May 31, 2011 by Paul White
If your websites are going down, due to your application pool failing, or being automatically shut down after a few application errors, then you have a major problem on your hands. In my case the symptom was A process serving the application pool suffered a fatal communication error with the Windows Process Activation Service, in my system logs. If you have each website running in its own application pool then you know which website is going down, but the errors being displayed give you no hints as to the cause. I recently had a website that was randomly going down. Sometimes it would go down every few days, and other times it would only crash once a month. So I finally did some digging for the cause, and found it. If you don't know where to start in debugging your crashed application pools, this might help.
36 Comments
211032 Visitors
211032 Views
May 23, 2010 by Paul White
A few months ago I noticed that one of my clients websites seemed to be getting spikes of traffic. However with spikes in traffic most clients would report an increase in sales or business. When looking at the stats server, the requests were for pages and files that were not even on the server, and were for technologies ( PHP ) that I do not run on m box. If you see requests for files like /prx2.php, /phpmyadmin/config/config.inc.php, /roundcubemail/readme, or /webmail/readme. You might want to read this article.
Jan 13, 2010 by Paul White
On my websites I have them setup to email me anytime a server error happens. If you ever get an error like "Invalid character in a Base-64 string", This is likely a hacker attack. In my case it was on the members login on my client's website. I logged in and shut down the site. 10 minutes later I started it back up and the hacker had left. Interesting is what the HTTP RAW data reveled.
HTTP_X_FORWARDED_FOR:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37
HTTP_PROXY_CLIENT_IP:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37
HTTP_CLIENT_IP:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37
Never seen these values before. According to the logs the IPs were from hundreds of compromised systems. However they all had these values in common. I am going to add a rule to detect the Class A IP in the 80.x.x.x block in the HTTP_X_FORWARDED_FOR, and block. Hopefully this helps some other people out
Apr 20, 2009 by Paul White
Recently I have noticed that the open rates of a few of my client's newsletters are going down. This is leading me to believe that most free mail servers are using yet another litmus test to detect and block spam. Unfortunately those of us with legit bulk emails campaigns are also feeling the pinch.
Dec 19, 2008 by Paul White
With the huge disappointment of Windows Vista. Microsoft needs to make waves with the highly anticipated Windows 7 OS. There have been several rumors, some of which could have a huge impact on sales for hardware manufacturers. Keep in mind there are just rumors. But if true Microsoft may been a good company to invest come June 2009.
Dec 14, 2008 by Paul White
Normally when you upgrade your computer to some new wild multicore chip, as I did with the Intel i7. You would expect some dramatic performance results. Unfortunately it would seem that most software was not written to take advantage of the multiple cores. Read more for an in depth rant about software and the intel i7
Dec 10, 2008 by Paul White
Aborted Connection to db. If you have ever had this little error in MySql and asp.net, you have most likely spent countless hours googling for an answer. I have your answer read more the solution.
3 Comments
16171 Visitors
16171 Views
Aug 26, 2008 by Paul White
The BotNet seems to be growing faster than ever. I have included a list of all the IPs, I have caught attempting SQL injection via querystring. If you have your own blacklist, feel free to add these to your list.
Aug 15, 2008 by Paul White
If you run a website that is based on SQL, or MySQL. This is a must read. Some of my websites recently have been under attack by bots that are trying a new method of SQL injection attack.
Jun 4, 2008 by Paul White
I got sick of seeing failed viewstate in my event logs. so I wrote some code that checks visitors against a HTTP blacklist. I found that one of my blacklists was full of false positives. Not that the given IP wasn't abusive at one point in time but I found it was full of proxies of which are frequently used by legitimate users. After comparing some user logs I found that I was blocking a few of my member. The HTTP blacklist from Project Honey Pot works, but had the problem with proxies as I stated above. However one that I have had much better luck with is the one by
stopforumspam.com.If you are looking to stop comment spammers from seeing your site, I highly recommend them. Read on for a code snippet that shows how I implimented this block