A Small Orange - bandwidth limit exceded
-
@IRJ said in A Small Orange - bandwidth limit exceded:
Are you still getting constant hits on the admin page?
I renamed the admin page with the plug in. I'm still getting hammered, but I don't understand how. The bandwidth hasn't gone down since I went to CloudFlare or renamed the admin page. What should I look at next?
-
Does CloudFlare show the bandwidth the same? Maybe because you exposed your IP it is being hit directly for some reason?
-
yes, CloudFlare shows the bandwidth the same:
-
I wonder why the cache is getting so little.
-
Maybe I should put ads on the page. That seems to drive people away... Seriously, Total Unique Visitors Last 24 Hours: 2,763 If it was an attack, it would seem to be distributed.
-
Maybe there is some bizarre SEO on your page leading people there? Maybe the IP address was used for something else before?
-
Fire up Google Analytics and look for traffic source info.
-
Giving my next question it's own thread:
https://mangolassi.it/topic/13548/add-google-analytics-to-wordpress
(add Google Analytics to Wordpress?) -
I added Google Analytics. I can see when I hit the page, it says 1 active session. Otherwise it's sitting at 0 active sessions. -Which is what I expect for this seldom used site. However, Cloudflare and A Small Orange insist I'm getting 200+ unique visitors an hour. Where do I go next?
-
That suggests it isn't picking up the JavaScript. It's a bot of some sort.
-
Have you looked into WordFence?
-
If they are bots, Wordfence has an option to automatically block "fake Google crawlers" found under Wordfence -> Firewall -> Rate Limiting. Wordfence is free for many of it's features but also offers some premium features for paid option.
Something else to watch for is, I noticed that Google crawlers were going ape$hit for a while crawling a couple sites I manage to the tune of hundreds of pages per day. That's since calmed down though. Right around the time I submitted a sitemap to Google Search Console.
-
@Danp said in A Small Orange - bandwidth limit exceded:
Have you looked into WordFence?
Thanks for the tip. WordFence was the first thing to let me see what's going on. The live view feature let me see the requests and where they are coming from. Mostly it's IPs from all over the world that are trying to pull up admin and register pages that don't exist.
I let it run for a few hours and it didn't put a dent in the traffic, so I just tweaked some of the settings so that it will start blocking after 20 failed attempts for different things. We'll see how it looks tomorrow.
-
@NashBrydges said in A Small Orange - bandwidth limit exceded:
If they are bots, Wordfence has an option to automatically block "fake Google crawlers" found under Wordfence -> Firewall -> Rate Limiting. Wordfence is free for many of it's features but also offers some premium features for paid option.
They are bots. When I adjust the filter to "humans" it shows no hits. I turned on the "fake google crawler" rule. We'll see what it looks like tomorrow.
-
After 2 minutes I've had to turn off "Alert when an IP address is blocked".
-
Those changes didn't make a dent in the traffic. I set WordFence to block bots after 1 404 error. We'll see what that does.
-
That's so crazy that you are getting SO much traffic.
-
I have to wonder if I should just move to a new host or something. I can't explain why they are pounding on my site so hard.
-
What are they trying to do when they call the: http://www.domainname.com/?ctl=register page?
-
I think I may have figured it out. The site used to be hosted on an IIS box running .net nuke. .net nuke was vulnerable to users registering themselves and creating a link back to their page. (link juice for SEO optimization) It seems that after I moved the site, they are still trying to hack the registration from when the site was on DNN.
I just updated wordFence to block on the url "/?ctl=register" and /*/Default.aspx so now it's blocking most attempts.
