I had the strangest thing happen... My server was working fine with no crashes for over 2 years..no reboots except for patches.. after the last round of updates, the server slowed way down, and occasionally got so slow it wouldn't serve any pages. My monitoring software reported it was down - but it was actually just overloaded.. perf monitor said there were 8 running requests (which was my limit - which I since changed to 50).. and 200 queued requests. This is for a vastly underused server where I usually see 1 or 2 running requests and almost never saw a queued request.
Of course I blamed the patch:) but it had nothing to do with the patch - just a coincidence. After digging into the logs... the problem turned out to be a bug in the microsoft search bot. It was hammering my website with a denial of service attack.. it kept requesting the same page over and over again very quickly for 2 days straight. Strangely with a different query string (notice the different set of directories.. ) that made no sense. I had about 2 gigs of logs with: 2006-07-02 00:00:55 71.241.156.103 GET /Schulder.cfm/scripts/brain/brain/brain/scripts/brain/scripts/brain/scripts/scripts/sitemap.cfm - 80 - 207.46.98.118 msnbot/1.0+(+http://search.msn.com/msnbot.htm) - 200 0 0 12588 2006-07-02 00:00:55 71.241.156.103 GET /Schulder.cfm/brain/scripts/brain/brain/brain/scripts/scripts/scripts/brain/brain/scripts/scripts/scripts/scripts/sitemap.cfm - 80 - 207.46.98.118 msnbot/1.0+(+http://search.msn.com/msnbot.htm) - 200 0 0 13053 Note that Schulder.cfm is a static page and will just ignore that query string. I do have a directory named brain and one named scripts but they are only 1 level deep. I contacted MD tech support and sent them the log file. They Will look into it, but said a temporary fix is to slow the bot down with an entry in the robots.txt of: User-agent: msnbot Crawl-delay: 120 Which tells the bot to only request 1 page every 2 minutes. It actually worked and the website is fast as lightning again! I was worried it was a hacker.. but the IP address resolved to microsoft Al ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4/messageid:246478 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
