Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)?Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.25
PHP version: 5.2.15
MySQL version: 5.0.92-community
Host: (optional, but it helps us help you)
Admin Tools version: 2.1.14
Description of my issue:
I'm getting these alerts from csf at least 50 times a day from the same IP that accesses two sites on my VPS server.
Time: Sat Dec 24 12:07:45 2011 -0500
PID: 20039
Account: xxxxxx
Uptime: 304615 seconds
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/xxxxxxx/public_html/website.com/index.php
Network connections by the process (if any):
tcp: web_server_ip:54566 -> 69.164.219.150:80
Files open by the process (if any):
/usr/local/apache/logs/mod_jk.log
/usr/local/apache/logs/jk-runtime-status.6524 (deleted) /usr/local/apache/logs/jk-runtime-status.6524.lock (deleted)
I've added the IP (69.164.219.150) to the WAF black list on both sites but continue to see these alerts and see nothing in WAF that it's being blocked. Am I missing something as far as what's going on in looking at the alerts or shouldn't I be able to block this particular IP.
As a side note when I add that IP to csf deny list (currently 98 blocks in the list) on the server not only does it not block it but the TTFB for those websites jump to 20+ seconds making them effectively unusable. Not sure what that's about.
Thanks in advance for your insight.
Have I read the related troubleshooter articles above before posting (which pages?)?Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.25
PHP version: 5.2.15
MySQL version: 5.0.92-community
Host: (optional, but it helps us help you)
Admin Tools version: 2.1.14
Description of my issue:
I'm getting these alerts from csf at least 50 times a day from the same IP that accesses two sites on my VPS server.
Time: Sat Dec 24 12:07:45 2011 -0500
PID: 20039
Account: xxxxxx
Uptime: 304615 seconds
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/xxxxxxx/public_html/website.com/index.php
Network connections by the process (if any):
tcp: web_server_ip:54566 -> 69.164.219.150:80
Files open by the process (if any):
/usr/local/apache/logs/mod_jk.log
/usr/local/apache/logs/jk-runtime-status.6524 (deleted) /usr/local/apache/logs/jk-runtime-status.6524.lock (deleted)
I've added the IP (69.164.219.150) to the WAF black list on both sites but continue to see these alerts and see nothing in WAF that it's being blocked. Am I missing something as far as what's going on in looking at the alerts or shouldn't I be able to block this particular IP.
As a side note when I add that IP to csf deny list (currently 98 blocks in the list) on the server not only does it not block it but the TTFB for those websites jump to 20+ seconds making them effectively unusable. Not sure what that's about.
Thanks in advance for your insight.
