XF 1.3 Xenforo CPU usage

NickM22

Active member
I think I have Bots causing lots of cpu usage, I do get Spam posts time to time. http://prntscr.com/5x66wk so in a live a chat they sent what is getting pings, This is a fresh install of xenforo only a few days old. Prior i had ran it for about a year with no issues.

Current Site Requests:
144.76.3.101 ancientstudio.com /nzfps/index.php?forums/introductions.9/&order=view_count
144.76.3.101 ancientstudio.com /nzfps/index.php?goto/post&id=302
144.76.3.101 ancientstudio.com /nzfps/index.php?goto/post&id=66
144.76.3.101 ancientstudio.com /nzfps/index.php?members/brand.4/recent-content
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/123/permalink
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/289/
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/293/
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/296/
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/298/
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/301/
144.76.3.101 ancientstudio.com /nzfps/index.php?posts/308/
173.81.37.149 zero-fps.ancientstudio.com /index.php?members/izzy.26/&card=1&&_xfRequestUri=%2Findex.
173.81.37.149 zero-fps.ancientstudio.com /index.php?members/izzy.26/&card=1&&_xfRequestUri=%2Findex.
173.81.37.149 zero-fps.ancientstudio.com /index.php?posts/345/quote
173.81.37.149 zero-fps.ancientstudio.com /index.php?posts/345/quote
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.118.102.2 zero-fps.ancientstudio.com /
24.178.27.41 zero-fps.ancientstudio.com /data/avatars/m/0/18.jpg?1422139668
24.178.27.41 zero-fps.ancientstudio.com /data/avatars/m/0/18.jpg?1422139668
24.178.27.41 zero-fps.ancientstudio.com /index.php
24.178.27.41 zero-fps.ancientstudio.com /index.php
24.178.27.41 zero-fps.ancientstudio.com /styles/*******/sulfur/xenforo/xenforo-ui-sprite.png
24.178.27.41 zero-fps.ancientstudio.com /styles/*******/sulfur/xenforo/xenforo-ui-sprite.png
65.185.165.232 zero-fps.ancientstudio.com /
65.185.165.232 zero-fps.ancientstudio.com /
65.185.165.232 zero-fps.ancientstudio.com /
65.185.165.232 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
71.167.9.48 zero-fps.ancientstudio.com /
96.235.160.175 zero-fps.ancientstudio.com /
96.235.160.175 zero-fps.ancientstudio.com /
96.235.160.175 zero-fps.ancientstudio.com /deferred.php
96.235.160.175 zero-fps.ancientstudio.com /deferred.php
96.235.160.175 zero-fps.ancientstudio.com /index.php
96.235.160.175 zero-fps.ancientstudio.com /index.php
96.235.160.175 zero-fps.ancientstudio.com /index.php?threads/nosgoth.8/
96.235.160.175 zero-fps.ancientstudio.com /index.php?threads/nosgoth.8/
 
He told me to add a bot list to my .htaccess so this is what I have now.

##begin code
##start blocking potentially unwanted bots.
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
##end code. bai bots.
# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
RewriteEngine On

# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo

# This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
 
Those IPs don't appear to generally be bots, aside from the first one. I'm not really clear what the listed requests are and what period of time they reflect. If it's simultaneous, then that would appear to imply either a really misbehaving add-on, style issues, or a DoS style attack. I would have to recommend confirming whether the issues happen while running with add-ons disabled and the standard style in place (and trying to get more clarification from your host regarding those requests).
 
Top Bottom