PDA

View Full Version : My IoFTPD is not accepting more connections..


weisan
03-06-2008, 09:01 PM
i use ioftpd v.6.3.5r .. ioninja 0.4.3
my site hangs in some way after a while when is much activity like 10-15 people using the site at the same time. It's like 'no more connections are allowed'. If u're logged in .. u can still use the site, but if u're out .. then u cannot relogin.
I have User_Limit = 20 . So it shouldn't be that.
This usually happens when I have many logins/logouts at the same time ..
Is this a known bug ?? .. is there some setting I should change ??
Anybody else having same problem ??
I don't feel like Resetting the Site 3 times/day :(

If u have some ideas, please help!

Yil
03-07-2008, 12:52 AM
It sounds like the as yet unsolved lockup issue... Can you be specific about what the machine you are experiencing this on is? Multi-cpu? Dual Core? XP/Vista?

Do you have trouble getting directory listings for people already logged in after you notice the problem?

One other thing. Bring up the site and issue "site crashnow" from a M account. It should generate a crashlog and dump files and the process should die. Next time the site goes crazy try to issue a site crashnow. If it doesn't actually crash then you have found the same problem I rarely see. Kill the process in task manager and restart since you can't shut it down normally at this point...

weisan
03-07-2008, 06:42 AM
I have a DualCore 2.4 Mhz, WinXP.
If i'm still logged in, after the site hangs after it stopps connections, i can still refresh dirs and UL/DL. I have lots of files in my log dir like: MINIDUMP ... , TINYDUMP.... , CRASH-LOG.txt ...
If you wanna see them, I could send them to you in some way ..

weisan
03-07-2008, 07:07 AM
i checked my error.log ...

looks like this .. short after, no one can log in no more ...

03-06-2008 21:56:30 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 00:42:14 AcceptEx() failed with error: 121
03-07-2008 00:42:16 AcceptEx() failed with error: 121
03-07-2008 05:15:03 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 05:16:08 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 05:18:19 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 11:59:43 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 12:00:48 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 12:02:59 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).
03-07-2008 12:05:59 Rejected auto-banned IP 67.184.xx.xx (c-67-184-xx-xx.hsd1.il.comcast.net).

i did a site crashnow ... and got some new minidump and tinydump files ..

Yil
03-07-2008, 01:52 PM
PM'd you weisan. You haven't found the lockup bug since the server will still crash and respond to you then...

Also, double check that the address being auto-banned isn't the one you're having trouble connecting from :)

Totally off topic, but just look at the timestamps on that logfile! Notice how the time increases between log entries by a minute and that given the times it appears that more than a few attempts from that address were suppressed to not flood the logfile? Gotta love that!

The AcceptEx() errors (121 = The semaphore timeout period has expired) means absolutely nothing to me except some internal problem (obviously not documented) with the winsock library again. BUT I have noticed similar issues in the past so keep an eye on the logfile to see if you always see such errors before things go wierd...

If you have 10 such AcceptEx() errors in the logfile between a server start and it not accepting new connections I know what's going on. So try counting them to see if it's 10, or perhaps just 4-5 but it's consistently 5 before it starts rejecting that's useful to know as well...

weisan
03-07-2008, 03:32 PM
That adress that's flooding my logfile is one of my users! It's not mine ..
Probably he's using some autotrader ..

What happens if I put 'Connections_To_Ban = 0' in ioftpd.ini ?
Will it ignore all the failed login attempts ?

I'll keep an eye on the logfiles aswell, didn't changed much the last 5-6 hours ..
Thx for helping!!

Yil
03-07-2008, 04:16 PM
Actually I don't think Connections_To_Ban = 0 works... But you can use some crazy large number like 100000 which would pretty much be impossible to hit.

You can also exempt an IP address or all of a user's hostmasks by specifying their name or hostmasks of all users with a particular flag, group, etc in the ioFTPD.ini file...

I'd probably opt to exempt people needing it than turn the feature off to prevent DoS style attacks.

weisan
03-07-2008, 04:50 PM
Well, this mayght be a good idea .. thx !!
I'll let u know if it works :)

Flow
03-09-2008, 12:24 PM
isnt this the old /etc/hosts.rule file issue ?

weisan
03-12-2008, 09:54 PM
don't know ...
i've changed in meantime Connections_To_Ban = 10000 and it seems to work now ..
waiting for Yil to fix this issue , so I can change back Connections_To_Ban = 6

weisan
05-20-2008, 08:45 PM
Running v6.4.3 now ...
lockup bug seems not to be fixed totally yet :(
now it locks up all incomming conenctions once/week .. instead of two times/day ...
i did a site crashnow and have new minidump and tinydump files ... if u need them Yil ..

Yil
05-21-2008, 01:22 PM
Sure, send the minidump to me and I'll take a look at it.

However, what you are seeing is NOT the lockup bug that I've described. The lockup bug is marked by the windows library holding a very important low level lock and as such makes the process immune to creating minidumps, crashing, creating new connections (though you may be able to connect until the 10 pre-allocated ports are used up but no data connections will work), etc. If site crashnow worked then it's something else...

weisan
05-25-2008, 06:58 PM
Sorry.. can u send me a PM with the details where i should upload the files ??
i've lost the old one :(

fudgi
09-16-2008, 07:49 AM
ive solved this problem with immune_hosts