vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   Heavy hitting IP (https://vborg.vbsupport.ru/showthread.php?t=324166)

X-or 01-10-2017 03:46 PM
Heavy hitting IP
 
hello I would like to know how to handle certain heavy hitting IP

once in a while I look at the awstats logs and find some abnormally heavy hitting IPs
for example
Code:
ip68-231-211-53.oc.oc.cox.net        81 921        82 470        52.79 Mo        10 Jan 2017 - 07:48
c-5eeaaa91-74736162.cust.telenor.se        59 983        61 441        107.82 Mo        10 Jan 2017 - 03:41
Not only the page views are abnormally high for a single individual but the page/hit ratio is also abnormal

I don't think it is a ddos attack because I have ddos protection, I assume this activity is the result of some kind of script, not sure if malicious or not

I have two questions :
1. should I ban these IP
2. is there a way to automatically detect this kind of activity and ban the offenders?

Dave 01-10-2017 03:51 PM
It could be a crawler or someone running a script, hard to tell. If you have access to your access logs then you should filter it by those IP addresses and see what they are doing.

To answer your questions:
1. You could if you think it's fishy, but you don't know whether they have a dynamic or static IP. Banning dynamic IP addresses is pretty much useless.
2. It depends on what they are doing. If it's a flood then your DDoS protection should block it. It's hard to tell from our position. Check your access logs and find out what it's doing.

Dave 01-10-2017 04:05 PM
You could ask those members what they are doing and tell them to stop.
Worst case scenario, ask your host to tweak your settings or implement a JavaScript check screen. CloudFlare does this to prevent attacks or to lower impact on the server since bots usually don't have JavaScript support.

Dave 01-10-2017 04:19 PM
It checks whether the user has JavaScript enabled. You can't implement it, it has to be enabled by your host but not all hosting companies provide such feature.

Dave 01-10-2017 04:39 PM
Alternative? Use CloudFlare, Incapsula or Securi.
They all provide website and DDoS protection services which all only require a change to your domain its name-servers.

Paul M 01-10-2017 04:40 PM
What problem is it actually causing you ?

Dave 01-10-2017 05:09 PM
Then I'm afraid there are no other options. The traffic you don't want to be reaching your server has to be stopped before it even reaches your server/network.

A PHP script will not help you with that since it will be hitting that PHP script and still cause "load" on your server. Then you have to figure out the patterns of those bots and make rules in the PHP script that block these requests.

Paul M 01-10-2017 07:37 PM
Quote:
Originally Posted by X-or (Post 2580675)
Not entirely sure
The might I suggest you stop worrying about a problem you dont have. ;)


Quote:
Originally Posted by X-or (Post 2580675)
but sometimes my sites are kind of slow, despite having enough power to deal with the traffic
Which seems contradictory, but many things can make a site seem slow at times, many having nothing to do with the site itself.

You seem to be inventing an issue where you have no actual proof there is a problem.


All times are GMT. The time now is 01:54 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00935 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete