doushenjia8514 2015-12-14 17:10
浏览 47
已采纳

大量的网站访问和高CPU

My joomla website has very high CPU every day. I found out that there are a lot of visits, more than 3000 visits every day. Something is wrong here because site should not have more than 0-20 visits per day.

I found this in awstats log:

# Date - Pages - Hits - Bandwidth - Visits
BEGIN_DAY 14
20151201 15852 17029 197633349 3527
20151202 15879 16628 189354910 3741
20151203 15854 16728 190080460 3837
20151204 15073 16174 186079195 3455
20151205 13963 14918 175485372 3465
20151206 13200 13817 159671819 3249
20151207 17705 19013 222024412 3309
20151208 13377 14236 168566817 3435
20151209 11851 13306 171561768 3186
20151210 11395 12301 153213055 3248
20151211 14036 15024 182711032 3669
20151212 11846 12394 149109648 3309
20151213 13309 14113 174190207 3365
20151214 9275 9904 125783186 2221
END_DAY

So, what is going here ?

How to solve this problem of so many unwanted visits ?

Edit:

Now I also checked access_log and most of the requests are "GET /login?view=registration&layout=complete HTTP/1.1"

Also when I login as aministrator, I get 404 Component not found.

Edit2:

Now I finally could login to joomla and I saw that there are about 30000 created users, a lot of them have "xxx" in name.

  • 写回答

2条回答 默认 最新

  • duanchuiwen6694 2015-12-14 18:21
    关注

    If I look at those numbers they don't indicate legitimate traffic. For example take the rounded daily figures of
    16,000 pages
    17,000 hits
    3,500 visits

    Since every image, css file and JS file on a given page will count as a hit, there's no way that you could have 16,000 pages with only 17,000 hits. Ball park figures for this would be that one page might have 20+ hits.

    • perhaps AWStats is wonky, have you compared your stats against Google Analytics

    • perhaps your site is being attacked or someone else is hot linking to assets on your site. visitor IP might give you some leads here.

    • you mention that CPU is high, and this could be related to an attack. Are you able to SSH to your site? Using top or htop could show if some scripts or database calls are being abused

    • perhaps your site is infected (hopefully not though!)

    But how could I protect or defense against it ?

    Without knowing more it would be just guesswork and speculation on my part. See what you can find out by examining your site logs. SSH to your site then run HTOP and sort by CPU and identify what's using your resources. Another possibility is https://watchful.li . Get a trial account and run a free site audit and malware scan.

    If you can get a handle on the source of the problem it will be easier to figure out how to proceed. Maybe you will have identified file perission problems, a database issue, or infected files, maybe the problem is coming from a specific IP and you could block them with htaccess or Akeeba Admin Tools. I've had good success using the built in security features of CloudFlare as well.

    Hope this is helpful!

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 phython如何实现以下功能?查找同一用户名的消费金额合并—
  • ¥15 孟德尔随机化怎样画共定位分析图
  • ¥18 模拟电路问题解答有偿速度
  • ¥15 CST仿真别人的模型结果仿真结果S参数完全不对
  • ¥15 误删注册表文件致win10无法开启
  • ¥15 请问在阿里云服务器中怎么利用数据库制作网站
  • ¥60 ESP32怎么烧录自启动程序
  • ¥50 html2canvas超出滚动条不显示
  • ¥15 java业务性能问题求解(sql,业务设计相关)
  • ¥15 52810 尾椎c三个a 写蓝牙地址