dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 I have renamed all paths to php files and also the php files on the root. PHP can no longer generate a load. We are still waiting until 00:00 UTC to restart. In the meantime, you are welcome to take a look at my logs to see whether you can see any indication of today's load. Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 You are getting hit by a lot of bots looking to hack Wordpress installs. Obviously you don't actually have a Wordpress install though so they're all getting 404 errors. Do you have a custom 404 page that is served by php perhaps? Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 That's a lot of bot hits. Any idea what "empty user agent string" could be? Unless you know what that is it's probably malicious because respectable bots identify themselves. Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 If you want to block the "empty user agent string" bots you can do so by putting this in your .htaccess RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule ^(.*)$ - [F,L] Link to comment Share on other sites More sharing options...
dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 I don't have a custom 404 error page. The suspendedpage is currently called in the existing .htaccess. Link to comment Share on other sites More sharing options...
dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 In the folders under homedir\tmp\pma_template_compiles_dl5ark\twig are some *.php Files which I don't know. Is this normal? Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 In the folders under homedir\tmp\pma_template_compiles_dl5ark\twig are some *.php Files which I don't know. Is this normal?I think those are temporary files that are created when you use phpmyadmin. Have you been using phpmyadmin? Link to comment Share on other sites More sharing options...
dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 Yes, i use phpmyadmin. Link to comment Share on other sites More sharing options...
dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 Can we create a wordpress directory and revoke access to it? Maybe this will stop the access to the non-existent Wordpress installation? Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 Well, the load is coming from php for sure. Unless you're using a custom error page that points all 404 requests to a php script, that probably isn't the cause of your high load. Without a custom error page apache just handles 404 errors on its own which causes very little load. I think you should block some of the bots, especially the "empty user agent string" bots, using .htaccess like I suggested. Unless you know what they are for sure I would say that wget, fetcher, obot, and old firefox versions should probably be blocked too. Link to comment Share on other sites More sharing options...
dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 After every change in .htaccess I get ### Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at webmaster@dl5ark.heliohost.org to inform them of the time this error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request. ### I have now restored the .htaccess for the suspendedpage. Can you write the .htaccess for "empty user agent string"? wget I am myself. Link to comment Share on other sites More sharing options...
dl5ark1 Posted September 24, 2020 Author Share Posted September 24, 2020 empty user agent string:Hits 24,920 Bandwidth 3.29 MBCan this bandwidth really be responsible for 100% CPU and memory usage? Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 Depends on what the php script does. I could easily write a php script with less than 10 lines of code that gobbles up 512 MB of memory and pegs the cpu at 100% for 60 seconds and then only outputs 15 bytes of bandwidth. Link to comment Share on other sites More sharing options...
Krydos Posted September 24, 2020 Share Posted September 24, 2020 Ok, I set up your .htaccess for you. I made it a little more elegant than my simple example above. RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^-?$ RewriteCond %{REQUEST_URI} !ua.html$ RewriteRule ^(.*)$ http://dl5ark.heliohost.org/ua.html [R=301,L] and ua.html is this Please provide a non-blank user agent to access this site. That way the blank user agent bots will have a useful error, and can change their bot to continue accessing your site if they want to. Thanks for being so responsive, and trying so hard to fix this issue, by the way. Link to comment Share on other sites More sharing options...
Krydos Posted September 25, 2020 Share Posted September 25, 2020 Looks like blocking the blank user agent bots did the trick. We're almost three hours into the new day, and your account load is basically zero. Link to comment Share on other sites More sharing options...
Recommended Posts