Bot's HTML Server seems to die after too many errors

PhantomBot Version: 3.0.0
OS Version: Windows Server 2012 or 2008.
Java Version: 7 update 171 or something.
Browser and Version (for Panel Support): Latest Stable Google Chrome
Stock PhantomBot: Yes, but config changes may be the issue here.

So I don’t stream near as much as I used to, but I still have the bot running on a windows server with another bot I wrote. The bot is open on port 80 for my ease of access. Is it a bad idea (security wise)? Probably. Do I care? Not enough to change it.

However, I do get random queries from potential attackers (I’m sure every site gets these), trying to get into various setup files for different services (like forums and whatnot). Seeing as Phantombot has none of these, it just spits an error.

I’ve got a file on my website (not on the same IP as the bot) that queries some data for the bot so I can put it in my overlay. Every day or so I’ll notice that this file stopped working, and just shows nothing. A quick restart of the bot and a refresh of the page, it’s back to normal.

Note that I’ve had this exact same setup since probably phantombot 2.3 or before, and have never experienced this issue until the 3.0.0 release.

Here is the most recent error log: 13-05-2019.txt (84.7 KB)

As you can see, it’s literally all just “FileNotFound”. I’m not sure how much of an impact on performance it would make, but if some form of file verification could be added to prevent these errors from spamming it may fix my issue. Or, it’s something else causing the issue. I’m not sure yet.

This is a light weight web server, not entirely intended to create a rules and filtering inside of it. All filtering would have to come first and push back down the list the files to serve resulting in a slow down. That said, do let me discuss internally.

All of that aside, the web server code hasn’t changed, we just got rid of the secondary hosting for the Beta Panel in 3.0.0. Has there been a change in the JDK at any time in the recent past?

Now for all of my opinion, which can be ignored :slight_smile:

Personally, I firewall off all IPs except my home IP address from the bot control panel. I use a method to obtain my home IP if it ever changes as well and update the firewall rules.

Personally, I would care about port 80. I am not sure about Windows but in Linux that requires that an elevated account is running PhantomBot which isn’t suggested. If there are security holes, running as an elevated user is not so good. Most folks would run a proxy in front of it (which is pretty much the recommendation of security for most services, I believe). I can tell you we had a bug where people could read any file anywhere using the web server when it was running as an administrative user, it has been fixed, however, are there other issues? Maybe.

Yeah I know it’s not supposed to be the most complex thing.

I’m not sure what could be causing the issue other than just the amount of errors. There’s nothing else in the logs that could really hint at something else. The PHP pages don’t report any errors on their end either.

Also I noted the wrong Java version. The server is running on Java 8 update 211, not sure if that plays a role in this.

Would it be possible for you to have PHP write a Last Request log with the HTTP Status Code, Response Headers, and Response Body, and then post what it reports from one of these failures? (This info may require using cURL to execute the requests)

I’ll see what I can make it print and report back when I can.

I like GMT’s idea. I will spam a bot with a while loop from bash with a bad file request and see if I can break my local bot.

So, I hit my PhantomBot 50, then 100, 100, 500, 1000, 5000 times (this is the last loop):

illusion% CTR=0; while [[ CTR -lt 5000 ]]; do curl -X GET 1>/dev/null 2>/dev/null; CTR=$((CTR + 1)); echo -n "${CTR} "; done
 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 4926 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 4942 4943 4944 4945 4946 4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967 4968 4969 4970 4971 4972 4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984 4985 4986 4987 4988 4989 4990 4991 4992 4993 4994 4995 4996 4997 4998 4999 5000 [morpheus] /home/illusion

The web server still responded. How many times do you think you see it being hit before it fails? I have to an errand to run, I am going to leave it on a 100k loop, that should take a while.

I ran 100k loop, was fine. I am running a 1 million loop now - so far, been hitting the Control Panel once in a while, seems fine. I will let it finish though.

I know it’s like mega late but I finally got some logs from my web server. Unfortunately it’s not very helpful.

[25-May-2019 14:42:56 UTC] PHP Warning: file_get_contents( failed to open stream: Connection timed out in getData.php on line 4

So it’s getting timed out for whatever reason. Interestingly, I wanted to test if it was phantombot 3.0.0 or not so this was actually done on 2.9.1, but I feel it’s the exact same error.

The last error logs in the bot yet again refer to hundreds of "FileNotFoundException"s, the most recent query being:
[05-20-2019 @ 00:39:38.551 MST] .\web\laravel.php (The system cannot find the file specified)

I’d have to compile my own version of the bot if I wanted to attach my own debugging into it, and I might end up doing so eventually. But as it stands this is a strange issue.

My thinking is I want to put some debug lines at the top of the html request to see (more or less) when it decides to no longer process the request.


Request Got: .\web\laravel.php
[error log here]
Request Got: .\donationHandler\latestDonation.txt

and so on.

Doing some napkin math here with my latest error text file, each error takes up 20 lines and there’s 1261 lines (the last being empty). That’d only be 63 requests.

However, when my OBS is open and connected to the “ticker” page I use to request all this data (getData.php as seen above), that page is set to refresh every 10 seconds. So insert (obsTimeOpenInSeconds / 10) to that as well. Though, this particular failure I don’t think I had the page open in OBS at all.

Very weird.

Have you tried doing a chown -R on the bot’s root directory to make sure it is owned by the same user that the bot is running as?

I don’t think that exists on windows?

Windows has it’s own variant. You can either manually check/set permissions utilizing the Windows Explorer, or use a utility such as icalcs.

The following command grants read and execute permissions to the base Windows role “everyone.” You can adjust the user/role as needed.
icalcs pathtofoldergoeshere /grant "everyone":(OI)(CI)RX /inheritance:rx

The directory has 2 accounts and 1 group with access, SYSTEM, Administrator, and Administrators.

They all have full permissions. The account I use on the VPS is Administrator, so it should have full access to the directory.

Next thing I’m curious about is to run this the next time it stops working again, before you kill the bot

From a cmd.exe as admin

netstat -a -n | findstr :80 | findstr -V ESTABLISHED | findstr -V LISTEN | findstr -V TIME_WAIT

I want to know if you see a metric ton of connections there. If you decide to post the results, please remember to remove your IP first

If you dont get anything from there, also try

netstat -a -n | findstr :80 | findstr -V LISTEN | findstr -V TIME_WAIT

Censored the IPs for obvious reasons:

Note the bot is running on port 80 as mentioned before. Seems to be 15 different connections from a single IP address. One I also don’t recognize. It’s not my IP nor my websites.

I’d also guess that all these connections may be causing the issue, which is why you wanted to see it.


Here’s it without the bot running:

I ran the bot and waited for the messages to appear that it was fully up, then ran it again. It looks the same as above (Second image, not first)

I have a proposed solution

Open up your launch.bat and on the 3rd to last line (where we call java to actually run the bot), add the following command line parameters right at the beginning, after java

The issue we are trying to resolve, that I believe is the culprit here, is the equivalent of someone starting to load the webpage but then hitting the cancel button in their browser, but the server being none the wiser. These parameters should cause all incomplete requests to time out and close within 30 seconds. The default values for these settings is infinite timeout.

Ref: java - Why does hang? - Stack Overflow

Seems to still be doing it.

My site still shows a “Connection timeout” message in the error logging.

Ran the cmd commands again:

I’m really curious as to what started this; as I’ve had the bot running with this exact setup for nearly a year now and it only started around the 3.0.0 release, but it’s not due to that release this is happening.

This might need to be solved with the firewall then. If it’s always the same IP that’s causing the issue, block it, otherwise, set it up to only allow connections from you.

You could use noip to handle dynamically updating your home IP into a hostname and then add it to the Windows Advanced Firewall.

Unfortunately, the only way we could limit the number of connections per IP, which would be a more preferable solution, would be to stick a linux/hardware firewall in front of your box (because they support such a thing), or to make our own fork of

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.