Author Topic: Very sudden "big" increase in visits to the board? (Read 1655 times)

Jill · « **on:** May 02, 2012, 05:52:38 PM »

Hi,
Thanks for any suggestions. Due to the topic of my board and that I am slowly rebuilding it after moving it the SMF until today the most people online at once was about 34. Out of the blue today it went over 95 so far with No new post etc. This has me concerned as a big increase in visitors on my last board over a few weeks turned out to be a hack and before long it was over loading the server at I power where I was hosting then and they shut down my board.

Jill

Kill Em All · « **Reply #1 on:** May 02, 2012, 06:38:57 PM »

Couple possibilities, most likely one would probably a DDoS attack.
http://en.wikipedia.org/wiki/Denial-of-service_attack - Wikipedia link if your interested.

Anyways, if you could find out the IP by looking through the logs, you could ask your webhost to block the offending IP(s).

Someone feel free to correct me if I'm wrong, its been awhile

Jill · « **Reply #2 on:** May 02, 2012, 06:47:18 PM »

Thank you Kill Em All, I think you are right and its a DDOS attack. I have been tracking the ISP and think I might know where its coming from. Is there anyway I can block this without my host doing it?

Jill

Old Fossil · « **Reply #3 on:** May 02, 2012, 06:50:27 PM »

Quick question if I may.

Jill do you have an antispam mod installed as yet?

MrPhil · « **Reply #4 on:** May 02, 2012, 07:40:22 PM »

These are "guests" browsing your forum? Be sure to check IP addresses (with whois) to see if these are various search engines that have finally found your forum and are simply indexing it.

If it's just one IP pounding on your forum, it could be a DoS attack, or it could be a bad search engine spider (I think Baidu has a bad reputation for things like this). Some spiders seem to get hung up on pages with forms (e.g., login required) and just sit there burning CPU cycles. Either way, you could put an IP block in your .htaccess file to keep the offender away:

Code: [Select]

# block by IP address
order allow,deny
# port scans on PC
deny from 121.12.118.162     <== change
allow from all

If it's really a severe pounding, you may want to inform your host, so they can put their own block in "further up the food chain" and decrease load on their internal networks. If it's a DDoS attack (many IP addresses attacking, too many for you to individually ban), your host may need to do something.

nend · « **Reply #5 on:** May 02, 2012, 08:44:00 PM »

Be aware though it could be honest visitors also, so be careful if you plan to do any blocking. It isn't unusual for me to get a few spikes from time to time, from being completely silent to over a hundred guest. I usually get this if I get a good listing in the search results or sometimes after someone has shared a topic to a social site.

What would really help you out figuring who it is in your logs. Good luck though.

Jill · « **Reply #6 on:** May 02, 2012, 09:08:03 PM »

Thanks for all the replies. I am taking what everyone is saying into consideration as all of you made very good points. I don't want to block an honest user and it could very well be the site is finally picking up in the search engines so going to just watch it for a day or more before to see what happens. I don't have a spam blocker on the boards. Can someone suggest a good one? Thanks again,

Jill

Old Fossil · « **Reply #7 on:** May 02, 2012, 09:09:13 PM »

Quote from: Jill on May 02, 2012, 09:08:03 PM

Jill

Have a look at my signature.

Jill · « **Reply #8 on:** May 02, 2012, 09:37:41 PM »

Thanks Old Fossil. Off to install it.

Old Fossil · « **Reply #9 on:** May 02, 2012, 09:39:07 PM »

Quote from: Jill on May 02, 2012, 09:37:41 PM

Thanks Old Fossil. Off to install it.

Screech if ya need any help.

News: