Sites load extremely slow


#1

Hello!

All my sites using PHP load extremely slow, I contacted support and they replied saying my scripts get killed by The Process Watcher daemon for using up too many resources.

Everything was fine until a few days ago, and I didn’t change anything since then. I used the ssh script to look for abusive IPs but there were none.

I looked in the domains log file and I see a bunch of sites all ending in .rr.nu/ like these:

http://opria79teprol.rr.nu/
http://rhol48dingc.rr.nu/
http://lls83sea.rr.nu/
http://urdr08eamp.rr.nu/
http://ense21sgene.rr.nu/

Are these domains attacking my sites?

Can anyone advise on what to do next?
Thanks.


#2

Yes.

You’re not going to get them to stop attacking. You can investigate what it is they appear to be hitting - like a vulnerable script or a backdoor - and remove it or block access to it.

Nuclear option is to take the sites down. Create a new user - and do not copy files over to it, or re-use a database - and then assign the domains to that user.

Either re-install from scratch or take time to investigate and “clear” the previous version of the site files before copying files to the new user or re-using a database.

For blocking access, try using .htaccess and “deny from” directives to block IP addresses, or other directives to block based on the URL being requested.


#3

Thanks for explaining,

I notice those russian subdomains are on IP 91.230.147.204

So I placed this in all my domains .htaccess:

order deny,allow
deny from 91.230.147.204

but the sites load just as slow as before (eg. navstarter.com).
Nuclear option is not really good for me as there are around 20 sites to re-install and A LOT of content, 4 years of work :frowning:


#4

Do your sites have worldwide interest? You could block an entire region of the world.

Are these wordpress sites? Have they been hacked? Sounds like it… look through some of your files and see if you seen (eval(base64… blah blah… [hr]
here is the long thread on the hack: http://discussion.dreamhost.com/thread-134262.html


#5

they are international web directories like www.navstarter.com


#6

These two threads should help you get your sites cleaned up. Depending on how customized your WordPress sites are, you may find that by exporting your content from the WP Dashboard and killing and completely reinstalling WP and then importing the content (again via the WP dashboard) may be an easier choice. (If you do that, don’t forget to retrieve your images, too)

Long thread, much info:
http://discussion.dreamhost.com/thread-134262.html

DH wiki info about hacks with links to resources.


#7

Thanks artgeek, but my sites are not WordPress.

Looks like it was a server misconfiguration after all.
Hector fixed it and now everything works like a charm.
I already purchased hosting from another company
and was in the process of moving my sites when they finally fixed it.
A question remains:
Why do they fix it only when they see you go?!


#8

[quote=“bax79, post:7, topic:57755”]A question remains:
Why do they fix it only when they see you go?!
[/quote]

Because like any business all they see is cash flow :slight_smile:
They probably were getting around to it, but put another call on hold to get yours sorted before they lost you.