Support » Fixing WordPress » cannot access my admin dashboard , high cpu usage

  • Hi there , i am not a developer nor a tech guy
    I am having a hectic day , unfortunatelly i cannot login to my wp-admin dashboard anymore. Everything worked perfect until yesterday, since we made the website public and set up the adverts on twitter and several other websites.

    Due to the high volume of visits, the website kept displaying a 500 error. Then, this morning , when i tried to reply to my dashboard, i noticed i am getting an 503 Service Unavailable error.
    Server currently undergoing maintenance. Webmaster: please contact support.

    When i checked my cpanel stats visitors, i could see there are around 5 ips that made a great volume of traffic and consumed a great volume of bandwith.

    I know these are bots ( if anyone has any idea what plugin should i use after i manage to repair the website ) and they have blocked my website.

    My hosting department told me that the website was automatically flagged due to high cpu ussage , 122% , it was unblocked, then blocked again.

    What can i do please? a speedy reply would be highly appreciated

    many thanks

Viewing 15 replies - 1 through 15 (of 15 total)
  • For a start, if there’s not too many different IPs, you can block them from hitting your website in .htaccess file.

    Thread Starter ax231

    (@ax231)

    Thank you Sinip, i did that manually. Now , what about the rest? Should blocking these to 10 – 12 ips be able to stop causing such a high CPU usage?

    Would you care to assist me with the other issues, of course, if you have the knowledge?

    Many thanks

    Thread Starter ax231

    (@ax231)

    Also, i blocked them using the IP blocker from my CPANEL .. should that work? instead accessing the .htaccess file?

    Your cPanel IP blocker will put them in .htaccess file, so it is essentially the same thing.
    If those bots were the cause of high CPU then yes, that should stop it.

    Regarding other issues, well, you ask and I can answer, if I know… 🙂

    Thread Starter ax231

    (@ax231)

    thank you , here is preview of my stats visitors, while we only advertised websites for the products itself, and the visits should go to the pages , i noticed most of these visits were directioned at the /wp-admin/admin-ajax.php with 20,415 views 2.63 KB and 53 entries. this is abnormal. a human visitor will only visit the post/pages and not these functions.

    and here is a list of the top hosts visiting, which i presumed these are the bots, as they have enormous data usage and page visits, as a human visitor would have.

    i only list the top 25 , which i find it s very high number . should i ban all these ips?

    Pages Hits Bandwidth

    213.233.92.161 7,678 18,623 502.05 MB 22 Apr 2017 – 13:18
    172.58.139.79 1,617 1,681 1.95 MB 23 Apr 2017 – 23:44
    89.243.64.49 1,356 2,469 46.24 MB 23 Apr 2017 – 18:55
    98.198.135.197 741 805 1.91 MB 23 Apr 2017 – 23:44
    216.38.5.19 658 3,699 142.59 MB 21 Apr 2017 – 12:41
    151.25.224.99 595 659 1.90 MB 23 Apr 2017 – 23:44
    88.21.131.162 536 691 6.47 MB 21 Apr 2017 – 17:14
    213.225.39.81 473 537 1.86 MB 23 Apr 2017 – 23:22
    90.0.229.212 460 524 1.87 MB 23 Apr 2017 – 23:44
    51.9.52.153 412 521 19.93 MB 23 Apr 2017 – 14:53
    84.182.196.139 404 896 47.47 MB 22 Apr 2017 – 11:51
    109.166.132.218 348 2,513 18.00 MB 22 Apr 2017 – 08:31
    88.117.90.230 315 379 1.87 MB 23 Apr 2017 – 22:04
    86.151.99.237 282 425 13.22 MB 23 Apr 2017 – 16:19
    82.144.189.54 272 338 1.92 MB 23 Apr 2017 – 23:40
    24.23.83.114 229 308 2.71 MB 23 Apr 2017 – 20:31
    82.42.204.150 220 354 25.84 MB 23 Apr 2017 – 11:56
    192.185.138.44 217 217 405.53 KB 23 Apr 2017 – 17:18
    91.134.137.22 213 526 8.12 MB 23 Apr 2017 – 08:11
    176.58.143.165 200 241 1.76 MB 23 Apr 2017 – 16:24
    178.146.3.248 191 255 2.65 MB 23 Apr 2017 – 16:24
    212.95.7.33 190 190 0 23 Apr 2017 – 23:42
    185.42.35.74 168 232 2.65 MB 23 Apr 2017 – 16:25
    94.69.139.22 160 222 2.66 MB 23 Apr 2017 – 15:55
    2.26.24.61 150 502 31.66 MB 23 Apr 2017 – 07:34

    As you said, there’s no reason for a human visitor to try to visit non-public parts of a website, unless there’s a hacking attempt going on. 🙂 So you could at least for now, ban those IPs accessing internal parts of your WordPress website. You know that you can block whole ranges in .htaccess, that is in cPanel block IP feature? So if you spot a pattern, you can block a range, not only individual IP. Beware not to block yourself 🙂 or real visitors.
    Also, google for Google’s IP ranges, so you don’t block Google.

    • This reply was modified 5 years, 3 months ago by sinip.
    Thread Starter ax231

    (@ax231)

    dear sinip thank you, but my knowledge in this is very small. so if you could be more specific about this blocking patern?

    how can i add these ? as about blocking myself, is no problem, because i have dinamic ip, and it always changes, it is not the same. so if i accindetaly block myself, i swith my router on/of and get another ip . about the real visitors, we only made it available last night, so i will not block any ips that visited, let s say, 10 to 50 times. anything bigger than that will be blocked. or do you mean, i should only look for the status and see which ip tried to access non public parts and only block those ?

    is it possible, because of this, to have disabled my login option, or is it from the hosting, as they mentioned ? after this, when i hopefully manage to get back access to the account, what pplugin should i use to automatically block this robots interfiring with our website ? or what settings should we choose ? AND THANK YOU AGAIN FOR READING ALL THESE 🙂 sorry to be a pain but my entire day has been compromised due to this error

    here are the options from my ip blocker :

    Single IP Address
    192.168.0.1
    Range
    192.168.0.1-192.168.0.40
    Implied Range
    192.168.0.1-40
    CIDR Format
    192.168.0.1/32
    Implies 192.*.*.*
    192.

    For instance, if you see in your log that there’s someone hitting your website from 94.69.139.22, then from 94.69.139.57 then 94.69.139.247 etc. you can enter 94.69.139.* in the IP blocker and then all IPs from 94.69.139.0 to 94.69.139.255 will be blocked.
    If your host disabled your account because of high CPU usage then your whole website will be unavalable, but if your website is available then /wp-login.php should be available as well.
    Regarding blocking, I’d block only those IPs that are accessing files that shouldn’t be accessed, anyone accessing your homepage, posts and other pages is probably legitimate visitor.
    About plugins, can’t help you much, didn’t have a need for that yet, but I’m sure you’ll find something in plugins repository. You can also ban so called “bad bots” in .htaccess, using user-agent just google for it.

    @ax231 – There are a number of good security plugins in the repository:
    https://wordpress.org/plugins/search/security/

    The process for blocking IPs that @sinip provided is a good one for the short term. However, in the long term that will be a never ending process of you chasing IPs after-the-fact. I’d recommend you install a plugin and let that handle the process automatically. Each plugin has a support forum so, if you have questions regarding plugin installation or configuration, you can ask there.

    Thread Starter ax231

    (@ax231)

    i`ve searched within the visitors the following terms, that were provided in the stats :

    /wp-admin/admin-ajax.php ;
    /wp-admin/admin-ajax.php ;
    xmlrpc.php – i see this was target as well, for force attacks – i just read now – so we were definately the target attack for some bots.

    and then blocked each IP that accessed this search

    linux ( majority of linux headers were pointed to thousand of visits , from o to 3 seconds ) so i blocked 3 ips ( that made 15 000 visits/clicks enormous compared to the others platforms)

    Google Android 15,457 53 % 79,394 67.8 %

    visit duration

    0s-30s 1,048 52.2 %
    30s-2mn 461 23 %

    that means only the remaining procent is a legitimate human visitor !

    Visits up to 30 seconds can be human too. Someone came in, saw the website, saw its not interesting, then left. It takes less than 30 seconds for that.

    Thread Starter ax231

    (@ax231)

    @bdbrown thank you, but unfortunatelly i cannot access my dashboard yet.

    i will take a look on the mentioned plugins page as soon as we are back online.

    i hope blocking these ips for now will stop these bots on consuming the CPU usage of our server, but then we will definatelly need to switch to something more professional, like a plugin.

    because the website worked fine until last night, when we had a high volume of visitors, it first started with the ERROR 500 , then we installed some cache cleaners, it worked fine until this morning, when we initially couldnt access the wp-longin but the website was still working, until now, when the website shows a 503 error on all pages . if you have any idea if i could just replace some files that may have been affected by these bots from the cpanel with the originals one ? ( fortunatelly i made a backup a couple of days ago, and i have all the clean files )

    Thread Starter ax231

    (@ax231)

    @sinip , it is a holiday rental website, so the adverts were based according to the cities of their interests

    and i meant a human visit could not take 3 seconds ( not 30 seconds ) , at least on a holiday rental website , which by the way, it has a nice theme and nice properties

    Thread Starter ax231

    (@ax231)

    , the hosting company has unblocked my website.

    should i use this plugin , mentioned by @bdbrown

    https://wordpress.org/plugins/wordfence/

    You can try few of them (not at the same time, only keep enabled one at the time) and see which one you like the most.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘cannot access my admin dashboard , high cpu usage’ is closed to new replies.