PDA

View Full Version : Package Disabled

notset4life
9-9-04, 01:14 PM
I was having trouble accessing certain areas of my site for a couple of days. I finally called support and a tech was working on it, but came up with no answer. I then tried to access phpmyadmin and the page would never load. shortly thereafter my site was deactivated and I received the following. I use a script called birdtrap.cgi which is a simple 401,404,400 error redirect page script and have been using it for 3 years without a problem. Any clues as to what generated this so called abuse and how to correct it?

USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
cybermidi 16134 0.0 0.1 2220 1684 ?? S 1:23PM 0:00.25 /usr/bin/perl birdtrap.cgi 401
cybermidi 95728 0.0 0.1 2216 1692 ?? S 7:33PM 0:00.03 /usr/bin/perl birdtrap.cgi 401
cybermidi 95632 0.0 0.1 2216 1692 ?? S 7:33PM 0:00.04 /usr/bin/perl birdtrap.cgi 401
cybermidi 80251 0.0 0.1 2216 1692 ?? S 7:01PM 0:00.09 /usr/bin/perl birdtrap.cgi 401
cybermidi 60312 0.0 0.1 2216 1692 ?? S 6:19PM 0:00.15 /usr/bin/perl birdtrap.cgi 401
cybermidi 60067 0.0 0.1 2216 1692 ?? S 6:18PM 0:00.08 /usr/bin/perl birdtrap.cgi 401
cybermidi 56660 0.0 0.1 2216 1692 ?? S 6:11PM 0:00.11 /usr/bin/perl birdtrap.cgi 401
cybermidi 50115 0.0 0.1 2216 1692 ?? S 5:58PM 0:00.08 /usr/bin/perl birdtrap.cgi 401
cybermidi 41714 0.0 0.1 2216 1692 ?? S 5:40PM 0:00.11 /usr/bin/perl birdtrap.cgi 401
cybermidi 41711 0.0 0.1 2220 1696 ?? S 5:40PM 0:00.09 /usr/bin/perl birdtrap.cgi 401
cybermidi 41710 0.0 0.1 2220 1696 ?? S 5:40PM 0:00.10 /usr/bin/perl birdtrap.cgi 401
cybermidi 41708 0.0 0.1 2220 1696 ?? S 5:40PM 0:00.28 /usr/bin/perl birdtrap.cgi 401
cybermidi 41697 0.0 0.1 2220 1696 ?? S 5:40PM 0:00.18 /usr/bin/perl birdtrap.cgi 401
cybermidi 41484 0.0 0.1 2216 1692 ?? S 5:39PM 0:00.10 /usr/bin/perl birdtrap.cgi 401
cybermidi 47143 0.0 0.4 8136 7488 ?? S 2:19PM 0:00.80 /usr/bin/perl -T mail.cgi
cybermidi 45646 0.0 0.4 8136 7488 ?? S 2:17PM 0:00.91 /usr/bin/perl -T mail.cgi
cybermidi 45630 0.0 0.4 8136 7488 ?? S 2:17PM 0:00.93 /usr/bin/perl -T mail.cgi
cybermidi 34929 0.0 0.1 2216 1692 ?? S 1:58PM 0:00.55 /usr/bin/perl birdtrap.cgi 401
cybermidi 23746 0.0 0.1 2216 1680 ?? S 1:38PM 0:01.13 /usr/bin/perl birdtrap.cgi 401
cybermidi 23732 0.0 0.1 2220 1684 ?? D 1:38PM 0:00.24 /usr/bin/perl birdtrap.cgi 401
cybermidi 23731 0.0 0.1 2220 1684 ?? D 1:38PM 0:00.24 /usr/bin/perl birdtrap.cgi 401
cybermidi 23730 0.0 0.1 2220 1684 ?? D 1:38PM 0:00.26 /usr/bin/perl birdtrap.cgi 401
cybermidi 23729 0.0 0.1 2220 1684 ?? D 1:38PM 0:00.24 /usr/bin/perl birdtrap.cgi 401
cybermidi 18402 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.25 /usr/bin/perl birdtrap.cgi 401
cybermidi 18398 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.23 /usr/bin/perl birdtrap.cgi 401
cybermidi 18397 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.23 /usr/bin/perl birdtrap.cgi 401
cybermidi 18396 0.0 0.1 2216 1680 ?? S 1:27PM 0:00.23 /usr/bin/perl birdtrap.cgi 401
cybermidi 18392 0.0 0.1 2220 1684 ?? S 1:27PM 0:02.30 /usr/bin/perl birdtrap.cgi 401
cybermidi 18213 0.0 0.1 2216 1680 ?? S 1:27PM 0:00.55 /usr/bin/perl birdtrap.cgi 401
cybermidi 18211 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.56 /usr/bin/perl birdtrap.cgi 401
cybermidi 18210 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.47 /usr/bin/perl birdtrap.cgi 401
cybermidi 18209 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.55 /usr/bin/perl birdtrap.cgi 401
cybermidi 18206 0.0 0.1 2220 1684 ?? S 1:27PM 0:00.53 /usr/bin/perl birdtrap.cgi 401
cybermidi 17038 0.0 0.1 2216 1680 ?? S 1:24PM 0:01.39 /usr/bin/perl birdtrap.cgi 401
cybermidi 17035 0.0 0.1 2220 1684 ?? S 1:24PM 0:00.25 /usr/bin/perl birdtrap.cgi 401
cybermidi 17027 0.0 0.1 2220 1684 ?? D 1:24PM 0:00.25 /usr/bin/perl birdtrap.cgi 401
cybermidi 17023 0.0 0.1 2220 1684 ?? S 1:24PM 0:01.27 /usr/bin/perl birdtrap.cgi 401
cybermidi 17022 0.0 0.1 2220 1684 ?? S 1:24PM 0:01.37 /usr/bin/perl birdtrap.cgi 401
cybermidi 16146 0.0 0.1 2216 1680 ?? S 1:23PM 0:00.28 /usr/bin/perl birdtrap.cgi 401
cybermidi 16140 0.0 0.1 2220 1684 ?? S 1:23PM 0:00.41 /usr/bin/perl birdtrap.cgi 401
cybermidi 16139 0.0 0.1 2220 1684 ?? S 1:23PM 0:00.50 /usr/bin/perl birdtrap.cgi 401
cybermidi 16137 0.0 0.1 2220 1684 ?? S 1:23PM 0:00.27 /usr/bin/perl birdtrap.cgi 401
cybermidi 6621 0.0 0.4 14412 8828 ?? I 7:56PM 0:00.32 php4
NMS
9-9-04, 01:37 PM
You seem to have a problem with birdtrap.cgi which is using too much resources. Solve that problem (maybe upload a back-up copy) and email support to activate your package.
extras
9-9-04, 01:50 PM
Judging from the "STARTED TIME", your script isn't ending and goes into eternal slpeep.
I hope you understand it would cause problem.

You should debug the script if you wrote it,
or have the author debug if you didn't wrote it and you can't debug by yourself,
or hire someone to debug it for you,
or stop using that script,
or post the script here to see if one of the member is
willing to spend time to investigate what's wrong with it.
notset4life
9-9-04, 02:10 PM
Here is the source code for the script. I would appreciate any input as to where this would go awry. I have stopped using it. Thank you



#!/usr/bin/perl
$|=1;

$result=$ENV{'QUERY_STRING'};

&set_params;

if ($logem{$result} eq "Y")
{&notification("L");}
if ($email{$result} eq "Y")
{&notification("M");}

print "Content-type: text/html\n\n";
print "$msg{$result}\n";

sub set_params
{
################################################## ################
#
# This is where all of the various parameters for the script are
# set.
#
#The full path to your error log (not server log!) file.
$errorlog="/www/c/cybermidi/cgi-bin/birdtrap.dat";

#The e-mail address of the person to notify when an error occurs.
#Be sure to put the \ backslash before the \@ at sign!!!
$notify="webmaster\@cybermidi.com";

#The name of your site
$sitename="CYBERMIDI.Com";

#The link the reader should follow home.
$returnlink="http://www.cybermidi.com/default.php";

#This is the URL to the directory holding your images.
$imageurl="http://www.cybermidi.com/images";

#The name of your sendmail program, one of the two below should work.
#Make sure you always use the -t option or the script will fail.
$mailprog="/usr/sbin/sendmail -t";
# $mailprog="/usr/lib/sendmail -t";

#This is just a link back to BigNoseBird.Com. Leaving it in is
#always appreciated. ;-)
$cpr=<<_CPR_;
<P><CENTER><FONT SIZE=1>BirdTrap Server Error Handler, another free script
from <A HREF="http://bignosebird.com/">BigNoseBird.Com</A></FONT></CENTER>
_CPR_

#By default, e-mail is turned off for all errors.
#Windows APACHE users MUST leave the mail feature off.
#Change the N to Y if you want to receive e-mail when a particular
#error occurs.
%email=('000','Y',
'400','Y',
'401','Y',
'403','Y',
'404','Y',
'500','Y');

#By default, all errors are saved to the log file.
#Change the Y to N if you do not wish to log a particular type of
#error.
%logem=('000','Y',
'400','Y',
'401','Y',
'403','Y',
'404','Y',
'500','Y');

#These are the Subject Lines for the e-mail notification
#You can modify these without causing any problems.
%sbjct=( '000', 'UNKNOWN ERROR',
'400', 'BAD REQUEST',
'401', 'NO AUTHORIZATION',
'403', 'FORBIDDEN URL',
'404', 'MISSING URL',
'500', 'CONFIGURATION ERROR');

################################################## #################
# Leave the next 3 lines alone!
if ($result ne "400" && $result ne "401"
&& $result ne "403" && $result ne "404" && $result ne "500")
{$result="000";}
################################################## #################
#
# EDIT THE HTML ERROR MESSAGES BELOW TO SUITE YOUR NEEDS. DO NOT
# CHANGE OR MOVE THE OPENING AND CLOSING TAGS SUCH AS __40X__
#
#HTML CODE TO APPEAR WHEN A BAD REQUEST OCCURS
$msg{'400'} =<<__400__;
<center>
<TABLE WIDTH=600 BGCOLOR="#FFFFFF" BORDER=0 CELLSPACING="5">
<TR>
<TD BGCOLOR="#FFFFFF">
<IMAGE SRC="$imageurl/error400.gif" HEIGHT=300 WIDTH=119>
</TD>
<TD>
<CENTER>
<IMAGE SRC="$imageurl/cybermidilogo.jpg" BORDER=0>
<H1><B><font color="#80000">ERROR $result</font></B></H1>
</CENTER>
<B>The URL that you requested, $ENV{'REDIRECT_URL'}
was a bad request.
<P>
Please <A HREF="$returnlink">Click Here</A> to Return to our Home Page.</B>
<BR>&nbsp;
$cpr
</TD></TR>
</TABLE>
</center>
__400__

################################################## ################
#HTML CODE TO APPEAR WHEN AN UNAUTHORIZED PAGE ACCESS ATTEMP OCCURS
$msg{'401'} =<<__401__;
<center>
<TABLE WIDTH=600 BGCOLOR="#FFFFFF" BORDER="0" CELLSPACING="5">
<TR>
<TD BGCOLOR="#FFFFFF">
<IMAGE SRC="$imageurl/error401.gif" HEIGHT=300 WIDTH=119>
</TD>
<TD>
<CENTER>
<IMAGE SRC="$imageurl/cybermidilogo.jpg" BORDER=0>
<H1><B><font color="#80000">ERROR $result</font></B></H1>
</CENTER>
<B>The URL that you requested, $ENV{'REDIRECT_URL'}
requires preauthorization to access. Only members may proceed. Access is logged and continued attempts to access this area may result in a banning of your IP.
<P>If you are a member and believe you have reached this page in error, please <a href="/cgi-bin/no-mail.pl?webmaster">contact us.</A>
<p><A HREF="$returnlink">Click Here</A> to Return to our Home Page.</B>
<BR>&nbsp;
$cpr
</TD></TR>
</TABLE>
</center>
__401__


################################################## ################
#HTML CODE TO APPEAR WHEN A FORBIDDEN ATTEMPT IS MADE
$msg{'403'} =<<__403__;
<CENTER>

<TABLE WIDTH=600 BGCOLOR="#FFFFFF" BORDER=0 CELLSPACING="5">
<TR>
<TD BGCOLOR="#FFFFFF">
<IMAGE SRC="$imageurl/error403.gif" HEIGHT=300 WIDTH=119>
</TD>
<TD>
<CENTER>
<IMAGE SRC="$imageurl/cybermidilogo.jpg" BORDER=0>
<H1><B><font color="#80000">ERROR $result</font></B></H1>
</CENTER>
<B>STOP. Access to the URL that you requested, $ENV{'REDIRECT_URL'},
is forbidden. You may have accessed an unauthorized refferer. If that is the case, please click the link below to find what you were looking for. For all others, this error has been logged and so has your IP address. Continued attempts to access this area will be construed as an attempt to hack and will be handled in
an appropriate manner. You may also reach this page due to your IP already being banned, or deactivated for a number of reasons. <P>
If you are a member and believe you have reached this page in error, STOP NOW and send an email to support@cybermidi.com so we may
correct the matter, or explain why we have BANNED your IP.

<P>
Please <A HREF="$returnlink">Click Here</A> to return or visit CYBERMIDI.</B>
<BR>&nbsp;
$cpr
</TD></TR>
</TABLE>
</CENTER>

__403__


################################################## ################
#HTML CODE TO APPEAR WHEN A DOCUMENT NOT FOUND HAPPENS
$msg{'404'} =<<__404__;
<center>
<TABLE WIDTH=600 BGCOLOR="#FFFFFF" BORDER=0 CELLSPACING="5">
<TR>
<TD BGCOLOR="#FFFFFF">
<IMAGE SRC="$imageurl/error404.gif" HEIGHT=300 WIDTH=119>
</TD>
<TD>
<CENTER>
<IMAGE SRC="$imageurl/cybermidilogo.jpg" BORDER=0>
<H1><B><font color="#80000">ERROR $result</font></B></H1>
</CENTER>
<B>The URL that you requested, $ENV{'REDIRECT_URL'}
could not be found. Perhaps you either mistyped the
URL or we have a broken link.
<P>
We have logged this error and will correct the problem if it is a broken link, after the
webmaster has been flogged. If the link is to a MIDI, we have been notified and it should be corrected shortly. You can also <a href="/cgi-bin/no-mail.pl?webmaster">contact us.</A>
and report the url you entered that sent you to this page. Your help is particularly useful if you reached this from another website. Please provide that information if possible.
<P>
Please <A HREF="$returnlink">Click Here</A> to Return to our Home Page.</B>
<BR>&nbsp;
$cpr
</TD></TR>
</TABLE>
</center>
__404__

################################################## ################
#HTML CODE TO APPEAR WHEN A SERVER CONFIGURATION ERROR OCCURS
$msg{'500'} =<<__500__;
<center>
<TABLE WIDTH=600 BGCOLOR="#FFFFFF" BORDER=0 CELLSPACING="5">
<TR>
<TD BGCOLOR="#FFFFFF">
<IMAGE SRC="$imageurl/error500.gif" HEIGHT=300 WIDTH=119>
</TD>
<TD>
<CENTER>
<IMAGE SRC="$imageurl/cybermidilogo.jpg" BORDER=0>

<H1><B><font color="#80000">ERROR $result</font></B></H1>
</CENTER>
<B>The URL that you requested, $ENV{'REDIRECT_URL'}
resulted in a server configuration error. It is
possible that the condition causing the problem will
be gone by the time you finish reading this. Then again, perhaps one our scripts has gone bonkers. Please <a href="/cgi-bin/no-mail.pl?webmaster">contact us.</A>
and tell us what you were trying to do.

<P>
We have logged this error and will correct the
problem.
<P>
Please <A HREF="$returnlink">Click Here</A> to Return to our Home Page.</B>
<BR>&nbsp;
$cpr
</TD></TR>
</TABLE>
</center>
__500__

################################################## ################
#HTML CODE TO APPEAR WHEN AN UNKNOWN ERROR OCCURS
$msg{'000'} =<<__000__;
<CENTER>
<TABLE WIDTH=600 BGCOLOR="#FFFFFF" BORDER="0" CELLSPACING="5">
<TR>
<TD BGCOLOR="#FFFFFF">
<IMAGE SRC="$imageurl/error000.gif" HEIGHT=300 WIDTH=119>
</TD>
<TD>
<CENTER>
<IMAGE SRC="$imageurl/cybermidilogo.jpg" BORDER=0>
<H1><B><font color="#80000">ERROR $result</font></B></H1>
</CENTER>
<B>The URL that you requested, $ENV{'REDIRECT_URL'}
resulted in an unknown error code. It is possible that the condition causing the problem will be gone by the time you finish reading this.
<P>
We have logged this error and will correct the problem.
<P>
Please <A HREF="$returnlink">Click Here</A> to Return to our Home Page.</B>
<BR>&nbsp;
$cpr
</TD></TR>
</TABLE>
</CENTER>
__000__

}


################################################## ################
# this routine either sends e-mail or writes to a log depending
# on whether it was called with an "L" or "M"
sub notification
{
local($action) = @_;

$date=localtime(time);

if ($action eq "L")
{ open (BL,">>$errorlog");}
else
{open (BL,"| $mailprog");
print BL "To: $notify\n";
print BL "From: $notify\n";
print BL "Subject: $sbjct{$result}\n";
}

print BL <<_BL_;
ON YOUR SITE, $sitename
ERROR CODE $result $sbjct{$result}
OCCURRED ON $date
WHEN THE URL $ENV{'REDIRECT_URL'} WAS REQUESTED
BY A USER AT $ENV{'REMOTE_ADDR'}
THE BROWSER WAS $ENV{'HTTP_USER_AGENT'}
------------------------------------------------------------------------------
_BL_

close (BL);

}
extras
9-9-04, 06:05 PM
I think it's caused by the use of sendmail.
I would test the script without mailing option.

I mean testing it by accessing as CGI, not putting it back as
ErrorDoccument (to avoid another site shut down in case
it's caused by something else.)

Use following small script to check if your program is ending correctly.

]#!/bin/sh
echo -e "Content-type: text/html\n\n<HTML><PRE>\n"
echo "--- uptime ---"
uptime
echo "--- ps ---"
ps -uxww
echo "--- done ---"

See following links for the details of "uptime" and "ps"
http://www.freebsd.org/cgi/man.cgi?query=uptime
http://www.freebsd.org/cgi/man.cgi?query=ps

If debugging by yourself is too much,
maybe it's better to hire someone nice and competent (Yvette, for example).

Other members may come and give you more suggestions.
As the script is short and simple, probably it's not difficult to debug.
Still, it can be tedious thing to do, and I'm sorry but I don't feel like doing it, now.


PS.

I don't understand why you want to use that script to begin with.
The information it's logging is available in error_log and access_log.
Also, that script would SPAM yourself if someone msakes lots of
requests for non-exsistent page.

Maybe that is how you got the problem.
More than 1000 login page access, and you go over mail sending limit,
and sendmail failing, and program wait in deadlock.
But you've got to test to see if it was the case.