Please provide us with the log of the CPU usage that shows EasyBlog using the cpu?

Hi,

here is the answer I got from them, sorry I have no log yet.

As can be seen the easyblog components have been repeatedly seen to create such resource usage issues as have been seen in this case, as such we strongly advise that said plugins be deactivated and removed from the effected installation in order to help address the issues seen in this case. When investigating this matter on your behalf and sorting through the currently active modules and components in use the easyblog modules and components have been identified as the potential cause of this issue as said modules and components are known to be resource intensive in most cases, however since we did not develop nor design any of the content on your account, it would be impossible for us to attempt to diagnose the actual problem that is causing this for you in greater depth. As such I would suggest contacting your web developer, or someone who is familiar with your site's structure and functionality in order to address this issue.

I still waiting for the log

Hi there

Interestingly over the past few days I've had exactly the same message from my host telling me there was repeatedly high usage on my account.

I've investigated various causes over the past few days have have narrowed it down to EasyBlog as the cause. The first issue I spotted was that the trackbacks feature (which I had enabled) was being abused. I hadn't received any notification of any trackbacks but when checking the back-end trackbacks were being added about every 30 seconds, which led to about 45,000 trackbacks (none published, and all point to 'dodgy' looking sites). I have now disabled trackbacks (and comments for that matter) and deleted all these trackbacks and this has significantly improved my server CPU usage.

That said, it's still above normal, so further investigation today about hits to my website reveal that my blog pages are being the victim of frequent spam attacks - repeatedly accessing the blog pages which I think is putting a strain on the server CPU usage.

Greg - might be worth checking your trackbacks to see if anything looks strange there;
Easyblog - is there anything I can do to prevent these spam hits?

P.S. As an immediate reaction to this I've also been trying to update my version of Easyblog how an error appears saying please enter a valid API key (which I've taken from my account). Is this something you can also look into (happy to open up a separate support ticket if you like).

Hello Mike,

We are going to take off the 'trackback' feature in EasyBlog 4.0 because this feature really doesn't seem to be reliable anymore as most people just use it for spam purposes. At the moment, it would be best that your ISP can discard these spammer ip addresses because the best that we could do is to disable the trackbacks and ensure that they give up. They too do not want to waste their resources on sites that they can't spam

By the way, the API key issue is most likely because you were trying to upgrade to 3.9 from 3.8. Major upgrades like this requires a full reinstall. Rest assured that the settings and data will remain in tact

Greg,

You might also want to check as to what Mike has mentioned above too.

Thanks Mark - agreed, my hope is they give up too and go and spam someone else (or preferably go and do something useful).

Were there any security improvements from 3.8 to 3.9 that might help my cause (I've amended a lot of the CSS so keen not to go through that again, appreciating also that the textbook answer is that I should always have the latest version!).

I'm currently going through a process of banning the IP addresses as they hit the blog pages (interestingly it is only the blog pages they're spamming rather than the rest of the site) - fingers crossed they don't just change the IP address and keep going....

Hello Mike,

Hm, I personally did some SQL tweaks in the latest version which optimizes the SQL queries when you are accessing the back end of EasyBlog. You would only see these improvements when you have about 90k blog posts or more. It would be advisable that you use the template overriding feature so that you won't have to worry of such upgrades in the future

Hi,

I check my configuration.
Trackback are off, and I think I never enable this feature.

So it's not from there

Hello Greg,

I can't really give you a definite answer here yet unless I see the logs that clearly shows which area is EasyBlog hogging up the CPU.

Hi,

I still haven't some log, but I made some test on my website using htaccess.
I stop crawling easyblog part and CPU usage dicrease to normal usage and my restriction was removed.
As soon as I remove this code stopping the crawls by robot in my htacces, CPU usage go up and I get restriction from my server. So the problem it's really from easyblog ans as you can see, on easyblog page I have mainly easyblog module.

I don't use trackback so it's not coming from this place.
I know you need log, but could you check on your side if you can make something to dicrease CPU usage in easyblog.
There is no way, I have to remove from crawler my blog

Thanks again for your help.

Hello Greg,

The crawler uses more CPU than usual and this is because it needs to connect to the external sites and process the content. There's a lot of regex going on to match contents so there's no other work around I am afraid.

Greg

To give you an update on my side, you were right that disabling the trackbacks didn't resolve the issue. The high CPU usage was caused from crawlers so I wonder if there are crawlers deliberately targeting Easyblog code (this was shown by the HUGE mismatch between hits recorded in Awstats and Google analytics and the location of hits).

Anyway, looking at Awstats, the vast majority of these crawlers originated in China. China is not a target market for our website so in order to resolve the issue I've simply applied an IP block to all Chinese originate IP addresses. This is quite extreme but instantly resolved the issue. There are still crawlers from US and other parts targeting the Easyblog pages but not to the same extent as the Chinese IPs, so disabling them instantly brought us under our servers CPU usage.

Mike

Hello Mike,

I believe there's some confusions here. What Greg actually meant is the crawler that is trying to crawl out from his site to his external RSS feeds. What you are getting here I believe is most likely incoming crawls and the best way to deal this is to route these bad ip addresses to 127.0.0.1 . I believe your web host should be able to add this in their routing tables since we all know these traffics are useless.

Hi,

Do you have a receipe to stop china robot crawling my website?
I will be happy to know it and save CPU usage.

Thanks in advance,
Greg

Hello Greg,

The problem is you cannot stop them on the script level. When it reaches your index.php , your webserver is already taking the hit. It should be done on the network layer where their ip address should be re-routed to 127.0.0.1

It's a common ddos mitigation technique to reroute the user to his own localhost