For a start, if there’s not too many different IPs, you can block them from hitting your website in .htaccess file.
Thank you Sinip, i did that manually. Now , what about the rest? Should blocking these to 10 – 12 ips be able to stop causing such a high CPU usage?
Would you care to assist me with the other issues, of course, if you have the knowledge?
Also, i blocked them using the IP blocker from my CPANEL .. should that work? instead accessing the .htaccess file?
Your cPanel IP blocker will put them in .htaccess file, so it is essentially the same thing.
If those bots were the cause of high CPU then yes, that should stop it.
Regarding other issues, well, you ask and I can answer, if I know… 🙂
thank you , here is preview of my stats visitors, while we only advertised websites for the products itself, and the visits should go to the pages , i noticed most of these visits were directioned at the /wp-admin/admin-ajax.php with 20,415 views 2.63 KB and 53 entries. this is abnormal. a human visitor will only visit the post/pages and not these functions.
and here is a list of the top hosts visiting, which i presumed these are the bots, as they have enormous data usage and page visits, as a human visitor would have.
i only list the top 25 , which i find it s very high number . should i ban all these ips?
Pages Hits Bandwidth
184.108.40.206 7,678 18,623 502.05 MB 22 Apr 2017 – 13:18
220.127.116.11 1,617 1,681 1.95 MB 23 Apr 2017 – 23:44
18.104.22.168 1,356 2,469 46.24 MB 23 Apr 2017 – 18:55
22.214.171.124 741 805 1.91 MB 23 Apr 2017 – 23:44
126.96.36.199 658 3,699 142.59 MB 21 Apr 2017 – 12:41
188.8.131.52 595 659 1.90 MB 23 Apr 2017 – 23:44
184.108.40.206 536 691 6.47 MB 21 Apr 2017 – 17:14
220.127.116.11 473 537 1.86 MB 23 Apr 2017 – 23:22
18.104.22.168 460 524 1.87 MB 23 Apr 2017 – 23:44
22.214.171.124 412 521 19.93 MB 23 Apr 2017 – 14:53
126.96.36.199 404 896 47.47 MB 22 Apr 2017 – 11:51
188.8.131.52 348 2,513 18.00 MB 22 Apr 2017 – 08:31
184.108.40.206 315 379 1.87 MB 23 Apr 2017 – 22:04
220.127.116.11 282 425 13.22 MB 23 Apr 2017 – 16:19
18.104.22.168 272 338 1.92 MB 23 Apr 2017 – 23:40
22.214.171.124 229 308 2.71 MB 23 Apr 2017 – 20:31
126.96.36.199 220 354 25.84 MB 23 Apr 2017 – 11:56
188.8.131.52 217 217 405.53 KB 23 Apr 2017 – 17:18
184.108.40.206 213 526 8.12 MB 23 Apr 2017 – 08:11
220.127.116.11 200 241 1.76 MB 23 Apr 2017 – 16:24
18.104.22.168 191 255 2.65 MB 23 Apr 2017 – 16:24
22.214.171.124 190 190 0 23 Apr 2017 – 23:42
126.96.36.199 168 232 2.65 MB 23 Apr 2017 – 16:25
188.8.131.52 160 222 2.66 MB 23 Apr 2017 – 15:55
184.108.40.206 150 502 31.66 MB 23 Apr 2017 – 07:34
As you said, there’s no reason for a human visitor to try to visit non-public parts of a website, unless there’s a hacking attempt going on. 🙂 So you could at least for now, ban those IPs accessing internal parts of your WordPress website. You know that you can block whole ranges in .htaccess, that is in cPanel block IP feature? So if you spot a pattern, you can block a range, not only individual IP. Beware not to block yourself 🙂 or real visitors.
Also, google for Google’s IP ranges, so you don’t block Google.
This reply was modified 5 years, 11 months ago by sinip.
dear sinip thank you, but my knowledge in this is very small. so if you could be more specific about this blocking patern?
how can i add these ? as about blocking myself, is no problem, because i have dinamic ip, and it always changes, it is not the same. so if i accindetaly block myself, i swith my router on/of and get another ip . about the real visitors, we only made it available last night, so i will not block any ips that visited, let s say, 10 to 50 times. anything bigger than that will be blocked. or do you mean, i should only look for the status and see which ip tried to access non public parts and only block those ?
is it possible, because of this, to have disabled my login option, or is it from the hosting, as they mentioned ? after this, when i hopefully manage to get back access to the account, what pplugin should i use to automatically block this robots interfiring with our website ? or what settings should we choose ? AND THANK YOU AGAIN FOR READING ALL THESE 🙂 sorry to be a pain but my entire day has been compromised due to this error
here are the options from my ip blocker :
Single IP Address
For instance, if you see in your log that there’s someone hitting your website from 220.127.116.11, then from 18.104.22.168 then 22.214.171.124 etc. you can enter 94.69.139.* in the IP blocker and then all IPs from 126.96.36.199 to 188.8.131.52 will be blocked.
If your host disabled your account because of high CPU usage then your whole website will be unavalable, but if your website is available then /wp-login.php should be available as well.
Regarding blocking, I’d block only those IPs that are accessing files that shouldn’t be accessed, anyone accessing your homepage, posts and other pages is probably legitimate visitor.
About plugins, can’t help you much, didn’t have a need for that yet, but I’m sure you’ll find something in plugins repository. You can also ban so called “bad bots” in .htaccess, using
user-agent just google for it.
@ax231 – There are a number of good security plugins in the repository:
The process for blocking IPs that @sinip provided is a good one for the short term. However, in the long term that will be a never ending process of you chasing IPs after-the-fact. I’d recommend you install a plugin and let that handle the process automatically. Each plugin has a support forum so, if you have questions regarding plugin installation or configuration, you can ask there.
i`ve searched within the visitors the following terms, that were provided in the stats :
xmlrpc.php – i see this was target as well, for force attacks – i just read now – so we were definately the target attack for some bots.
and then blocked each IP that accessed this search
linux ( majority of linux headers were pointed to thousand of visits , from o to 3 seconds ) so i blocked 3 ips ( that made 15 000 visits/clicks enormous compared to the others platforms)
Google Android 15,457 53 % 79,394 67.8 %
0s-30s 1,048 52.2 %
30s-2mn 461 23 %
that means only the remaining procent is a legitimate human visitor !
Visits up to 30 seconds can be human too. Someone came in, saw the website, saw its not interesting, then left. It takes less than 30 seconds for that.
@bdbrown thank you, but unfortunatelly i cannot access my dashboard yet.
i will take a look on the mentioned plugins page as soon as we are back online.
i hope blocking these ips for now will stop these bots on consuming the CPU usage of our server, but then we will definatelly need to switch to something more professional, like a plugin.
because the website worked fine until last night, when we had a high volume of visitors, it first started with the ERROR 500 , then we installed some cache cleaners, it worked fine until this morning, when we initially couldnt access the wp-longin but the website was still working, until now, when the website shows a 503 error on all pages . if you have any idea if i could just replace some files that may have been affected by these bots from the cpanel with the originals one ? ( fortunatelly i made a backup a couple of days ago, and i have all the clean files )
@sinip , it is a holiday rental website, so the adverts were based according to the cities of their interests
and i meant a human visit could not take 3 seconds ( not 30 seconds ) , at least on a holiday rental website , which by the way, it has a nice theme and nice properties
, the hosting company has unblocked my website.
should i use this plugin , mentioned by @bdbrown
You can try few of them (not at the same time, only keep enabled one at the time) and see which one you like the most.