Memory Spikes and Cannot allocate memory: couldn't create child process

Greetings,

I’m hoping I can find some answers here. Forgive me if this is the wrong place to put this. I have somewhat of a strange problem that has my team and my ISP stumped. Recently, we discovered a problem with out website, aaspire.org. The site will intermittently give a 500 error due to exceeding its memory limit. Upon doing a little digging with our ISP we discovered that some Russians sites are referring traffic to our site. We are a small, Oregon based academic research group with no relationship or business in Russia. When we get these referrals, the site becomes inaccessible as the memory usage suddenly spikes. Errors from the logs are as follows:

[Wed Jan 09 14:15:58 2013] [error] [client 91.223.75.118] (12)Cannot allocate memory: couldn't create child process: /opt/suphp/sbin/suphp for /home/jaaspire/public_html/index.php, referer: http://megapolis-b.ru/ [Wed Jan 09 14:15:58 2013] [error] [client 91.223.75.118] (12)Cannot allocate memory: couldn't create child process: /opt/suphp/sbin/suphp for /home/jaaspire/public_html/index.php, referer: http://reservist.ru/ [Wed Jan 09 14:15:58 2013] [error] [client 91.223.75.118] (12)Cannot allocate memory: couldn't create child process: /opt/suphp/sbin/suphp for /home/jaaspire/public_html/index.php, referer: http://0029.ru/

The ISP says its refering to the “index.php script”. Their suggestion was to optimize the site, which isn’t possible. Index.php, as I’m sure you all can guess, isn’t a script. All it does is serve the site html templates. It’s memory usage is normally extremely low. Traffic to our site in general is also very low. The only way to make the site more basic is to serve flat HTML. It’s really a very simple site. I’ve spoken with my ISP and they claim that there is nothing that they or we can do about it since the web admins on these Russian sites won’t respond to their emails.

I’m not convinced that is true. My questions are as follows:

1. How did we get targeted for this kind of traffic?
2. Is there anyway to block it? How can we get it to stop?
3. Is there some sort of security issue with our code that is causing it?
4. How can we prevent more unwanted referred traffic?

Many Thanks,

Ren

How much traffic are we talking about? You are certain the code cannot be optimized?

When you say ISP are you using one of those free virtual hosting with your service provider?

How much traffic are we talking about?
Not sure. That stats aren’t being given to us.
Memory spikes past the limit of 512M. At one point we were using 1 gig of memory. Normally we average between 44k and 150k. Then suddenly we spike between 500m and 1 gig of memory use then it’ll drop off.

You are certain the code cannot be optimized?
As I said, all index.php does is serve html templates. The only way it gets more basic is if the site were just vanilla html.

When you say ISP are you using one of those free virtual hosting with your service provider?

Apologies. Not the ISP but our webhost. And no, we pay for the service through JaguarPC.

So you are not even using a MySQL database? It is literally raw HTML in a PHP file?

No MySQL. No database. No nothing. It’s just HTML, CSS and PHP. There just isn’t anything that is gonna require that much memory. We shouldn’t be hitting more than 150k. The site is aaspire.org. Check it out. It’s very, very basic.

The host also identified the spikes as directly corresponding to the referred traffic from the shady Russian e-commerce sites. If it were native to the site we would see these spikes during normal usage and we don’t. Only when the .ru urls are referring traffic.

It’s really hard to say. I think your host should be a little more helpful.

Here’s one optimization you could try. Your background.png is 609KB (1200x800). With enough traffic this could possibly spike your disk/memory usage. Since it’s just a gradient you could easily make this 1x800 and use repeat-x in your CSS. The file would then be less than 1KB (as a PNG24)

Good luck. If all else fails, find a better host. They should certainly be able to block this traffic.

If your site is not the problem then you should look into blocking Russia via htaccess

For example:

You can output a list of IP ranges to block an entire country.

Just curious if you made any progress on this?