Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Lots and lots of session folders ....

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #1

    Lots and lots of session folders ....

    I am using the neat utility that Steve Wood provided that shows who is logged in.

    This morning, though, I am getting strange results:

    Active Sessions: 63
    Current Time: 11:31 am

    loggedin__10_32__Savi__.txt
    loggedin__11_02__Sandra__.txt
    loggedin__11_02__WebMaster__.txt
    loggedin__11_29__Savi__.txt
    loggedin__09_49__Lore__.txt

    Active sessions is shown as 63!! I assure you, there are only 4 users logged in at the moment. I looked on the server at the sessions folder and indeed there are 63 session folders! How do I make sense out of this?

    Gary
    Gary S. Traub, Ph.D.

    Tags: None
    #2
    Re: Lots and lots of session folders ....

    Just after typing this, I looked again, and the active sessions are now 80!!

    What is going on here??

    Gary
    Gary S. Traub, Ph.D.

    Comment

      #3
      Re: Lots and lots of session folders ....

      Active sessions are now 91!

      Gary
      Gary S. Traub, Ph.D.

      Comment

        #4
        Re: Lots and lots of session folders ....

        Gary,

        Take a look at the access and error logs. That may tell you what is going on.

        Pat
        Pat Bremkamp
        MindKicks Consulting

        Comment

          #5
          Re: Lots and lots of session folders ....

          Search engines create session folders. Any user going to the site, even if they don't log in, create a session folder. Folders don't delete until their session expires, so if your sesson period is very long, it will allow the folder to exist long after the user has left.

          Open sessions should be parallel to what you find in you Access Log. That log should show all 'hits' in a given persiod, and you can match them up.

          I notice that the same user on the same browser can create multiple session folders. Your Steve log shows Savi with two folders. I'm not sure why this happens, and I see it on mine also.
          Steve Wood
          See my profile on IADN

          Comment

            #6
            Re: Lots and lots of session folders ....

            Pat and Steve,

            Thanks for responding.

            I am not sure what I am looking for in the logs. I see many many hits from several IP addresses. One or two I do not recognize, but what does that mean?

            1. Do you suspect a problem?

            2. Does the number of active sessions affect performance and if so, what is the practical limit?

            Gary
            Gary S. Traub, Ph.D.

            Comment

              #7
              Re: Lots and lots of session folders ....

              This may be coincidence, but I decreased the session time from 4 hours to 15 minutes, and now there are no extra session folders, and it may be my imagination, but the application seems to be running faster.

              Then again is it possible that I was getting "attacked" this morning and afternoon?

              Gary
              Gary S. Traub, Ph.D.

              Comment

                #8
                Re: Lots and lots of session folders ....

                Again, check the logs. I have hundreds or maybe it's thousands of 'attacks' per week in my logs. They look like below and I regularly add the IP to my deny list, which doesn't really help. My timeout is set for one hour.

                116.93.65.172 - - [21/Mar/2009:17:32:10 -0500] "GET /phpMyAdmin-2.2.3/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:11 -0500] "GET /phpMyAdmin-2.5.6/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:12 -0500] "GET /phpMyAdmin-2.5.7-pl1/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:12 -0500] "GET /phpMyAdmin-2.6.0/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:13 -0500] "GET /phpMyAdmin-2.6.0-pl3/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:14 -0500] "GET /phpMyAdmin-2.6.1-pl3/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:14 -0500] "GET /phpMyAdmin-2.6.3-pl1/read_dump.phpmain.php HTTP/1.1" 404 927
                116.93.65.172 - - [21/Mar/2009:17:32:15 -0500] "GET /phpMyAdmin HTTP/1.1" 403 843
                116.93.65.172 - - [21/Mar/2009:17:32:16 -0500] "GET /phpMyAdmin HTTP/1.1" 403 843
                116.93.65.172 - - [21/Mar/2009:17:32:16 -0500] "GET /phpMyAdmin HTTP/1.1" 403 843
                116.93.65.172 - - [21/Mar/2009:17:32:17 -0500] "GET /phpMyAdmin HTTP/1.1" 403 843
                116.93.65.172 - - [21/Mar/2009:17:32:18 -0500] "GET /phpMyAdmin-2.6.4/read_dump.phpmain.php HTTP/1.1"
                Steve Wood
                See my profile on IADN

                Comment

                  #9
                  Re: Lots and lots of session folders ....

                  Hi Steve,

                  I guess what I am asking is how do you identify an "attack". I assume that what you listed are attacks, but how do you know they are, i.e., what di I look for in the logs? And finally, is there anything that can be done about it? And are they a major concern?

                  Gary
                  Gary S. Traub, Ph.D.

                  Comment

                    #10
                    Re: Lots and lots of session folders ....

                    Per Lenny (I think), no and no on the last two questions. I know there are monitors you can run on your server that dynamically prohibit traffic from an IP address when it 'discovers' an attack, in fact if anyone knows how to do this, I want to better protect my server too.

                    You can spot them in your log by looking for attempts to access non-existing pages, 404 errors. No one is going to launch an Alpha-specific attack, so they won't be looking for an A5W page. We are lucky at this point. Some day, someone IS going to write an Alpha-specific attack, and that will be a different day.


                    p.s. Down below I called this the "Steve Log" (see my blog for those who want to know what this is), maybe that name will stick and I will have some legacy here:D .

                    Active Sessions: 63
                    Current Time: 11:31 am

                    loggedin__10_32__Savi__.txt
                    loggedin__11_02__Sandra__.txt
                    loggedin__11_02__WebMaster__.txt
                    loggedin__11_29__Savi__.txt
                    loggedin__09_49__Lore__.txt
                    Steve Wood
                    See my profile on IADN

                    Comment

                      #11
                      Re: Lots and lots of session folders ....

                      Steve,

                      I like the name "Steve log" :) By the way, it is a VERY clever idea.

                      My log shows that all the entries are for legitimate a5w pages. So that begs a question: Why would there be 91 sessions when only 5 users were logged in? What could be creating all those extra sessions? And are you saying that all these extra sessions have no bearing on performance??

                      Gary
                      Gary S. Traub, Ph.D.

                      Comment

                        #12
                        Re: Lots and lots of session folders ....

                        This may help. I wrote a quick script (see bottom of post) that captures stats on each newly created session folder. I also watched the session folder, which went from 0 to 20 folders moments after I restarted the server. Note below some 'normal' activity, and then a string of hits from 89.122.29.80, seconds apart. Google 89.122.29.80 to read about this IP address - a "spam harverster". Each time THAT IP opened a page, it created a new sessionid and session folder. All other IP's you see only created one one id and folder. I sent this to Lenny to help evaluate. Nothing you write in an application will capture the whole story. Only the server logs can capture failed attempts (404, 500 and 403 errors).

                        Edit - I can tell this IP is hitting each page in my sitemap.xml file, even a couple of non-existing pages that happen to be in my sitemap.


                        HTML Code:
                        3812b99b54204b7a9efa97c83cc8216d|72.91.5.54     |03/23/2009 11:48:50 86 pm||/message.a5w
967ad69723b240a1ae63f9d9c223a302|89.122.29.80   |03/23/2009 11:52:28 61 pm||/
00b85d9303b24fdc8d9c1e89849c6d7a|89.122.29.80   |03/23/2009 11:52:41 71 pm||/Login.a5w
2b9f82f5ad1f4eff81e90d85f7553190|89.122.29.80   |03/23/2009 11:52:46 86 pm||/about.a5w
db8466aa64cd49669ab1d9338488f8c3|89.122.29.80   |03/23/2009 11:52:48 72 pm||/affiliate_start.a5w
122044bea9954bd496d9deff98a864b9|89.122.29.80   |03/23/2009 11:52:50 10 pm||/checkout.a5w
1748072ef9e547beb5dab7a824b45906|89.122.29.80   |03/23/2009 11:52:51 81 pm||/contact.a5w
8831a3715cc4480fb0718b7349d1fac5|89.122.29.80   |03/23/2009 11:52:55 21 pm||/index.a5w
fb5bb3e93b8d43ec9519c84700ce2d04|89.122.29.80   |03/23/2009 11:52:56 60 pm||/portfolio.a5w
cad529a287634b69979eb3c29704811d|89.122.29.80   |03/23/2009 11:52:59 11 pm||/privacypolicy.a5w
d1cf3e14a19a48ebb5efcfd5c7f3f17b|89.122.29.80   |03/23/2009 11:53:00 39 pm||/products.a5w
9eac7b6132f44575b540a165f92d6a80|89.122.29.80   |03/23/2009 11:53:03 21 pm||/register.a5w
534ccc033e254d548634ff1d201825af|89.122.29.80   |03/23/2009 11:53:05 38 pm||/resources.a5w
1aefeae71da54188a162b68ec107e239|89.122.29.80   |03/23/2009 11:53:08 14 pm||/sitemap.a5w
7ceb874c105e413689ffcb35bf828aa7|89.122.29.80   |03/23/2009 11:53:30 72 pm||/termsofuse.a5w
6f9421833f444870874153542532dfae|89.122.29.80   |03/23/2009 11:53:32 13 pm||/webinars.a5w
f37ba9b1c93543a9adb2f991a64814b9|89.122.29.80   |03/23/2009 11:53:34 30 pm||/websiteinfo.a5w
529138f51788484981f82d1c22538531|89.122.29.80   |03/23/2009 11:53:36 13 pm||/portfolio.a5w?id=100
24d01e2c21e44c2c91e7c73533475a9a|89.122.29.80   |03/23/2009 11:53:38 83 pm||/portfolio.a5w?id=101
36fe3c3d74b1485486cf70ed52a908a9|89.122.29.80   |03/23/2009 11:53:41 63 pm||/checkout.a5w?cart_SortColumn=1&cart_SortDir=Asc&
891ee0a325f945c38734a7e68acd5e0a|89.122.29.80   |03/23/2009 11:53:43 44 pm||/checkout.a5w?cart_SortColumn=2&cart_SortDir=Asc&
cdffbeb386a744f68ec675283c7b02a4|89.122.29.80   |03/23/2009 11:53:45 21 pm||/checkout.a5w?cart_SortColumn=3&cart_SortDir=Asc&
c1788908df734c618752bd3253191d57|89.122.29.80   |03/23/2009 11:53:47 05 pm||/checkout.a5w?cart_SortColumn=4&cart_SortDir=Asc&
22e2fc3a7bff4916b32c29b5efd7c823|89.122.29.80   |03/23/2009 11:53:48 86 pm||/checkout2.a5w
4667a707ac734c96949a88f0dc8ec0f7|216.244.24.60  |03/23/2009 11:53:58 30 pm||/
d575f84d96ba4613b72895938a2e4eb8|89.122.29.80   |03/23/2009 11:53:59 60 pm||/portfolio.a5w?
b0ba2f4d8f7d4c35b609fa9df6c076dd|201.209.205.88 |03/24/2009 12:41:10 92 am||/
2c09a31f88484ac78179b4ae23b2b33e|68.230.69.112  |03/24/2009 12:49:50 60 am||/login.a5w?np=%2Fopenfile%2Ea5w%3Fdocid%3DB6EF5334B21641B3A30C37847C03D213
c2b33dd4365146a9a65f659421468236|93.96.181.117  |03/24/2009 01:36:57 78 am||/
1226226b9cb548e0b1c5e1efdae31e6b|71.101.62.176  |03/24/2009 01:40:04 30 am||/products.a5w?products_DetailView=27834c6ca394415985744db1f264ada1
d26ba80561784e23a42ac3136db39234|62.166.193.68  |03/24/2009 02:09:16 47 am||/websiteinfo.a5w
62b2943fec874e4aaf8ec6ead30a9e56|127.0.0.1      |03/24/2009 03:29:09 06 am||/alphatogohost/alphatogo/www/

                        Code:
                        dim session.mysessionid as c
dim uagent as c
if session.mysessionid <> session.sessionid
	session.mysessionid = session.sessionid
	if eval_valid("Request.User_Agent")
		uagent = Request.User_Agent
	end if
	file.append("c:\newsession.txt",padr(session.mysessionid,32," ") + "|" + padr(Request.Remote_Addr,15," " ) + "|"+ session.timestamp + "|"+ padr(uagent,20," ") +"|"+ Request.Request_URI + crlf())
end if
                        Last edited by Steve Wood; 03-24-2009, 06:41 AM.
                        Steve Wood
                        See my profile on IADN

                        Comment

                          #13
                          Re: Lots and lots of session folders ....

                          If a request comes into the server and the client does not pass a session ID, the server creates a new session for the client and includes the ID in the response, both as a cookie (unless this has been turned off in the server settings), and in all links and forms sent back. But a misbehaving client, whether poorly programmed or intentionally disregarding cookies and query strings, may send subsequent requests without the ID for the session that was created, resulting in the creation of additional sessions.

                          A session is very lightweight, using well under 1KB when initially created, so the simple existence of many sessions is generally not a concern. But it is indicative of a misbehaving client which may be doing something malicious, so it is worth a closer look.

                          In this case, you have identified that the traffic is coming from a specific IP address that is known as an email harvester, so blocking traffic from that IP is a good approach. You could also try to take it a step further and examine the properties of the Request and try to identify something unique about the way this client formats requests. If you can, you could write some Xbasic to recognize these requests and then take some special action, such as log the address or send a fake sitemap.

                          However, for the best in protection and with the least effort, you should research Intrusion Prevention Systems. There are all sorts of IPS solutions available, both open-source and commercial, but they all basically monitor the traffic flowing into your network and recognize problems such as this and then take an action that you can define (typically blocking access).

                          Lenny Forziati
                          Vice President, Internet Products and Technical Services
                          Alpha Software Corporation

                          Comment

                            #14
                            Re: Lots and lots of session folders ....

                            I'll test out some of those solutions over the next weekend. I'd like to fix mine too - it may be harmless, but its annoying (and probably someday, not so harmless).

                            Here also is a hackers guide to this subject: http://www.fleiner.com/bots/#banning

                            One of their suggestions can be set up simple in Alpha:
                            • Create a public page that no one would ever visit, "asfasfasdf.a5w" perhaps.
                            • Add some xbasic to that page to capture the IP of any visitor and record to a text file.
                            • Alternatively, add the page to robots.txt, telling bots to not access, but also add it to sitemap.xml indicating its existance.
                            • Anyone visiting that page can be assumed to be a bot. In the second case, anyone visiting is a bot and also ignoring the instructions in robots.txt.
                            • Take your list of IP addresses, use a Reverse DNS utility to figure out who they are, and then ban the IP in the Alpha server if desired.
                            • Too bad we cannot automatically feed the Deny IP list in the server, else we could automate this.
                            Steve Wood
                            See my profile on IADN

                            Comment

                              #15
                              Re: Lots and lots of session folders ....

                              Code:
                              Too bad we cannot automatically feed the Deny IP list in the server, else we could automate this.
                              exactly;
                              A while back I began injecting new IPs into ApplicationServerConfig.xml quite successfully. But unfortunately the server still needs a restart to load this.

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X