0

THE PROBLEM

My server gave me an ultimatum (3 business days):

"We regret to say That database is currently consuming excessive resources on our servers Which causes our servers to degrade performance Affecting ITS customers to other database driven sites are hosted on this server That. The database / tables / queries statistical information's are provided below:

AVG Queries / logged / killed 79500/0/0

There are Several Reasons where the queries gets Increased. Unused plugins will Increase the number of queries. If the plugins are not causing the issue, you can go ahead and block the IP addresses of the spammers Which will optimize the queries. Also you can look for any spam Existed contents in the database and clear them up.

You need to check for the top hitters in the Stats page. Depending upon the bandwidth accessed, top hits and IP you need to take specific actions on Them to optimize the database queries. you need to block the Unknown robot (Identified by 'bot *'). Since These bots are scraping content from your website, blog comment spamming your area, harvesting email addresses, sniffing for security holes in your scripts, trying to use your mail form scripts as relays to send spam email. .htaccess Editor tool is available to block the IP address."

THE BACKGROUND

The site is made ​​100% from us in VB. NET, mySQL and platform of Win (except the Snitz Forum). The only point from which we received SPAM was a form for comments which now has a captcha. We talk of more than 4000 files between tools articles, forums, etc. for a total of 19GB of space. Only upload it takes me 2 weeks.

STATISTICS OF ROBOTS

Awstats tells us for the month of February 2012:

ROBOT AND SPIDER

Googlebot +303 2572945 accesses 5:35 GB

Unknown robot (Identified by 'bot *') 772520 accesses +2740 259.55 MB

BaiDuSpider +95 96 639 access 320.02 MB

Google AdSense 35907 accesses 486.16 MB

MJ12bot 33567 +1208 access 844.52 MB

Yandex bot +104 18 876 access 433.84 MB

[...]

STATISTICS OF IP

IP

41.82.76.159 11681 pages 12078 accesses 581.68 MB

87.1.153.254 9807 pages 10734 accesses 788.55 MB

[...]

other 249561 pages 4055612 accesses 59.29 GB

THE SITUATION

Help!!! I don't know how to block IP with .htaccess and I don't know what IP! I'm not sure! Awstats ends without the past 4 days!

I already tried in the past to change the password of FTP and account, nothing! The goal is not I think are generic attacks aimed at obtaining backlinks and redirects (often do not work)!

TerryE
  • 10,724
  • 5
  • 26
  • 48
Giada Lombardi
  • 1
  • 1

1 Answers1

0

This isn't really an htaccess issue. Look at your own stats. You've had ~4M hits generating some 12Kb per hit in the last 4 days. I ran the OpenOffice.org user forums for 5 years and this sort off access rate can be typical for a busy forum. I used to run on a dedicated quad-core box, but migrated this a modern single core VM and when tuned, this took this sort of load.

The relative Bot volumetrics are also not surprising as a % of these volumes, nor are the 75K D/B queries.

I think that what your hosting provider is pointing out is that you are using an unacceptable amount of system (D/B) resources for your type of account. You either need to upgrade your hosting plan or examine how you can optimise your database use. E.g. are your tables properly indexed and do you routinely do a Check/Analyze/Optimize of all tables. If not then you should!

It may well be that spammers are exploiting your forum for SPAM link posts, but you need to look at the content in the first instance to see if this is the case.

TerryE
  • 10,724
  • 5
  • 26
  • 48
  • I have blocked 90% of mySQL connection of site, they say AVG Queries / logged / killed is now 95000/0/0! How is it possible? – Giada Lombardi Mar 02 '12 at 13:30
  • what do you mean by "I have blocked 90% of mySQL connection of site"? I assume that the only access is via the forum. Have you done a complete swap out of passwords, etc. and reviewed the access logs for exploits? Unfortunately, I haven't used ASP for 10 years so am a bit rusty on current exploits. – TerryE Mar 02 '12 at 14:04
  • All pages uses mySQL (for advertising, comments, etc.), the site has always worked, the problem is started in the last 4-5 days.How can I look for exploits? I've already changed passwords. And now I've reduced connections by 95%! – Giada Lombardi Mar 02 '12 at 16:23
  • As I said, review your access logs; find out suspicious hot topics and posts; review your recent members and then use these to drill into the content. Also if nec do a clean reinstall of the forum application. The spammers are hitting your forum for a purpose. – TerryE Mar 02 '12 at 19:21