| Question: |
Zdravstvuydosvidaniya morning noticed that the site doesn`t open. Gives 508 misunderstanding in CPanel usage Statistics resourcesto процессов20 / 20 ( 100% ) Use процессора99 / 100 ( 99% )As you can see that gives this load |
| Question: |
Like understood, it was a lot of search queries from one IP address, put it in the black list |
| Answer: |
Hello. utochnyat this ip |
| Question: |
91.229.150.109 |
| Answer: |
Kazakhstan http://whatismyipaddress.com/ip/91.229.150.109 a lot of queries of the form like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=3 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=3 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=3 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 499 0 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=2 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"
91.229.150.109 - - [05/Aug/2017:06:49:23 +0300] \"GET /search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=1 HTTP/1.1\" 508 258 \"-\" \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\" |
| Question: |
Yes, it is Kazakhstan, Karaganda city.Very similar to vikasevicu website. or DDOSВозможно to include limiting the number of connections from a single IP address per minute? |
| Answer: |
unfortunately, no . But we can block |
| Question: |
I have already added this address to the black list in the panel of upravleniyami |
| Answer: |
ok
|
| Question: |
Good denine despite the fact that was created to lock in the file /public_html/.htaccessдля 91.229.150.109 ip queries with ip 91.229.150.109 go to the site and there is a load on hostingmodel Processes 20 / 20 ( 100% )CPU Usage is 99 / 100 ( 99% )is it Possible somehow to fix this situation? |
| Answer: |
Specify how you blocked the IP |
| Question: |
Via control panel -> Security -> Lock IP adreapol this at the end of the file .htaccess record was added to the deny from 91.229.150.109 |
| Answer: |
\"then at the end of the file .htaccess record was added to the deny from 91.229.150.109\" have You checked? You have a deny entry 91.229.150.109 and it`s not working. |
| Question: |
once removed the site from maintenance mode, the load increases the Number of Processes 20 / 20 ( 100% )CPU Usage is 99 / 100 ( 99% )in the logs of visitors are constantly present записи91.229.150.109/search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=309.08.17 at 8:410error 500GETHTTP/1.091.229.150.109/search?controller=search&orderby=position&orderway=desc&search_query=arduino&submit_search=409.08.17 at 8:410error 500GETHTTP/1.0 |
| Answer: |
have You checked the record? |
| Question: |
The entry is in the file .htaccess |
| Question: |
judging by the error log-----------------Wed Aug 09 08:50:57 2017] [error] [client 91.229.150.109] client denied by server configuration: /home/cubepvl/public_html/index.php[Wed Aug 08 09:50:57 2017] [error] [client 91.229.150.109] client denied by server configuration: /home/cubepvl/public_html/search-------------------like blocks |
| Answer: |
to allow access only from specific ip address: deny from redresses |
| Question: |
Yes it is this record and present |
| Answer: |
https://ru.wikibooks.org/wiki/Директивы_.htaccess Order Allow,Deny Allow from all Deny from 192.140.170.219 Deny from 10.10.220.201 |
| Question: |
Yes it is this схемаorder allow denyallow from alldeny from 91.229.150.109 |
| Answer: |
Yes, now the record is true |
| Answer: |
now That you are performing on the website? |
| Question: |
I even can not enter, issues a 508 error Resource Limit Is ReachedThe website is temporarily unable to service your request as it exceeded resource limit. Please try again later.in control panel all resources are CPU, Memory shows download 100% |
| Question: |
The number Процессов20 / 20 ( 100% )Use Процессора90 / 100 ( 90% )the Use of Physical Памяти701,97 MB / 1 GB ( 69% ) |
| Answer: |
Processes appear again. |
| Question: |
Yes, again |
| Answer: |
Your processes cubepvl 953530 4.8 0.1 445744 51520 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953596 4.8 0.1 445744 51440 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953650 4.8 0.1 445744 51472 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953713 4.8 0.1 445484 51408 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953822 4.8 0.1 445488 50888 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953868 4.8 0.1 445228 50952 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953919 4.8 0.1 445488 50796 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954010 4.8 0.1 445484 50776 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954097 4.8 0.1 444720 50432 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954141 4.7 0.1 444464 50348 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954228 4.6 0.1 444720 50408 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954428 4.7 0.1 443952 49812 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954485 4.5 0.1 443948 49800 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954585 4.5 0.1 442156 47880 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954648 4.1 0.1 440048 45564 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954739 4.0 0.1 438076 43592 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954795 3.5 0.1 429100 34484 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954844 3.3 0.0 421388 26624 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954915 2.0 0.0 315376 16308 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php check statistics in the control panel, which pages they go |
| Answer: |
Your processes cubepvl 953530 4.8 0.1 445744 51520 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953596 4.8 0.1 445744 51440 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953650 4.8 0.1 445744 51472 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953713 4.8 0.1 445484 51408 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953822 4.8 0.1 445488 50888 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953868 4.8 0.1 445228 50952 ? R 09:30 0:01 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 953919 4.8 0.1 445488 50796 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954010 4.8 0.1 445484 50776 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954097 4.8 0.1 444720 50432 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954141 4.7 0.1 444464 50348 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954228 4.6 0.1 444720 50408 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954428 4.7 0.1 443952 49812 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954485 4.5 0.1 443948 49800 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954585 4.5 0.1 442156 47880 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954648 4.1 0.1 440048 45564 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954739 4.0 0.1 438076 43592 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954795 3.5 0.1 429100 34484 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954844 3.3 0.0 421388 26624 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php
cubepvl 954915 2.0 0.0 315376 16308 ? R 09:30 0:00 /usr/bin/php /home/cubepvl/public_html/index.php check statistics in the control panel, which pages they go |
| Question: |
As far as I can see the request to the controller search prestashop56577 41,13% 6 Aug 17 07:30 /search |
| Answer: |
|
| Question: |
Now try the website for the maintenance of the supply and to disable the search on the site |
| Answer: |
I blocked the IP
ok |
| Question: |
Thank you. Removed from the site search capability. The website included. While remotetest assumptions where the Shoe pinches, but can not prove. |
| Answer: |
if you have any capodistria write the Internet or the hosting provider which is attack. usually go to the meeting in such matters |
| Question: |
Wrote twice, applied the logs, but this is Kazakhstan, then the providers are usually still the main thing that would pay, so I use hosting in Kazakhstan |
| Answer: |
write to the upstream providers. You have one or two which give the channel to other providers. |
| Answer: |
Clear. |
