One mistake more with BlueHost and they throw me out; always very nice too loose ones credit...

Your web hosting account for has been deactivated, as of 2010-05-15 19:14:55.

* Reason: site causing performance problems.

For more information about this account, please call (888) 401-4678, option 2.

When calling, they returned that my drupal instal was spamming all other accounts. They send me this email with further info:

About your account - Sunday, May 16, 2010 3:51 AM
addon domain with drupal install causing syslogd to spam all users repeatedly: Message from syslogd@ at Sat May 15 17:33:45 2010 ... box541 drupal:|1273966425|phpids||| .../?q=admin/settings/search_service|1||PHPIDS problem detected. Please check your status report for more informations.
I doubt if that is the reason. I just installed over an hour ago all kinds of email modules. So its a Drupal problem and not a hacker.

Anyway, I like to have my many sites under this account back!

I will look for more info on the status report and the modules installed, if Bluehost allows me to get to that part of my site.

So I will update this info very soon & help very welcome!


ClearXS’s picture

PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ cannot open shared object file: No such file or directory in Unknown on line 0

Cpanels Main error log is full of (almost) exactly the same warning. Only difference seems that mostly no user IP is mentioned and sometimes the same warning is given with a user or visitors IP.

(update: took away the many equal and similar error messages)

ClearXS’s picture

Nice that there is a "status report" in Drupal, but how to find it in the directories, as nothing on my sites is working anymore, only archived?

ClearXS’s picture

The civicrm doesn't seem to be the cause; I only uploaded and extracted the module. Was figuring it out, when my account got suspended. Probably its one of the modules I installed just before..?

(In no way I could copy the file names in windows, so that´s why this snippet...)

dman’s picture

It's unclear what is meant by "Spamming" other accounts. By email? Or just putting lots of warnings into the logs?

With the site disabled, I can't tell what to do - though you can and probably should Disable recently enabled modules through the database. I don't know what it would take to get them to turn it on.

The other errors you posted imply that the hosting doesn't support Mysql at all - so it's probably just what happened when your host turned off the access.
One line like that would have been enough - If you post 50 copies of exactly the same error for us to look at, it shows that you didn't even bother to read the message yourself and realize it was just one actual message. That means you aren't doing your own troubleshooting and want someone else to read the message for you.

ClearXS’s picture

"... drupal install causing syslogd to spam all users repeatedly: ..." => so it seems some "syslogd" that is getting to error reporting of all other users on this shared hoster. My initial idea that they were talking about email spamming, seems wrong. I got that impression because I was installing a lot of messaging and email related modules (see the picture link) just before they shut down my account AND one of that modules was talking about a possible error where all users were emailed under certain conditions. But Bluehost ain´t usimng the word email, but says that syslog is spamming all users.

Ofcourse Bluehost supports MySQL and it has always worked. Because its an installation with many modules, the database has become inconsistent. That module indymedia_alba sometimes gave a minor warning before, maybe because indymedia alba never was used with many other modules. But no real errors, normally they disappeared.

Yes, I hadn´t seen these were exactly the same error messages. I only saw error reporting about something I don´t understand. I quickly went onto worj for looking for other error reports to make the picture complete, as it was getting late at satuday night, knowing that quickly lesser people are available. Ofcourse I post here, hoping others can make a clue about what has happened. I´m not an expert and even an expert has issues to post on Drupal. It also seems an unique Drupal error that is for the sake of all Drupal users to get resolved.

Then its unclear if the error reporting from that Cpanel main error log has something to do with the error in the first post Bluehost is talking about. They were talking about an error report with another name. As I couldn´t find it in Cpanel, I presume it´s the Drupal error report that has this name. But where is it located? The normal url is a fake one and ofcourse doesn´t work anymore as the www part of the site is disconnected. But I can look into the files and MySQL.

dman’s picture

The Drupal "Status report" is a dynamic page that is made up of all sorts of code lookups and checks depending on available modules and all. So it isn't located anywhere, it's part of a working system. It's not part of a broken system.

The basic place to look for actual Drupal-logged errors is the 'watchdog' tables.
But without any information about what the actual symptoms or problem are, I'm not sure what you should be looking for, or even if that log will have what you need. Evidence may also be in the php logs or the apache logs - if they are enabled and if the host has given you access to them.

You need to get actual data from and work it out with the host. Guessing what you mean about what they said is too vague.

ClearXS’s picture

Cpanel only gave the main error log (maybe the errors are just because they have shut down my account, so the error implies that it cant start up or something? Today I see new similar errors, but cant be anymore the same as when the account was working?)

"SUEXEC error_log" and "PHP error_log" were empty.

OK; I got a new email from Bluehost and now the case seems clear:

The problem here is that the Drupal install has had the syslog module enabled. This module is not acceptable in a shared hosting environment, it is logging to a system log file on the server where you as an end user would not have any access to see the data being logged after the fact, and as side effects you are causing other users to be spammed with the trivial issues that it logs, while cluttering the server's system log with data that has no rightful place to be there.
As stated, there should be no benefit to you as a customer to direct your Drupal install to log it's errors to the system log since only our admins have access to read that file. I had taken the liberty of disabling the module via the MySQL database, but it seems that the module was re-enabled within 24 hours. Given that the module could not reliably be disabled, we were forced to disable the account to stop the undesirable behavior that it was causing.
I have once again disabled the module via the Database, if you were not responsible for reactivating the module after it's initial deactivation, you will need to take steps to make certain that the module is not re-enabled at any future time. I would recommend removing it all together as it has no suitable place in a shared hosting environment.
Once you have decided on a course of action to ensure that the Drupal syslog module does not continue to be an issue, please let us know and we will be happy to reactivate your account.

dman’s picture

Right, now THAT is an explanation, and a very valid complaint. I think they've behaved very well for you here.

Indeed, there is no purpose to you using syslog. The normal default in D6 - and it should remain - is to use watchdog (dblog).
So don't use syslog on a machine that's not yours or the sysadmin will bite you.
Turn it off in
Or using the instructions link I gave above.

Maybe this module should have a warning label on it "Don't play with this if you don't know what syslog is". Honestly, it is inappropriate to even be there on a shared host.

ClearXS’s picture

Luckely its resolved!

And Bluehost never made a statement that they will throw me out definitively on future errors, but that was me guessing what hosters in general (might) do...

But it indeed should have a very strong warning. I cant remember anymore if that warning was somewhere on the Drupal pages. But even if so, in time many people dont remember and the list of vinking modules didn´t give any warning. Indeed it should! Or indeed; it should be disabled through php and adding/deleting a line first to get it enabled.

Where should I file an issue about integrating such a warning/disabling? Drupal core issues?

Another point that was connected to this, is an inconsistent database with errors; where to find good instructions how to repair and clean up the database? In Cpanel or phpmyadmin one can opt for repair database; will that be sufficient, or is there more to do?

dman’s picture

I think it's probably worth raising as a suggestion.
Stick it in the Drupal queue for discussion, it'll have to be D8 though ;-)

ClearXS’s picture

Yes, I found the corect issue page and filed it:

webhost problem with syslog.module

why can´t it go as a patch or in the Drupal 6.17 release?

dman’s picture

Well, it counts as "new behavior" and nobody will say that it's "critical" ... so it'll be way off the critical path, even if anyone thinks it's worthwhile.

That issue you filed is extremely unclear - it's all just talking about your experience, but doesn't even mention what the problem actually is.

I think the web host admins said it much better - copy that quote over as the issue, and be as explicit as you can on the title. "syslog logging module is inappropriate for shared hosts - should not be available to new users" or something.

ClearXS’s picture

Thanks Dan, I´ve copied that most important part, so others don´t have to go through this whole discussion first.

The title and initial posting can´t be changed anymore there; yes its possible here, but not on the issues.

My site is back, so I just took some tranquilizers half an hour before I got to that modules vinking page, just like crossing the highway with a lot of traffic; ever being scared of doing something wrong or that a Drupal error can turn it on accidentally, resulting in loosing my webhost account... (OK, I´m exaggerating!)

And I´m not that a new user; just installing many modules and integrating during months to get a complex site together (finally I´m getting close after just over 3 years being born in the Drupal world; standing up and falling on the floor again trying to make a complex site. Sometimes also because the necessary modules were not there or malfunctioning) probably forgetting that I *somewhere* might have red a warning about this module a long time ago.