My CPU spiking up

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Mon Nov 11, 2019 10:32 pm

You're wasting your time trying to block IP addresses. Those bots use thousands of different machines all with different ip ranges! You'd be better off blocking by country as a temporary measure!

User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Mon Nov 11, 2019 10:32 pm

Nick225 wrote:
Mon Nov 11, 2019 10:28 pm
I enter the IP 159.138* and I keep getting an error message that No IP as been provided.
I tried 159.138.* and still the same error. Doesn't go through. the only way to work is to enter the entire IP.
But there are tons of them starting with that string, with agents looking like this:

Code: Select all

Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv) AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138 Mobile Safari/537.36 Mb2345Browser/9.0
that's weird
Ahhh Mb2345Browser bot! I was hit by that one last week!

https://www.johnlarge.co.uk/blocking-ag ... pers-bots/

User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Mon Nov 11, 2019 10:36 pm

These are the one's doing the rounds at present:
  • Mb2345Browser
  • LieBaoFast
  • MicroMessenger
  • Kinza
  • Mozilla/5.0(Linux;U;Android 5.1.1;zh-CN;OPPO A33 Build/LMY47V) AppleWebKit/537.36(KHTML,like Gecko) Version/4.0 Chrome/40.0.2214.89 UCBrowser/11.7.0.953 Mobile Safari/537.36
I was hit by 98,000 different IP's all coming from those user agents!

KYPREO
Registered User
Posts: 162
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: My CPU spiking up

Post by KYPREO » Mon Nov 11, 2019 10:36 pm

Nick225 wrote:
Mon Nov 11, 2019 10:28 pm
I enter the IP 159.138* and I keep getting an error message that No IP as been provided.
I tried 159.138.* and still the same error. Doesn't go through. the only way to work is to enter the entire IP.
But there are tons of them starting with that string, with agents looking like this:

Code: Select all

Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv) AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138 Mobile Safari/537.36 Mb2345Browser/9.0
that's weird
These are the same Chinese bots attacking everyone's boards at the moment.

There is a write-up here on blocking them based on use of unusual browsers: https://www.johnlarge.co.uk/blocking-ag ... pers-bots/ this won't get them all but it's a start. Ultimately, I think sticking your site behind Cloudflare is the best option to stop this as you can shut out bots or entire countries without impacting on your server by imposing IP or user agent blocks.
phpBB user since 2002
www.AusRotary.com

User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Mon Nov 11, 2019 10:41 pm

KYPREO wrote:
Mon Nov 11, 2019 10:36 pm
I think sticking your site behind Cloudflare is the best option
EXACTLY!

Blocking via htaccess will still use up server resources. You need to block these bots from hitting your server to start with! Your host should have a firewall in place where you can can block these bots before they reach the server.

Nick225
Registered User
Posts: 126
Joined: Sat Nov 24, 2018 7:48 pm

Re: My CPU spiking up

Post by Nick225 » Mon Nov 11, 2019 10:47 pm

Thank you guys for your input.
These bots are annoying.

User avatar
3Di
Former Team Member
Posts: 14487
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: My CPU spiking up

Post by 3Di » Mon Nov 11, 2019 11:22 pm

I blocked in CPanel -> IP Blocker
those IPS (from China) as per the above links some week ago.
2019-11-12 00_17_48-cPanel - IP Blocker.png
2019-11-12 00_17_48-cPanel - IP Blocker.png (11.5 KiB) Viewed 455 times
Since then I haven't seen other issues.

Code: Select all

110.240.0.0/12 	110.240.0.0 	110.255.255.255 	
111.224.0.0/14 	111.224.0.0 	111.227.255.255 	
36.110.162.63 	36.110.162.63 	36.110.162.63
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
✒️ Black Friday 2019 @ The Studio ▪️◾️

Nick225
Registered User
Posts: 126
Joined: Sat Nov 24, 2018 7:48 pm

Re: My CPU spiking up

Post by Nick225 » Mon Nov 11, 2019 11:23 pm

Great.. I will update my Cpanel

Nick225
Registered User
Posts: 126
Joined: Sat Nov 24, 2018 7:48 pm

Re: My CPU spiking up

Post by Nick225 » Tue Nov 12, 2019 12:04 am

And the site is back to its normal load again.
Thank you guys... You support was simply generous. !!!!!

nl2dav
Registered User
Posts: 105
Joined: Tue Jun 25, 2002 10:39 pm
Location: NOP, The Netherlands
Contact:

Re: My CPU spiking up

Post by nl2dav » Tue Nov 12, 2019 2:53 am

KYPREO wrote:
Mon Nov 11, 2019 10:36 pm
Ultimately, I think sticking your site behind Cloudflare is the best option to stop this as you can shut out bots or entire countries without impacting on your server by imposing IP or user agent blocks.
I don't like Cloudflare besides Apache has a mod_geoip module and if this is installed/activated then you can use this;

Code: Select all

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(AF|PK|IN|TW|CN)$
RewriteRule ^.* - [F,L]
to easily say goodbye to countries. Note though; GeoIP/Maxmind stopped updating their old IP database format since the beginning of this year. Its now geoIP2 but not bothered yet to install this new version.

User avatar
P_I
Registered User
Posts: 959
Joined: Tue Mar 01, 2011 8:35 pm
Location: Calgary
Contact:

Re: My CPU spiking up

Post by P_I » Tue Nov 12, 2019 3:36 am

WelshPaul wrote:
Mon Nov 11, 2019 10:36 pm
These are the one's doing the rounds at present:
  • Mb2345Browser
  • LieBaoFast
  • MicroMessenger
  • Kinza
  • Mozilla/5.0(Linux;U;Android 5.1.1;zh-CN;OPPO A33 Build/LMY47V) AppleWebKit/537.36(KHTML,like Gecko) Version/4.0 Chrome/40.0.2214.89 UCBrowser/11.7.0.953 Mobile Safari/537.36
I was hit by 98,000 different IP's all coming from those user agents!
Would it make sense to add all of these to ACP->Spiders/Robots so that rather than multiple sessions for each, they'd be somewhat managed?
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

User avatar
david63
Registered User
Posts: 16845
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: My CPU spiking up

Post by david63 » Tue Nov 12, 2019 6:57 am

P_I wrote:
Tue Nov 12, 2019 3:36 am
Would it make sense to add all of these to ACP->Spiders/Robots so that rather than multiple sessions for each, they'd be somewhat managed?
It certainly would not do any harm but it will not stop the problem as they will still be accessing your board. These types of bots need stopping at server level (or before)
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Tue Nov 12, 2019 8:28 am

P_I wrote:
Tue Nov 12, 2019 3:36 am
Would it make sense to add all of these to ACP->Spiders/Robots so that rather than multiple sessions for each, they'd be somewhat managed?
I have an extensive list of bots in the ACP->Spiders/Robots section on my board, in this case though, no.

At one point I had over 4,000 guests online. Adding the bots I mention above to the ACP->Spiders/Robots would still result in 4,000+ page loads although in this instance the page loads would be telling the bot to go away. This results in server resources still being used (although nowhere near as much).

IMHO you need to treat these as you would if it were a DDOS attack and stop them from ever reaching the server to begin with.

nl2dav
Registered User
Posts: 105
Joined: Tue Jun 25, 2002 10:39 pm
Location: NOP, The Netherlands
Contact:

Re: My CPU spiking up

Post by nl2dav » Tue Nov 12, 2019 10:36 am

nl2dav wrote:
Tue Nov 12, 2019 2:53 am
Its now geoIP2 but not bothered yet to install this new version.
To react to myself... Don't need to be bothered to install new libs. Just convert new database format to the old one. Someone already is doing that;
https://www.miyuru.lk/geoiplegacy (with a Python script; https://github.com/sherpya/geolite2legacy ).. Excellent!

User avatar
P_I
Registered User
Posts: 959
Joined: Tue Mar 01, 2011 8:35 pm
Location: Calgary
Contact:

Re: My CPU spiking up

Post by P_I » Tue Nov 12, 2019 1:20 pm

david63 wrote:
Tue Nov 12, 2019 6:57 am
These types of bots need stopping at server level (or before)
WelshPaul wrote:
Tue Nov 12, 2019 8:28 am
IMHO you need to treat these as you would if it were a DDOS attack and stop them from ever reaching the server to begin with.
I've understood this from the beginning but for those of us on shared hosting plans our options are limited on how to stop them early.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

Post Reply

Return to “phpBB Discussion”