1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.3 Xenforo CPU usage

Discussion in 'Troubleshooting and Problems' started by Nick Jtk Markham, Jan 26, 2015.

  1. Nick Jtk Markham

    Nick Jtk Markham Active Member

    I think I have Bots causing lots of cpu usage, I do get Spam posts time to time. http://prntscr.com/5x66wk so in a live a chat they sent what is getting pings, This is a fresh install of xenforo only a few days old. Prior i had ran it for about a year with no issues.

    Current Site Requests:
    144.76.3.101 ancientstudio.com /nzfps/index.php?forums/introductions.9/&order=view_count
    144.76.3.101 ancientstudio.com /nzfps/index.php?goto/post&id=302
    144.76.3.101 ancientstudio.com /nzfps/index.php?goto/post&id=66
    144.76.3.101 ancientstudio.com /nzfps/index.php?members/brand.4/recent-content
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/123/permalink
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/289/
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/293/
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/296/
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/298/
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/301/
    144.76.3.101 ancientstudio.com /nzfps/index.php?posts/308/
    173.81.37.149 zero-fps.ancientstudio.com /index.php?members/izzy.26/&card=1&&_xfRequestUri=%2Findex.
    173.81.37.149 zero-fps.ancientstudio.com /index.php?members/izzy.26/&card=1&&_xfRequestUri=%2Findex.
    173.81.37.149 zero-fps.ancientstudio.com /index.php?posts/345/quote
    173.81.37.149 zero-fps.ancientstudio.com /index.php?posts/345/quote
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.118.102.2 zero-fps.ancientstudio.com /
    24.178.27.41 zero-fps.ancientstudio.com /data/avatars/m/0/18.jpg?1422139668
    24.178.27.41 zero-fps.ancientstudio.com /data/avatars/m/0/18.jpg?1422139668
    24.178.27.41 zero-fps.ancientstudio.com /index.php
    24.178.27.41 zero-fps.ancientstudio.com /index.php
    24.178.27.41 zero-fps.ancientstudio.com /styles/*******/sulfur/xenforo/xenforo-ui-sprite.png
    24.178.27.41 zero-fps.ancientstudio.com /styles/*******/sulfur/xenforo/xenforo-ui-sprite.png
    65.185.165.232 zero-fps.ancientstudio.com /
    65.185.165.232 zero-fps.ancientstudio.com /
    65.185.165.232 zero-fps.ancientstudio.com /
    65.185.165.232 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    71.167.9.48 zero-fps.ancientstudio.com /
    96.235.160.175 zero-fps.ancientstudio.com /
    96.235.160.175 zero-fps.ancientstudio.com /
    96.235.160.175 zero-fps.ancientstudio.com /deferred.php
    96.235.160.175 zero-fps.ancientstudio.com /deferred.php
    96.235.160.175 zero-fps.ancientstudio.com /index.php
    96.235.160.175 zero-fps.ancientstudio.com /index.php
    96.235.160.175 zero-fps.ancientstudio.com /index.php?threads/nosgoth.8/
    96.235.160.175 zero-fps.ancientstudio.com /index.php?threads/nosgoth.8/
     
  2. Nick Jtk Markham

    Nick Jtk Markham Active Member

    He told me to add a bot list to my .htaccess so this is what I have now.

    ##begin code
    ##start blocking potentially unwanted bots.
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
    RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus
    RewriteRule ^.* - [F,L]
    ##end code. bai bots.
    # Mod_security can interfere with uploading of content such as attachments. If you
    # cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    # SecFilterEngine Off
    # SecFilterScanPOST Off
    #</IfModule>

    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default

    <IfModule mod_rewrite.c>
    RewriteEngine On

    # If you are having problems with the rewrite rules, remove the "#" from the
    # line that begins "RewriteBase" below. You will also have to change the path
    # of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    # This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
     
  3. Nick Jtk Markham

    Nick Jtk Markham Active Member

    Also with the spam I am just using the built in recaptcha.
     
  4. Mike

    Mike XenForo Developer Staff Member

    Those IPs don't appear to generally be bots, aside from the first one. I'm not really clear what the listed requests are and what period of time they reflect. If it's simultaneous, then that would appear to imply either a really misbehaving add-on, style issues, or a DoS style attack. I would have to recommend confirming whether the issues happen while running with add-ons disabled and the standard style in place (and trying to get more clarification from your host regarding those requests).
     

Share This Page