[Solved] Web site suspended for high load

[dahuhunter]

I see that my web site has been suspended for high load.

could you please check what is the issue that caused it and how to reactivate it?

 

dahuhunter.heliohost.org

 

thank you

Anna 

[Unknown025]

I have unsuspended your account, it should start working again shortly. I don't know the reason as to why your account was suspended for high load, so I've escalated your thread so an administrator can provide some insight.

[dahuhunter]

Thank you. Please keep me informed if there is any issue.

[Krydos]

15 hours ago, dahuhunter said:

could you please check what is the issue

Are you visiting your own site 38k times per day, or do you think that some of these IP addresses might be bots? You might want to block some of these IPs if you want to reduce the load your website causes.

    439 35.183.70.152
    463 66.249.68.1
    477 209.38.128.20
    527 52.167.144.167
    547 157.55.39.58
    859 199.47.82.21
    860 199.47.82.20
   1332 199.47.82.19
   1527 216.244.66.232
   1927 66.249.68.71
   2038 199.47.82.18
   3485 143.110.228.131
   5467 66.249.68.70
  38373 66.249.68.69

 

[dahuhunter]

Good morning, 

According to Google Analytics, I had maximum 21-28 visitors per day, mostly from Switzerland, Russia and Ukraine.

I agree that these IP addresses look suspicious.

Please explain how I can block them. Is there an option on Heliohost?

 

Thank you.

Anna

[wolstech]

The easiest way to block these is to use Deny statements in .htaccess.

Also, those 66.249. addresses with 38k and 5k hits is actually Googlebot of all things...

[dahuhunter]

If these bots are used for Internet references, there may be no need to block them?

[wolstech]

Theres a need to block them if they’re causing too much load.

We don’t exempt load caused by bot traffic, so letting them scrape an inefficient site will get you suspended. Get suspended 3 times for load with no indication you’re trying to fix it, and you may get banned.

The fix is to stop the scraping or make the site more efficient.

For google specifically, you could put a robots.txt that tells it not to index parts or any of your site (with the obvious result that you won’t be found on google). Many other bots don’t honor it though.

[dahuhunter]

Could you please indicate why you are recommending to use a robots.txt file ? Of course, I am interested to be found easily on Google in order to have more visitors (human, not bots), thereby I use keywords. I guess that this solution is not reasonable.

Among 14 IP addresses, which one do you recommend to block ? 

I went on heliohost.org but do not find any file named .htaccess. Could you please indicate where I have to go and where Deny statements are to be found ?

[wolstech]

The .htaccess file goes in your httpdocs folder. If it doesn't exist, you can just create it. If it does exist, simply add to the bottom.

The deny statements themselves are pretty simple:

Deny from 143.110.228.131

Or you can do a subnet or wild card:

Deny from 143.110.228.0/24

Deny from 143.110.228.*

(Both are identical, blocks 143.110.228.[0 - 255])...

[Krydos]

3 hours ago, dahuhunter said:

Could you please indicate why you are recommending to use a robots.txt file ?

Good bots check your robots.txt file and abide by the rules in it.

3 hours ago, dahuhunter said:

Of course, I am interested to be found easily on Google in order to have more visitors (human, not bots), thereby I use keywords. I guess that this solution is not reasonable.

We received 785401 page hits to our website on 2024-10-22 and 25 of them were from Google when we have a properly configured robots.txt file published. There is no reason Google should need to visit your website 46230 times in a single day unless you've got something seriously misconfigured.

3 hours ago, dahuhunter said:

I went on heliohost.org but do not find any file named .htaccess. Could you please indicate where I have to go and where Deny statements are to be found ?

Create the file and put it in httdocs.

[dahuhunter]

Hello, I noticed a lot of strange PHP files were loaded on my web site that I erased. But I am not able to see the 785401 hits in Google Analytics unfortunately.

I created a file public_html.htaccess and uploaded it in httpdocs (and not WWW), as you said. Does it seem correct to you?

Order Deny,Allow
Deny from 35.183.70.152 
Deny from 209.38.128.20 
Deny from 52.167.144.167 
Deny from 157.55.39.58 
Deny from 199.47.82.21 199.47.82.20 199.47.82.19 
Deny from 216.244.66.232 
Deny from 199.47.82.18 
Deny from 143.110.228.131
Allow from all

I excluded the IP adresses marked as Googlebots, as they should be harmless.  

Is anything else I could do?

[wolstech]

Quote

I noticed a lot of strange PHP files were loaded on my web site that I erased

Something on your account has a security vulnerability. This is what happens when a hacker gets in. WordPress is the most common cause, but plenty of other software also has vulnerabilities...

You'll need to update and/or reinstall whatever software you use on your account. Be aware that if a hacker decides to use the account to do something like set up a phishing site or send spam, the account may get banned for the hackers activity and you'll be forced to start over.

[dahuhunter]

I changed the password.

My web site is managed via Visual Studio Code and the files are uploaded fia FTP. I do not use WordPress.

Do you recommend me to block the last IP address ?

38373 66.249.68.69

It seems to be Googlebot.

[Krydos]

12 hours ago, dahuhunter said:

I noticed a lot of strange PHP files were loaded on my web site that I erased.

If your account has been hacked we recommend doing a full reset. Just deleting a few files that the hacker uploaded is unlikely to fix whatever vulnerability they used to upload the files in the first place.