“You need to buy more!”

That’s what the customer service people at Verio told us we had to do. We went from 50 page views a day to “You are running out of processes, you need to upgrade your plan”. They originally told us that we were receiving too much email. So I told them to discontinue the email plan. That fixed nothing and we had no email. Then Verio customer service said “You are getting too many page hits! you need to upgrade your plan!” . I asked for the access_logs and error_logs for the site and got something like this:

96.246.168.114 - - [18/Aug/2013:21:00:36 -0400] "GET /website/wp-content/gallery/flowers-in-the-garden/2012-sunflowers-w-asters.jpg HTTP/1 .1" 304 - "http://maryahernartist.com/nextgen-galleria-gallery/668" "Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0" 
125.26.65.249 - - [18/Aug/2013:21:01:37 -0400] "POST / HTTP/1.1" 200 36072 "-" "Mozilla/4.0 41.133.224.140 - - [18/Aug/2013:21:06:55 -0400] "POST / HTTP/1.1" 200 35865 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
216.212.152.80 - - [18/Aug/2013:21:07:19 -0400] "POST / HTTP/1.1" 200 36111 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
118.175.182.112 - - [18/Aug/2013:21:07:20 -0400] "POST / HTTP/1.1" 200 35999 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
187.56.43.37 - - [18/Aug/2013:21:07:22 -0400] "POST / HTTP/1.1" 200 36048 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
187.56.43.37 - - [18/Aug/2013:21:07:33 -0400] "POST / HTTP/1.1" 200 36048 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
65.50.63.75 - - [18/Aug/2013:21:07:51 -0400] "POST / HTTP/1.1" 200 35928 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
108.94.70.110 - - [18/Aug/2013:21:07:53 -0400] "POST / HTTP/1.1" 200 36016 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 

203.118.137.235 – – [18/Aug/2013:21:08:04 -0400] “POST / HTTP/1.1” 200 36055 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

190.160.154.144 – – [18/Aug/2013:21:08:01 -0400] “POST / HTTP/1.1” 200 36048 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

108.94.70.110 – – [18/Aug/2013:21:08:23 -0400] “POST / HTTP/1.1” 200 36055 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

24.1.89.238 – – [18/Aug/2013:21:08:37 -0400] “POST / HTTP/1.1” 200 36072 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

201.240.53.240 – – [18/Aug/2013:21:08:38 -0400] “POST / HTTP/1.1” 200 36111 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

24.14.167.244 – – [18/Aug/2013:21:08:45 -0400] “POST / HTTP/1.1” 200 36062 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

201.240.53.240 – – [18/Aug/2013:21:08:46 -0400] “POST / HTTP/1.1” 200 36016 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

207.179.119.46 – – [18/Aug/2013:21:07:27 -0400] “POST / HTTP/1.1” 200 36072 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

127.0.0.1 – – [18/Aug/2013:21:08:57 -0400] “OPTIONS * HTTP/1.0” 200 – “-” “Apache/2.2.15 (CentOS) (internal dummy connection)”

59.120.3.76 – – [18/Aug/2013:21:09:12 -0400] “POST / HTTP/1.1” 200 36072 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

203.109.44.35 – – [18/Aug/2013:21:09:18 -0400] “POST / HTTP/1.1” 200 36065 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

58.251.14.195 – – [18/Aug/2013:21:09:20 -0400] “POST / HTTP/1.1” 200 36062 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

 

And so on ad-infinitum… Boy those ie 6.0 Windows XP boxes sure like us! Thus ladies and gentlemen is what a HTTP Flood Attack looks like.

http://security.stackexchange.com/questions/29220/what-is-http-get-post-flooding-attack

 

 

The next suggestion from Verio was to upgrade to WordPress 3.6. We were using last weeks version 3.5.2. This is difficult to do via command line but I did it. We also had to upgrade all the plugins. Then we turned the site back live and guess what? It was still falling over.

 

I had gotten nowhere with Verio. And looking back I don’t know what they could have done anyway. The main issue I have with them is that they firewalled their Systems Admins from their customer base. As a customer you can not have a conversation with an SA, only their Customer Service. These people are not empowered to fix any problems, they can only relay the issues upstream and relay the answers downstream.

 

It was time to look elsewhere. I started looking into Virtual Private Servers (VPS). The one Verio offers costs $30. Oh boy they want us to pay $30 as opposed to the $10 that we were currently paying. I searched and found a VPS provider in New Jersey. www.interserver.com I ordered the most basic service and wound up paying $6 as opposed to $10. To be truthful , the $6 offers similar performance to the shared server, which quite frankly is nothing to write home about. However, you can upgrade the slices. This doubles the memory allocation, web bandwidth, disk allocation per slice. E.G.

 

Slices

Storage

Memory

Transfer Bandwidth

Price

(OpenVZ)

1

20G

512MB

1TB

$6.00

2

40G

1024

2TB

$12.00

3

60G

1536G

3TB

$18.00


And so on.. I chose OpenVZ rather than KVM for 2 reasons:

1) Cheaper ie. $6 vs $8 per slice

2) (Slightly) better performance per slice. The disadvantage is that you cannot change the kernel and there is less isolation. I am using the guest OS , same as everyone else, so I did not think that kernel mods were necessary.

Interserver also sells upgrades ie. SSDs, which are $4.00 per slice and a control panel . They have two types of Control Panels , Cpanel and DirectAdmin. DirectAdmin costs $8 whist Cpanel costs $10. Note they require at least two slices to run. Cpanel or Control panel does more and costs more. I think that Interserver has to pay a 3rd party which explains why they are relatively expensive. For those who know me I am a command line guy anyway so I have no use for these Control Panels. The SSDs seem intriguing . I might spring for one to see if it makes any difference. (It should, especially with only 512 MB of memory).

 

I think this is a great deal. Most other VPSs start at $30 so this is a tremendous bargain. Also I am currently on a $.01 promotion so the first month only costs me $.01!!

 

So I bought a single slice VPS and set it up. BTW the purchase process is very easy! And setting up the Centos server is easy.

 

N.B. This is not Linux centric. You can order Windows (2008R2 for example). However the price goes to $11 per slice.

 

One smart thing that we did was register the domains with a separate registrar. We use Network Solutions. Which , I believe, was the first Internet Registrar. I like them well enough. But then I use an ATT iPhone and I like that well enough . So at the NS control panel I re-pointed the DNS servers from Verio to Network Solutions. And then I pointed the Address records to my new server at interserver.com. And guess what, the Apache web servers fell over, probably even quicker than the one at Verio.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *