The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Single Roundcube user flooding server

Discussion in 'General Discussion' started by Tom Risager, Nov 10, 2012.

  1. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    I am having a recurring issue where a single Roundcube user (not always the same) can flood the server with http requests. Server load slowly continues to increase over several hours, then abruptly drops back to normal levels (presumably because the user eventually closes the browser).

    /usr/local/cpanel/logs/access_log contains thousands of entries similar to these:

    Code:
    91.143.xxx.xxx - - [11/09/2012:23:18:46 -0000] "GET /cpsess4647885551/3rdparty/roundcube/?_task=mail&_action=check-recent&_mbox=INBOX&_list=1&_quota=1&_remote=1&_unlock=0&_=1352503124884 HTTP/1.1" 401 0 "https://web01.domain.dk:2096/cpsess4647885551/3rdparty/roundcube/?_task=mail&_mbox=INBOX&_refresh=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"
    91.143.xxx.xxx - - [11/09/2012:23:18:46 -0000] "GET /cpsess4647885551/3rdparty/roundcube/?_task=mail&_action=check-recent&_mbox=INBOX&_list=1&_quota=1&_remote=1&_unlock=0&_=1352503124820 HTTP/1.1" 401 0 "https://web01.domain.dk:2096/cpsess4647885551/3rdparty/roundcube/?_task=mail&_mbox=INBOX&_refresh=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"
    91.143.xxx.xxx - - [11/09/2012:23:18:46 -0000] "GET /cpsess4647885551/3rdparty/roundcube/?_task=mail&_action=check-recent&_mbox=INBOX&_list=1&_quota=1&_remote=1&_unlock=0&_=1352503124886 HTTP/1.1" 401 0 "https://web01.domain.dk:2096/cpsess4647885551/3rdparty/roundcube/?_task=mail&_mbox=INBOX&_refresh=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safa
    
    While searching for a solution I came across this bug description which seems to match what I see perfectly: #1488782 (Main INBOX page causes DoS against httpd when JS gets 40x error)

    So it appears that both Roundcube developers and cPanel staff are aware of the issue and that it will eventually be resolved. My question is, what should I do to mitigate this until cPanel releases with a version of Roundcube that does not have this problem?

    As it is, it seems that a single Roundcube user who gets into this error and leaves Roundcube running for an extended period of time can eventually bring the server to a halt (WHM 11.32.5 build 13).

    Edit: I created a support ticket for this issue, ID 3380773.
     
    #1 Tom Risager, Nov 10, 2012
    Last edited: Nov 10, 2012
  2. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    Got this reponse from support:

    After reviewing the bug report that you provided, I located an internal case as well regarding this. We have notified the developers of Roundcube about this particular issue. While Roundcube has issued a patch, we are still in the testing phase of this before it is released. I won't be able to provide a timeframe for when this will be resolved, but it is slated for an upcoming release. Once this has been resolved it will appear in our Change Log. You are able to view this here: Change Logs and reference case 62001.

    In the meantime, if anyone has any suggestions how to mitigate this issue, I'd be happy to hear from you. I'd hate to have to disable Roundcube and upset my mail users.
     
  3. ClaudioGarcia

    ClaudioGarcia Member

    Joined:
    Aug 8, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Experiencing the exact same problem here :(
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Same here. It was a Safari user. Although, server performance wasn't an issue here.

    M
     
  5. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Any movement on this? We had a client hitting Roundcube at almost 10 requests per second earlier due to this bug.
     
  6. ClaudioGarcia

    ClaudioGarcia Member

    Joined:
    Aug 8, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  7. glacia

    glacia Member

    Joined:
    Feb 7, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I'm having the same problem. Disabling Roundcube, doing /scripts/cleanphpsessions, /scripts/cleansessions, /scripts/cleanopenwebmail, deleting session files, restarting services, etc. had no effect. I had to resort to firewalling off the offending IP from the webmail port. There has to be a better way to mitigate this issue?
     
  8. ClaudioGarcia

    ClaudioGarcia Member

    Joined:
    Aug 8, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    the problem is still affecting me daily.

    I think unfortunately in the off roudcube
     
  9. ClaudioGarcia

    ClaudioGarcia Member

    Joined:
    Aug 8, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  10. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    That's good to hear. Now lets hope it makes it's way through the release tiers fairly quickly (it's currently only in EDGE by the looks).
     
Loading...

Share This Page