doushenjia8514 2015-12-14 17:10
浏览 47
已采纳

大量的网站访问和高CPU

My joomla website has very high CPU every day. I found out that there are a lot of visits, more than 3000 visits every day. Something is wrong here because site should not have more than 0-20 visits per day.

I found this in awstats log:

# Date - Pages - Hits - Bandwidth - Visits
BEGIN_DAY 14
20151201 15852 17029 197633349 3527
20151202 15879 16628 189354910 3741
20151203 15854 16728 190080460 3837
20151204 15073 16174 186079195 3455
20151205 13963 14918 175485372 3465
20151206 13200 13817 159671819 3249
20151207 17705 19013 222024412 3309
20151208 13377 14236 168566817 3435
20151209 11851 13306 171561768 3186
20151210 11395 12301 153213055 3248
20151211 14036 15024 182711032 3669
20151212 11846 12394 149109648 3309
20151213 13309 14113 174190207 3365
20151214 9275 9904 125783186 2221
END_DAY

So, what is going here ?

How to solve this problem of so many unwanted visits ?

Edit:

Now I also checked access_log and most of the requests are "GET /login?view=registration&layout=complete HTTP/1.1"

Also when I login as aministrator, I get 404 Component not found.

Edit2:

Now I finally could login to joomla and I saw that there are about 30000 created users, a lot of them have "xxx" in name.

  • 写回答

2条回答 默认 最新

  • duanchuiwen6694 2015-12-14 18:21
    关注

    If I look at those numbers they don't indicate legitimate traffic. For example take the rounded daily figures of
    16,000 pages
    17,000 hits
    3,500 visits

    Since every image, css file and JS file on a given page will count as a hit, there's no way that you could have 16,000 pages with only 17,000 hits. Ball park figures for this would be that one page might have 20+ hits.

    • perhaps AWStats is wonky, have you compared your stats against Google Analytics

    • perhaps your site is being attacked or someone else is hot linking to assets on your site. visitor IP might give you some leads here.

    • you mention that CPU is high, and this could be related to an attack. Are you able to SSH to your site? Using top or htop could show if some scripts or database calls are being abused

    • perhaps your site is infected (hopefully not though!)

    But how could I protect or defense against it ?

    Without knowing more it would be just guesswork and speculation on my part. See what you can find out by examining your site logs. SSH to your site then run HTOP and sort by CPU and identify what's using your resources. Another possibility is https://watchful.li . Get a trial account and run a free site audit and malware scan.

    If you can get a handle on the source of the problem it will be easier to figure out how to proceed. Maybe you will have identified file perission problems, a database issue, or infected files, maybe the problem is coming from a specific IP and you could block them with htaccess or Akeeba Admin Tools. I've had good success using the built in security features of CloudFlare as well.

    Hope this is helpful!

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算