My CPU spiking up

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Tue Nov 12, 2019 2:35 pm

You can use Cloudflare with shared hosting.

User avatar
david63
Registered User
Posts: 16820
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: My CPU spiking up

Post by david63 » Tue Nov 12, 2019 3:25 pm

And depending on your server setup you can even had firewall access on shared hosting
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

KYPREO
Registered User
Posts: 157
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: My CPU spiking up

Post by KYPREO » Wed Nov 13, 2019 12:24 am

3Di wrote:
Mon Nov 11, 2019 11:22 pm
I blocked in CPanel -> IP Blocker
those IPS (from China) as per the above links some week ago.

2019-11-12 00_17_48-cPanel - IP Blocker.png

Since then I haven't seen other issues.

Code: Select all

110.240.0.0/12 	110.240.0.0 	110.255.255.255 	
111.224.0.0/14 	111.224.0.0 	111.227.255.255 	
36.110.162.63 	36.110.162.63 	36.110.162.63
They've already moved to whole different IP ranges. I could sit here every day updating the IP ranges with new firewall rules. It's a game of whack-a-mole.
phpBB user since 2002
www.AusRotary.com

User avatar
3Di
Former Team Member
Posts: 14477
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: My CPU spiking up

Post by 3Di » Wed Nov 13, 2019 1:02 am

KYPREO wrote:
Wed Nov 13, 2019 12:24 am
They've already moved to whole different IP ranges. I could sit here every day updating the IP ranges with new firewall rules.
KYPREO wrote:
Wed Nov 13, 2019 12:24 am
Since then I haven't seen other issues.
I do have only those IPs blocked BTW.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
✒️ Black Friday 2019 @ The Studio ▪️◾️

User avatar
WelshPaul
Registered User
Posts: 360
Joined: Tue Aug 19, 2014 2:09 pm

Re: My CPU spiking up

Post by WelshPaul » Wed Nov 13, 2019 8:07 am

KYPREO wrote:
Wed Nov 13, 2019 12:24 am
3Di wrote:
Mon Nov 11, 2019 11:22 pm
I blocked in CPanel -> IP Blocker
those IPS (from China) as per the above links some week ago.

2019-11-12 00_17_48-cPanel - IP Blocker.png

Since then I haven't seen other issues.

Code: Select all

110.240.0.0/12 	110.240.0.0 	110.255.255.255 	
111.224.0.0/14 	111.224.0.0 	111.227.255.255 	
36.110.162.63 	36.110.162.63 	36.110.162.63
They've already moved to whole different IP ranges. I could sit here every day updating the IP ranges with new firewall rules. It's a game of whack-a-mole.
viewtopic.php?f=64&t=2529326&start=15#p15360411

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3398
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: My CPU spiking up

Post by thecoalman » Wed Nov 13, 2019 4:29 pm

nl2dav wrote:
Tue Nov 12, 2019 2:53 am
I don't like Cloudflare besides Apache has a mod_geoip module and if this is installed/activated then you can use this;
Three points. With Cloudflare the traffic never makes it to the server so you have no resources expended blocking requests. With Cloudflare the Country code blocks are going to up date and very accurate. Thirdly you don't necessarily need to block them, I'm using the JSCahellege for these countries and it's successfully blocking the bots. If there is any legitimate users they should be able to get through and it's pretty seamless.

FYI, Cloudflare passes the country code in the header and some other information if you wanted to further handle things server side.

There is a tremendous amount tools available and if you leverage them there is a lot of things you can do. For example ports 80 and 443 are firewalled except for Cloudflare IP's. Bots randomly hitting IP's are blocked, it's a joy to look at the log. :D

It can also be integrated with CSF/LFD through their API. If someone wanted to write an extension you could actually ban IP's through phpBB's ACP.

It's not for everyone and does require work especially if you want to do some of the more advanced things. First and foremost you need to have mod_cloudlfare installed or <I forget the name of it> that will pass the real IP to Apache other wise you end up seeing CF IP's for users and in logs.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3398
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: My CPU spiking up

Post by thecoalman » Wed Nov 13, 2019 4:34 pm

P_I wrote:
Tue Nov 12, 2019 3:36 am
Would it make sense to add all of these to ACP->Spiders/Robots so that rather than multiple sessions for each, they'd be somewhat managed?
To some degree but you are still utilizing resources, the scripts still need to execute and they are presented with "you are not authorized" or whatever. Blocking them at the firewall level even consumes resources however that is very big step up from scripts. If you are utilizing Cloudflare there in no resources expended becaue the request never makes it to your server.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

KYPREO
Registered User
Posts: 157
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: My CPU spiking up

Post by KYPREO » Wed Nov 13, 2019 9:19 pm

Yes I was making the same point albeit in an indirect way.
thecoalman wrote:
Wed Nov 13, 2019 4:29 pm
*snip*.
Yes, although I have not enabled it yet, Cloudflare set looks extremely easy. In addition to the methods you listed, It also allows other strategies, like rate limiting, to prevent aggressive crawling/brute force log-in attempts etc, although this feature appears to be free only up to 10,000 "good" (ie non-blocked) connections per month.
phpBB user since 2002
www.AusRotary.com

User avatar
JLA
Registered User
Posts: 515
Joined: Tue Nov 16, 2004 5:23 pm
Location: USA
Name: JLA FORUMS
Contact:

Re: My CPU spiking up

Post by JLA » Fri Nov 15, 2019 10:27 pm

You can write some php scripts that monitor traffic and browsing patterns normal for your site/platform which will then automatically initiate blocks dynamically which should kill most malicious bots and users. Makes a huge difference. A good alternate solution if you do not have the budget for a commercial problem solver.
Last edited by JLA on Fri Nov 15, 2019 10:30 pm, edited 1 time in total.

User avatar
JLA
Registered User
Posts: 515
Joined: Tue Nov 16, 2004 5:23 pm
Location: USA
Name: JLA FORUMS
Contact:

Re: My CPU spiking up

Post by JLA » Fri Nov 15, 2019 10:29 pm

dup

nl2dav
Registered User
Posts: 105
Joined: Tue Jun 25, 2002 10:39 pm
Location: NOP, The Netherlands
Contact:

Re: My CPU spiking up

Post by nl2dav » Mon Nov 18, 2019 12:14 am

thecoalman wrote:
Wed Nov 13, 2019 4:29 pm
nl2dav wrote:
Tue Nov 12, 2019 2:53 am
I don't like Cloudflare besides Apache has a mod_geoip module and if this is installed/activated then you can use this;
Three points.
One points;
Cookies and Other Tracking Technologies. We may use cookies and other information-gathering technologies for a variety of purposes, such as providing us with information about how you interact with our Websites and assisting us in our marketing efforts. You can control how websites use cookies by configuring your browser's privacy settings (please refer to your browser's help function to learn more about cookie controls). Note that if you disable cookies entirely, Cloudflare’s Websites may not function properly. We may also use cookies and similar technologies to provide you advertising on third-party sites based upon your browsing activities and interests. If you wish not to have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, the United Kingdom, or Switzerland, click here). For more information about the cookies Cloudflare uses and your privacy choices, please see our Cookie Policy.
Don't need to have another American company tracking the internet. All benefits have it's downsides. If something is free, wonder why it's free.

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3398
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: My CPU spiking up

Post by thecoalman » Mon Nov 18, 2019 1:23 am

You are quoting from the policy for their own site. CF does set a cookie for proxied domains but it's used for their services. e.g. if the site is under DDOS attack and a user passes JSchallenge they just allow the traffic through for X amount of time based on the cookie. Note the CF cookie is set by your domain, not CF.
If something is free, wonder why it's free.
I have paid plan mostly because that guarantees they will back my site during a DDOS no matter the duration or size. Their paid services can get expensive, second to top tier is hundreds per month. Top tier is by quote. It's large global company that handles about 10% or the worlds internet traffic.

Dealing with them is really no different than dealing with your host. Privacy issues are the same.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

User avatar
P_I
Registered User
Posts: 955
Joined: Tue Mar 01, 2011 8:35 pm
Location: Calgary
Contact:

Re: My CPU spiking up

Post by P_I » Wed Dec 04, 2019 10:58 pm

WelshPaul wrote:
Mon Nov 11, 2019 10:32 pm
Nick225 wrote:
Mon Nov 11, 2019 10:28 pm
I enter the IP 159.138* and I keep getting an error message that No IP as been provided.
I tried 159.138.* and still the same error. Doesn't go through. the only way to work is to enter the entire IP.
But there are tons of them starting with that string, with agents looking like this:

Code: Select all

Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv) AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138 Mobile Safari/537.36 Mb2345Browser/9.0
that's weird
Ahhh Mb2345Browser bot! I was hit by that one last week!

https://www.johnlarge.co.uk/blocking-ag ... pers-bots/
Blog post wrote:I broke down the user agents above & added a new rule to my root .htaccess file as follows:-

Code: Select all

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} Mb2345Browser|LieBaoFast|zh-CN|MicroMessenger|zh_CN|Kinza [NC]
RewriteRule ^ - [F,L]
Worked for me.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

KYPREO
Registered User
Posts: 157
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: My CPU spiking up

Post by KYPREO » Wed Dec 04, 2019 11:13 pm

P_I wrote:
Wed Dec 04, 2019 10:58 pm
Worked for me.
Worked for me too. Mb2345Browser and zh-cn seemed to be the biggest culprits for me.
phpBB user since 2002
www.AusRotary.com

Post Reply

Return to “phpBB Discussion”