The site is very slow...

[Karlos]

Karlos has set the sanity injectors 10! Close your eyes!  :lol:

I know, it's very rare that I actually inject sanity into something :lol:

[Karlos]

Note: I've merged this thread with the "intermittent 500 error" one that I started, since both issues tend to be discussed in this one more.

If anybody experiences any more 500 style errors (and you are able to do so), please post here.

[Karlos]

Ouch. This is ringing the "gaping security hole" alarm... I hope that user input isn't part of the injected code in any way... indeed eval() must die.

Yeah, vBulletin "depends" on it to support hooks, but php's eval() function is truly evil.

However, at least the eval()'d code in question comes from a database, not from any user-supplied input, which as you say, would be *seriously* bad.

Duct tape to the rescue :-)

No kidding. Check this out:

Code: [Select]

// References to "vbam" need to check that it actually is an object before invoking methods on it, but they don't
// The basic type information would be nice for an instanceof check instead of this
if (strpos($hook, 'shareads')!==false) {
$hook = str_replace(
'$output = $vbam->',
'if (is_object($vbam)) $output = $vbam->',
$hook
);
}
eval($hook);

How nasty is that? :lol:

Luckily the offending string in $hook is about 20 lines of fairly basic code after I got it logged, with two method calls on $vbam, neither of which did any checks to see if $vbam even contains a value, let alone whatever object type it was expecting. This is a temporary fix until I can find out where in the database the actual code lives and fix it properly.

PS. I did get the 500 error once maybe an hour ago. Also the site seems to run a bit slow but only intermittently.

There are other potential sources of 500 errors, but I've not seen one caused by this particular problem since the duct tape above.

[Karlos]

I just now got the following error:

Internal Server Error

 The server encountered an internal error or misconfiguration and was unable to complete your request.
 Please contact the server administrator,  webmaster@amiga.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.
 More information about this error may be available in the server error log.
 Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
  Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.amiga.org Port 80

What exactly where you trying to view when this happened?

[Karlos]

Forbidden

You don't have permission to access /forums/newreply.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.amiga.org Port 80

Mon Jun 27 15:15:10 EEST 2011

---

Warning: chdir() [function.chdir]: Permission denied (errno 13) in /home/amiga84/public_html/index.php on line 35

Warning: require_once(./includes/vba_cmps_include_template.php) [function.require-once]: failed to open stream: No such file or directory in /home/amiga84/public_html/index.php on line 43

Fatal error: require_once() [function.require]: Failed opening required './includes/vba_cmps_include_template.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/amiga84/public_html/index.php on line 43

Mon Jun 27 15:17:14 EEST 2011

That's just downright wrong. Time to investigate.

[Karlos]

How many of you are following links in from the "top stats" thing at the bottom of the home page?

[Karlos]

I'm not.

Yeah, the problem you highlighted was certainly not caused due to a path issue.  Getting a 403 for the forum/newreply.php really shouldn't happen.

There's ton of AJAX request being sent by a.org when you're not logged in: two per second, and they're all 404. Can't be good.

No, and that one should be fixed. Also the "misc.php" that is referenced repeatedly from the front page via XHR should no longer 302 redirect to forums/misc.php, which should reduce some of the lags too.

[Karlos]

Anyway, anybody else having this issue?

Yep. Intermittent lags seem to be a regular feature these days but I haven't had any 500 error messages since the last round of duct tape was applied. There also were some server configuration issues  that the hosting company looked into and are reportedly fixed.

[Karlos]

First let me say that I was permanently logged into Amiga.org for many years.
Every time I came here I was logged in and it knew who I was.  I never got to become Piru.

LOL, that brings back memories :lol:

Then one day a while back, I was suddenly not logged in.  Now I have to log in every single time I want to write a post.  I did not cause this behavior intentionally.  It is either a Firefox problem or an Amiga.org problem.

This is an unrelated issue. Your old cookie from the xoops days is meaningless to vBulletin. You need to get a new one. There were numerous threads along the lines of "I keep getting logged out after 10 mins" all of which are down to the same issue and very simple to fix. You have to log in to the user control panel page directly and tell it to "remember me" using the checkbox in the login form there. The quick login box doesn't seem to have one.

See: http://www.amiga.org/forums/showthread.php?t=51458

The above works for me on several vB sites, this one included.

Keeping in mind that I was not logged in.  I left Amiga.org and visited some other sites.  While at the Natami site I navigated back several pages to the home page of Amiga.org.

Since I was now viewing the old post listing on the front page (It was 1+ hour old) I then pressed the "New Posts" button near the top of the page.  This triggered the following error:

Internal Server Error

 The server encountered an internal error or misconfiguration and was unable to complete your request.
 Please contact the server administrator,  webmaster@amiga.org and inform them of the time the error occurred, and anything you might have done that may have caused the error.
 More information about this error may be available in the server error log.
 Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
  Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.amiga.org Port 80

This error was 100% reproducible.  I pressed "back" then "New Posts" and got this same error every single time.

To escape being trapped in the twilight zone I clicked on a random thread "Desperate in Texas" then pressed "New Posts" and it worked.

I never had these problems on other sites.

I hope I have given you a detailed enough explanation this time so that you can solve the mystery and fix the problem.  Thanks.

Well unfortunately that doesn't tell me as much as you may think but as it says, the error log may have more information.

[Karlos]

I'm starting to get the impression that the server is not configured optimally for a site as busy as this and that at times of peak activity it's running out of resources. Not disk space or bandwidth, but available database connection handles or something like that.

[Karlos]

Sounds plausible..

Well, when the site is responsive, it's very responsive. And when it isn't, it really isn't. There's not much middle ground. Using chrome's (or firebug on firefox) net inspector you can see how much time is spent waiting for various requests and I've noticed that when the site lags, it's basically waiting for the page content rather than statically served assets like images and such. Considering that on a good day, a typical page request takes around ~0.2 seconds (processing time for the main script on the server, not the overall page load time), for it to suddenly leap to 30 seconds seems like something in the code itself timing out. Communication with MySQL is always via socket (even when hosted locally) and the database server has a limit on how many concurrent connections are allowed. It's not hard to envisage it refusing new connections to php scripts that might retry several times (with a delay) before giving up all together.

[Karlos]

I've tweaked a few things (mostly cache and thumbnail-generation related) that may or may not improve the site performance, but if we are running out of db connections, it isn't going to help at all.

[Karlos]

'received a invalid reply'

I get this message a lot, refreshing the page cures the problem.  

The grammar and punctuation are bloody shocking.

Is that actually coming down the wire or from your browser?

[Karlos]

It's gotta be down the wire.  Never happens on any other sites.   Btw i'm using the latest Opera.

Is it still lagging badly where you are?

[Karlos]

Maybe http://aoproxy.extropia.co.uk/ will work better for me.

For me, the main site became a lost cause with OWB 3.31.  Too slow even for casual browsing.  Sometimes I could get the first and last page but stalled downloading any middle pages.  Maybe I have to wait until you guys from Europe and UK go to sleep.

---
redfox

Well if you are using a non-css amiga browser, that's what the proxy is there for

[Karlos]

Had a near 1 hour timeout (site entirely unreachable) at about 12 pm (MST) today, tested on multiple browsers (FF, IE, Chrome, Safari), multiple systems (PC, Mac, iPad and iPhone), and over ADSL and 3G.

Not a biggie, just wanted to give a heads up.

For once, I think that may have coincided with some maintenance work the hosting company were doing.