Thread subject: Diptera.info :: Sluggish site

Posted by Paul Beuk on 03-09-2019 13:57
#1

You have all been very nice not to nag me about the sluggishness fo the site in the recent period. I posted a short message about this in the shoutbox but will make a more formal post now.

The sluggishness is partly due to frequent attampts to hack the site. There are attempts to run code on the site or to upload or install rogue scripts first. Hackers try to run non-existing scripts or abuse existing scripts to gain access to the server. Especially when they try to abuse existing scripts it can lead to a heavy load on the server when it tries to execute them as genuine queries. Compare it to asking the finance department for a copy of invoice 876-7656-B15 while it does not exist. The finance department has no reason to assume it does not exist and soon everyone is searching for the original, at the same time dropping their regular work. That is when you have to wait and wait and wait for the department to resume their ordinary duties. [In the past the site was similarly slow when searchbots tried to index the site from garbled links.]

I have looked through the server's access log of the last 24 hours and have indentified more than 20 attempts to hack the server. One of these was a very serious attempt, lasting almost three mintes, several others were shorter script that were run to test the server for vulnerabilities. All the relevant IP's were blacklisted. IOn addition to these more that 20 IP's there were more that 50 probes to see if the site ran on one or other version of wordpress (which it does not). Luckily these probes were limited to just one or two requests that were not satisfactorily answered and the probes stopped.

While wading through the log I stumbled accross some strange page requests which I assume for now have to to with attempts to spam the site. These requests used the same method as described above ('the copy of the non-existing invoice method') and I expect that those requests also slowed the site down quite frequently. The culprit's IP's were also blacklisted.

I will scan the log frequently now, especially when I notice the site is sluggish. Hopefully I can keep the inconvenience cause by these rogue visitors limited.