The Arcive of Official vBulletin Modifications Site.

X-or · #1 01-10-2017, 03:46 PM

hello I would like to know how to handle certain heavy hitting IP

once in a while I look at the awstats logs and find some abnormally heavy hitting IPs
for example

Code:

ip68-231-211-53.oc.oc.cox.net	81 921	82 470	52.79 Mo	10 Jan 2017 - 07:48
c-5eeaaa91-74736162.cust.telenor.se	59 983	61 441	107.82 Mo	10 Jan 2017 - 03:41

Not only the page views are abnormally high for a single individual but the page/hit ratio is also abnormal

I don't think it is a ddos attack because I have ddos protection, I assume this activity is the result of some kind of script, not sure if malicious or not

I have two questions :
1. should I ban these IP
2. is there a way to automatically detect this kind of activity and ban the offenders?

Dave · #2 01-10-2017, 03:51 PM

It could be a crawler or someone running a script, hard to tell. If you have access to your access logs then you should filter it by those IP addresses and see what they are doing.

To answer your questions:
1. You could if you think it's fishy, but you don't know whether they have a dynamic or static IP. Banning dynamic IP addresses is pretty much useless.
2. It depends on what they are doing. If it's a flood then your DDoS protection should block it. It's hard to tell from our position. Check your access logs and find out what it's doing.

Dave · #3 01-10-2017, 04:05 PM

You could ask those members what they are doing and tell them to stop.
Worst case scenario, ask your host to tweak your settings or implement a JavaScript check screen. CloudFlare does this to prevent attacks or to lower impact on the server since bots usually don't have JavaScript support.

Dave · #4 01-10-2017, 04:19 PM

It checks whether the user has JavaScript enabled. You can't implement it, it has to be enabled by your host but not all hosting companies provide such feature.

Dave · #5 01-10-2017, 04:39 PM

Alternative? Use CloudFlare, Incapsula or Securi.
They all provide website and DDoS protection services which all only require a change to your domain its name-servers.

Paul M · #6 01-10-2017, 04:40 PM

What problem is it actually causing you ?

Dave · #7 01-10-2017, 05:09 PM

Then I'm afraid there are no other options. The traffic you don't want to be reaching your server has to be stopped before it even reaches your server/network.

A PHP script will not help you with that since it will be hitting that PHP script and still cause "load" on your server. Then you have to figure out the patterns of those bots and make rules in the PHP script that block these requests.

Paul M · #8 01-10-2017, 07:37 PM

Quote:

Originally Posted by X-or

Not entirely sure

The might I suggest you stop worrying about a problem you dont have.

Quote:

Originally Posted by X-or

but sometimes my sites are kind of slow, despite having enough power to deal with the traffic

Which seems contradictory, but many things can make a site seem slow at times, many having nothing to do with the site itself.

You seem to be inventing an issue where you have no actual proof there is a problem.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04500 seconds Memory Usage 2,223KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_code (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (8)postbit_onlinestatus (8)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!