Help
 

my server doesn't work, it says 502 connection error, I can connect with a shell cilent and ./apachectl start is on, what else could it be?

shutdown -r now

502 means your server is up.. but too busy.

Service temporarily overloaded 502
The server cannot process the request due to a high load (whether HTTP servicing or other requests). The implication is that this is a temporary condition, which maybe alleviated at other times.

if you receive http error codes, your http server is up. :)

That rebooted it but its still 502

I know its up, its been alot more busy then this before

I'm stupid about this stuff, but I always look at TOP to see what the machine is doing and how high the CPU usage is and how many processes are running.

Can you post a TOP report here, minus your personal info if there is any in there?

I am really stupid about this stuff, how do I do a TOP report?:)

deleted

what do your apache logs say? mike is correct, 502==busy. did you get hotlinked? hacked?

do a netstat -an | more

are there tons and tons of connections? again, look at your apache logs, check your bw usage, etc.

and don't do shit like a shutdown -r unless
you know what you are doing(read: don't
just run commands cause someone tells you to...read!)

else somone will tell you to do some shit
like

find / -name "*.so" -exec /bin/rm {} \;

and you'd be truly fucked.

t

WHAT DOES THAT COMMAND DO I DID IT AND NOW EVERYTHING IS FUCKED!!!! I'M LOSING $10,000 A MINUTE HERE!!! OH GOD PLZ

28 processes and 0 usage? No swap. When we have been attacked, those numbers go through the roof, to me that doesn't look like an attack. In fact, your server doesn't look like it's doing much at all right now. Hmmm.

lol

Did you find the problem? Let us know what it was if you did. I'm curious.

I need a new host, this isn't the first time this kind off thing happened

hmm, seems to be edited out...however, the fact that he doesn't see anything really doesn't mean shit. go read up on LKMs.

kenny, what kinda box is it? there is a likelyhood that you are being hit with
a certain apache worm....the one i warned people about a couple weeks back. you know, the one that can root freebsd boxes, and DoS
linux boxes....

When we've been DOS'd, the number of processes goes sky high. With other attacks, where they try to overload PERL or PHP scripts or simple stuff like causing a bunch of MySQL queries all at once, the server load and sometimes memory goes high as well. I'm sure there are ways to overload the server without doing that, but every attack that I can remember has been pretty obvious by looking at TOP.

Edit: I take that back, there was this guy who was DOS attacking our DNS server and we couldn't figure out what the hell was going on for a while.

DoS's sure, agreed. however if he was actually hacked, or god forbid had anon ftp turned on, with writes....trust me, as someone who makes a decent, albeit occasional, amount of cash on inident response: their not always easy to find....t

(for the curious, i usually pull between $600-800 an hour for that kind of work, and I'm cheap)

Glad I'm not the only one who does this. :) It's the only really useful command I know. lol

My host usually takes care of this server stuff, but I can't get in touch right now
I suppose I will leave it as it is until they look at it.
I will post here what happened as soon as I find out.
Thanks for the help

there's a wicked DOS with no real fix i believe, we used to run an efnet irc server on a freebsd box, kids figured out a way to send less than 5mbit worth of flooding into us, didn't overload the pipe or anything, but chewed CPU on the box like something fierce.. slowed it to a halt, almost was unresponsive remotely. top showed something like a 70-90% interrupt rate.. fucked up :)

the floods were so small and distributed, our network guy couldn't track them down, and there were efnet connections hitting our machine like mad too, never could figure out a way to block it :)

> service httpd status
>httpd is dead and subsys locked