second time within these 40 days already.