AbleCommerce Shopping Cart Software

We create a new site with 7.0.7 and a few plugins from Web2Market and pluggables.

We have a entry in the firewall about 30 of them a second.

2012-02-03 16:26:26 Deny 192.168.129.26 128.138.140.44 ntp/udp 53898 123 1-Trusted 0-External denied 76 128 (Unhandled Internal Packet-00) rc="101"

the IP Address destination is different values:
129.6.15.28
132.163.4.102
131.107.13.100
192.43.244.18

to show a few

I have STOPPED "Windows Time" service. set to disabled. I have restarted etc. I have a few other servers with the same setup on the domain and none of the others are doing this.

If I stop the IIS service the firewall clears up.

If anyone has any thoughts. Is a able guru or a windows 2008R2 guru and has time to troubleshoot, I have payment ready for a fix.

Email Chris (at) FireFold.com or 704-979-7100

This was fixed Friday afternoon.

There was a .js file trying to validate a license for a 3rd party module. The solution was to rename the 3rd party modules license file to .old and the NTP requests stop immediately.

For some reason, it was trying to validate the license with most every page hit. As a result, a high traffic site would effectively go into a self-inflicted Denial of Service (DOS) situation as a result of the NTP requests flooding the bandwidth. Blocking Port 123 at the firewall didn't help since the NTP request was still being generated at the application level on the server itself.

The clue to the answer was found in the server Event Log.

Hi Joe,

Which file was this?

AbleMods wrote:This was fixed Friday afternoon.

There was a .js file trying to validate a license for a 3rd party module. The solution was to rename the 3rd party modules license file to .old and the NTP requests stop immediately.

For some reason, it was trying to validate the license with most every page hit. As a result, a high traffic site would effectively go into a self-inflicted Denial of Service (DOS) situation as a result of the NTP requests flooding the bandwidth. Blocking Port 123 at the firewall didn't help since the NTP request was still being generated at the application level on the server itself.

The clue to the answer was found in the server Event Log.

The file that was renamed (to .old) was the license file provided for the software. The .js automatically stopped appearing once the license file was renamed.

Napacabs, you haven't purchased the plugin that was causing an issue from us. We also changed to new licensing that doesn't check the time server after we found out about the problem.