Windows IIS phpBB3 500 internal server errors

Just in case anyone else has a similar problem, I’ll post my experiences.

I’ve just upgraded the local biker forum that I look after, the upgrade was from an old version 2 phpbb to the current version (3.0.11).

The actual upgrade went fairly smoothly and everything seemed to be working fine so I renamed the old folder and changed the the new phpbb3 folder to phpbb2 (I know that’s kinda silly but I don’t want to break links).

Over the next 24 hours or so, I got a few 500 internal server errors with no idea what was causing the issue.  Googling gave me very little to go on, apart from a StackOverflow thread which reminded me how to get error logging working properly in PHP for windows.  So, I changed a couple things in php.ini (c:/php in my case); set “error_reporting  =  E_ALL”, I couldn’t seem to get “display_errors = On” to work correctly so left that to “Off” and instead went for “log_errors = On” and “error_log = c:/php/php_errors.log”.  One thing to point out here is, I’m pretty sure the ini file gets cached by php so make sure restart the website and recycle the app pool (I’m not sure if both are necessary, but worth doing anyway).

After changing the appropriate error bits (temporarily), I reproduced my error (simply trying to send a PM would throw it) and checked the log which showed –

[21-Nov-2012 20:24:06] PHP Fatal error:  Allowed memory size of 8388608 bytes exhausted (tried to allocate 1572864 bytes) in D:\….\includes\utf\data\confusables.php on line 1

Ah! A memory issue.  I headed back to php.ini and changed the default “memory_limit = 8M” to “memory_limit = 16M” (and restarted/recycled the site) and the random gremlins went away.

So, everything seems to be working well now.  Generally I’m pretty impressed with version 3 but have really struggled to get any kind of “spambot countermeasures” providing adequate protection.  All the various captcha options seem easily breakable by the bots (even though I can hardly read some of them myself).  In the end I’ve settled on the simple “Q & A” option which I guess is much harder to programmatically break.

Hope it helps!

Advertisements

AVG update set to fix things?

I’ve not had this confirmed from any of my contacts at AVG via the Google Group I belong to, but this post on the Australian Whirlpool Broadband Forums, suggests 9th July might bring the release we’ve been waiting for.

I’ve also found Lloyd Borrett posting the same info here.

If I hear any further confirmation from AVG, I’ll let you know, until then we’ll see what happens on the 9th.  Interestingly Lloyd doesn’t see to know what day it is, either that or my calendar is wrong –

In working with the web master community, AVG has responded immediately and on Tuesday, July 9th, AVG will issue a product modification to address the spikes that a few individuals have seen with their web traffic.

Tuesday? I make it Wednesday, ah well, we might see something Tuesday or Wednesday then 😛

Nice use of “a few individuals” there Lloyd, I wouldn’t class it as a few myself.

Now confirmed by Pat Bitton at AVG, see comment below.

add to del.icio.us :: Bookmark Post in Technorati :: Add to Blinkslist :: add to furl :: Digg it :: add to ma.gnolia :: Stumble It! :: add to simpy :: seed the vine :: :: :: TailRank :: post to facebook :: Bookmark on Google :: Add to Netscape :: Share on Yahoo :: Add this to Live

AVG LinkScanner Updates User Agent

The Register are running a further follow up article “AVG disguises fake traffic as IE6“, which states that AVG are now using a “new” user agent for the paid version of AVG’s LinkScanner.

This has been confirmed by Roger Thompson in the AVG Webscanning Google Group, to which I’m a member.  When asked if it was true Roger said –

..Yes, it’s true, but it’s not quite what it seems. It was a planned
service release that was already in the works when we found out about
the issue, and fixed some other critical issues at the same time.

It changes the User Agent string to SV1, but it leaves some of the
other request headers so that they’re different enough that you can
still parse them out of stats if you want to..

I personally don’t really see this as a “new” user agent, as I’m already filtering my logs for this one.  From what I’ve read, this is the original agent used by LinkScanner before they were purchased by AVG, so it’s already mentioned in my initial AVG log spam post.

That aside, it’s still not a great move from AVG at this point.  They are supposed to be working with the community (myself included) to resolve this from a webmasters point of view, switching (well mixing in another) user agent at this point is a little silly.

At this point I need to credit Michael Ducy who tipped me off this change yesterday, he however claims it’s affecting the free version also –

AVG changed the user agent with the latest release. They now use “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”. I confirmed this by downloading and installing AVG free this morning and using wireshark to sniff the traffic.

The saga continues..

add to del.icio.us :: Bookmark Post in Technorati :: Add to Blinkslist :: add to furl :: Digg it :: add to ma.gnolia :: Stumble It! :: add to simpy :: seed the vine :: :: :: TailRank :: post to facebook :: Bookmark on Google :: Add to Netscape :: Share on Yahoo :: Add this to Live

Posted in Avg, Spam, Technology. Tags: , , , , . 1 Comment »

Invited to join closed AVG discussion group

Over the weekend, I had an email from Karel Obluk at AVG inviting me to a Google Group they have set-up for discussions around the AVG logfile spam issue.

..I would like to invite you to participate in a group dedicated to discussion
about AVG LinkScanner technology, its advantages as well as potential impact
on web sites, the nature of recent web threats and ways of protecting both
users and web masters. Your input and feedback will be highly appreciated.
The group is closed and by invitation only..

I have accepted the invite but unfortunately now have to be re-approved as I used a different email address (my Google account).

Hopefully we’re getting somewhere on this issue.

add to del.icio.us :: Bookmark Post in Technorati :: Add to Blinkslist :: add to furl :: Digg it :: add to ma.gnolia :: Stumble It! :: add to simpy :: seed the vine :: :: :: TailRank :: post to facebook :: Bookmark on Google :: Add to Netscape :: Share on Yahoo :: Add this to Live

My name in lights

… well, not quite.

A week has passed since I email The Register about the AVG logfile spam problems, but, after lots of emails between myself and their Internet Editor, they’re now running the story.

I’m a little annoyed that they don’t acknowledge that I brought this to their attention, but ah well. All I really wanted to do was let the community know that this happening and see if together we can sort this.

I’m really pleased to see that an employee from AVG has stepped up within the comments of the article on El Reg and wants to work with us (webmasters/site owners) to see if we can improve the situation. I’ve already emailed them and await a response.

I’ll keep you posted.

add to del.icio.us :: Bookmark Post in Technorati :: Add to Blinkslist :: add to furl :: Digg it :: add to ma.gnolia :: Stumble It! :: add to simpy :: seed the vine :: :: :: TailRank :: post to facebook :: Bookmark on Google :: Add to Netscape :: Share on Yahoo :: Add this to Live

Using LogParser With Awstats To Filter AVG Spam

Following on from my post LogParser to the rescue, I’ve now worked out how to integrate logparser into the Awstats update process with very minimal effort.

Note: Awstats is a cross platform web analysis tool, but unfortunately logparser isn’t, this therefore is windows only.

To make life easier, I dropped the logparser files (exe and dll, although I’m not sure you need the dll) directly in to the cgi-bin where Awstats lives on the server. I understand doing this may have security implications, so do this at your own risk.

Open up the config file for your Awstats report (awstats.<config>.conf) and find the LogFile directive

LogFile=”E:/logs/W3SVC2074709632/ex%YY-1%MM-1%DD-1.log”

It’ll be something like the above, assuming you use daily logs on IIS. We need to change it to

LogFile=”logparser -i:iisw3c -o:w3c -rtp:-1 -stats:off file:rem-avg-spam.sql?logfile=E:/logs/W3SVC2074709632/ex%YY-1%MM-1%DD-1.log |”

This tells Awstats to execute logparser setting any necessary options and passing in the path to the log as before, it then grabs the output from the pipe and processes it.

That’s it!

The contents of my rem-avg-spam.sql file is just

select *
from %logfile%
where not (cs(User-Agent)=’Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;1813)’
or cs(User-Agent)=’Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)’
and cs(Cookie) is null
and cs(Referer) is null)

I’m now using this for some fairly large logs (100mb+) and it works fine.

I hope this helps.

add to del.icio.us :: Bookmark Post in Technorati :: Add to Blinkslist :: add to furl :: Digg it :: add to ma.gnolia :: Stumble It! :: add to simpy :: seed the vine :: :: :: TailRank :: post to facebook :: Bookmark on Google :: Add to Netscape :: Share on Yahoo :: Add this to Live

More AVG & LinkScanner Information

I’m still testing my LogParser fix for AVG log spam and it appears to do a pretty good job. It’s scarey how many visits are being removed from our stats once this crap is cleared out though. I’ve seen one clients stats for a recent day, drop from 14K to 8K so it really is a serious problem, especially if you aren’t even aware it’s happening.

For more information on the user agents used and some background on other similar AV tools, see this LinkScanner, AVG, TrendMicro, 1813 and SV1 post at WebmasterWorld.

add to del.icio.us :: Bookmark Post in Technorati :: Add to Blinkslist :: add to furl :: Digg it :: add to ma.gnolia :: Stumble It! :: add to simpy :: seed the vine :: :: :: TailRank :: post to facebook :: Bookmark on Google :: Add to Netscape :: Share on Yahoo :: Add this to Live