Uptime causing CPU load 100%

I have 20 sites on the same server and have Uptime monitoring enabled. And this IP 34.196.51.17 driving my CPU load over 100%.
I blocked it from my server, it's over half the requests every second, accounts for half of the open connections. The server is back down to <30% CPU 30 seconds after blocking it.

  • Richard Alva
    • Flash Drive

    This is happening again, my server is getting hits from that, thousands of times a second, WTF?? I am now blocking that IP from accessing all my servers. As far as I can tell it crashed one of my servers yesterday, 2 hour down time, please explain. Server logs show hundreds of hits per second from this ip. Accounts for well over half the lines in my server access logs. This is ridiculous, thanks for the denial of service attacks. This is just one short second of one sites log, multiple times per second, hitting both http and https:

    34.196.51.17 - - [11/Sep/2018:06:49:40 +0000] "HEAD / HTTP/1.1" 301 209
    34.196.51.17 - - [11/Sep/2018:06:49:41 +0000] "HEAD / HTTP/1.1" 301 3689
    34.196.51.17 - - [11/Sep/2018:06:49:41 +0000] "HEAD / HTTP/1.1" 200 3751
    34.196.51.17 - - [11/Sep/2018:06:51:41 +0000] "HEAD / HTTP/1.1" 301 209
    34.196.51.17 - - [11/Sep/2018:06:51:43 +0000] "HEAD / HTTP/1.1" 301 3689
    34.196.51.17 - - [11/Sep/2018:06:51:43 +0000] "HEAD / HTTP/1.1" 200 3751
    34.196.51.17 - - [11/Sep/2018:06:53:40 +0000] "HEAD / HTTP/1.1" 301 209
    34.196.51.17 - - [11/Sep/2018

  • Mark
    • Site Builder, Child of Zeus

    Hi,

    I've been having the same issue for months. Hits from the 34.196.51.17 IP address frequently drag's one or more of my servers down. I've spoken to WPMU Dev support in the past about it and they've told me the problem has been resolved. I have just had yet another conversation with Cloudways supports after the latest server issue and they've again confirmed most of my sites are receiving excessive hits from that IP with at least one of my sites receiving double the amount of hits for some reason.

    Mark

  • Mark
    • Site Builder, Child of Zeus

    I've at least got to the bottom of the double hits, this is a sample from the log files from the affected site. Any idea what the first hit is trying that is causing a 301 redirect?

    34.196.51.17 - - [01/Oct/2018:18:03:58 +0000] "GET / HTTP/1.1" 301 357 "http://www.not-the-real-site.co.uk/" "WPMUDEV Uptime Monitor 4.0 (https://premium.wpmudev.org)&quot;
    status_code:301 34.196.51.17 [01/Oct/2018:18:04:01 +0000] HEAD / HTTP/1.1
    34.196.51.17 - - [01/Oct/2018:18:04:01 +0000] "GET / HTTP/1.1" 200 12127 "http://www.not-the-real-site.co.uk/" "WPMUDEV Uptime Monitor 4.0 (https://premium.wpmudev.org)&quot;
    status_code:200 34.196.51.17 [01/Oct/2018:18:04:17 +0000] HEAD / HTTP/1.1

    Mark

  • Richard Alva
    • Flash Drive

    One hits the http url and gets redirected to the https url?

    I can confirm that this is getting better for me. Over a 24 hour period some sites get 1450 hits form that ip and other only 750 which is still excessive. Though once every two minutes is probably fine so it's mostly ok, not sure why some sites are getting hit once every minute and others once every two minutes. Also, they mentioned that it's suppose to be once every 5 minutes. My guess is there are still issues.

    • Mark
      • Site Builder, Child of Zeus

      Hey Richard Alva ,

      I got Cloudways to do a bit more digging and you are right, it's redirecting from http to https. Why?!?!?!??! The site home/url is set correctly and the WPMU Dev Dashboard plugin is installed which I guess is what reports back to The Hub the URL of the site. Total waste of traffic.

      I for one would be happier if it were hitting every five minutes and not twice a minute as seems to be at the moment.

      Mark

  • Richard Alva
    • Flash Drive

    It might be that it was setup originally with the http:// url, not sure, only about 1/3 of my sites are doing that and I can't really see the url protocol in the hub anywhere. Google search console has the same issues with that.

    At least it's not the 30 times per second per site I was getting a few weeks ago.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.