Unsolved A Small Orange - bandwidth limit exceded
-
Maybe I should put ads on the page. That seems to drive people away... Seriously, Total Unique Visitors Last 24 Hours: 2,763 If it was an attack, it would seem to be distributed.
-
Maybe there is some bizarre SEO on your page leading people there? Maybe the IP address was used for something else before?
-
Fire up Google Analytics and look for traffic source info.
-
Giving my next question it's own thread:
https://mangolassi.it/topic/13548/add-google-analytics-to-wordpress
(add Google Analytics to Wordpress?) -
I added Google Analytics. I can see when I hit the page, it says 1 active session. Otherwise it's sitting at 0 active sessions. -Which is what I expect for this seldom used site. However, Cloudflare and A Small Orange insist I'm getting 200+ unique visitors an hour. Where do I go next?
-
That suggests it isn't picking up the JavaScript. It's a bot of some sort.
-
Have you looked into WordFence?
-
If they are bots, Wordfence has an option to automatically block "fake Google crawlers" found under Wordfence -> Firewall -> Rate Limiting. Wordfence is free for many of it's features but also offers some premium features for paid option.
Something else to watch for is, I noticed that Google crawlers were going ape$hit for a while crawling a couple sites I manage to the tune of hundreds of pages per day. That's since calmed down though. Right around the time I submitted a sitemap to Google Search Console.
-
@Danp said in A Small Orange - bandwidth limit exceded:
Have you looked into WordFence?
Thanks for the tip. WordFence was the first thing to let me see what's going on. The live view feature let me see the requests and where they are coming from. Mostly it's IPs from all over the world that are trying to pull up admin and register pages that don't exist.
I let it run for a few hours and it didn't put a dent in the traffic, so I just tweaked some of the settings so that it will start blocking after 20 failed attempts for different things. We'll see how it looks tomorrow.
-
@NashBrydges said in A Small Orange - bandwidth limit exceded:
If they are bots, Wordfence has an option to automatically block "fake Google crawlers" found under Wordfence -> Firewall -> Rate Limiting. Wordfence is free for many of it's features but also offers some premium features for paid option.
They are bots. When I adjust the filter to "humans" it shows no hits. I turned on the "fake google crawler" rule. We'll see what it looks like tomorrow.
-
After 2 minutes I've had to turn off "Alert when an IP address is blocked".
-
Those changes didn't make a dent in the traffic. I set WordFence to block bots after 1 404 error. We'll see what that does.
-
That's so crazy that you are getting SO much traffic.
-
I have to wonder if I should just move to a new host or something. I can't explain why they are pounding on my site so hard.
-
What are they trying to do when they call the: http://www.domainname.com/?ctl=register page?
-
I think I may have figured it out. The site used to be hosted on an IIS box running .net nuke. .net nuke was vulnerable to users registering themselves and creating a link back to their page. (link juice for SEO optimization) It seems that after I moved the site, they are still trying to hack the registration from when the site was on DNN.
I just updated wordFence to block on the url "/?ctl=register" and /*/Default.aspx so now it's blocking most attempts.
-
CloudFlare is still seeing the same amount of traffic, but ASmallOrange is seeing way less bandwidth. (It's actually reading 0 for the day.) The WordFence live feed is a constant stream of blocked requests.
-
@IRJ said in A Small Orange - bandwidth limit exceded:
There are also plenty of FREE plugins that do this with one click.
https://wordpress.org/plugins/rename-wp-login/
https://wordpress.org/plugins/protect-wp-admin/
Wordfence also lets you do this and restrict IPs to the admin page.
I'm trying to make this as the solution to the problem. The other tools weren't telling me what was going on because they were showing me what pages were served, not what pages were asked for an unresolved. WordFence was able to show me that spammers were trying to register through .aspx pages that the old .netNuke site used. By banning those pages, my bandwidth consumption has gone down. I'm curious to see how long they have to get 404s before they will stop making requests.
-
Anyone mention web crawlers on here? Indexing servers (like Google) will hit a website over and over again looking for changes to catalog and add to their index.
Try adding a robots.txt to the root (http://www.robotstxt.org/robotstxt.html(
-
@jrc Don't I want the legit robots to hit my site and see that it's not running .netNuke anymore so the script kiddies will leave the site alone?