Hello Peter,

Sorry for late reply you,

Have you recently updated or installed any new components or plugins? If yes, try to disable them and see if that help or not. Also, is there any server log file or any mysql slow queries log that we can look at? At the moment, we are unsure what causing the slowness of your site but if you can provide us more information, then we can investigate your issue,

In your second login issues, is it that user not able to login only? could you mind you guide us how to reproduce this issues again ? So we can try to investigate on your issues.
Please advise.

hi there,

i contacted my hoster to get a more detailed log what they found out is causing high load on cpu. is there any ohter way i can get any log files? Dont know that much about servers and how the log...If you can point me in a direction i will try to get everything possible.

And no didnt installed any plugins, scripts, addons or anything else. completely nothing.

after it happend the first time i followed the hosters guide to disable gzip compression and enable caching in joomla. well caching was already enabled just disabled gzip and indeed in my opinion the side was loading a bit faster.

but the issue also happened with gzip on. so i guess this is not the problem.

Arlex, i didnt had any login issue. it was just that only the site was open on my laptop and i was not logged int. I was just trying to say, that like autodraft feature of easyblog was not sending anything to the server.
because that what seemed to be the problem in the beginning.

this was the log file i received when it first happened, and it was arround when i was writing a long article and the article window was open for maybe 3 hours. could it be to high traffic of the auto draft feature?

Hello,

Thank you for contacting HostGator. I took a look at the log files about the time the site was restricted and compared them to the same time frame from the previous day. It looks like a spike in traffic is what resulted in the restriction.

This is from today

Top 10 requesting IP Addresses based on count:
COUNT: 1960 / 12.76% IP: 217.246.3.85 HOST: pD9F60355.dip0.t-ipconnect.de
COUNT: 1857 / 12.09% IP: 31.13.168.165 HOST: Unknown Host
COUNT: 568 / 03.70% IP: 91.52.51.126 HOST: p5B34337E.dip0.t-ipconnect.de
COUNT: 564 / 03.67% IP: 158.181.114.134 HOST: pub158181114134.dh-hfc.datazug.ch
COUNT: 360 / 02.34% IP: 66.249.74.62 HOST: crawl-66-249-74-62.googlebot.com
COUNT: 307 / 02.00% IP: 188.110.194.72 HOST: dslb-188-110-194-072.pools.arcor-ip.net
COUNT: 245 / 01.60% IP: 203.67.5.21 HOST: h21-203-67-5.adsl.dynamic.seed.net.tw
COUNT: 233 / 01.52% IP: 80.129.17.157 HOST: p5081119D.dip0.t-ipconnect.de
COUNT: 212 / 01.38% IP: 77.2.37.29 HOST: ulmg-4d02251d.pool.mediaWays.net
COUNT: 210 / 01.37% IP: 87.123.144.66 HOST: i577B9042.versanet.de

This is the day before

Top 10 requesting IP Addresses based on count:
COUNT: 153 / 05.51% IP: 82.72.82.161 HOST: 524852A1.cm-4-1b.dynamic.ziggo.nl
COUNT: 115 / 04.14% IP: 217.246.15.21 HOST: pD9F60F15.dip0.t-ipconnect.de
COUNT: 115 / 04.14% IP: 82.220.1.205 HOST: Unknown Host
COUNT: 114 / 04.11% IP: 188.99.178.220 HOST: dslb-188-099-178-220.pools.arcor-ip.net
COUNT: 113 / 04.07% IP: 79.222.110.185 HOST: p4FDE6EB9.dip0.t-ipconnect.de
COUNT: 111 / 04.00% IP: 158.181.114.134 HOST: pub158181114134.dh-hfc.datazug.ch
COUNT: 110 / 03.96% IP: 62.192.9.140 HOST: Unknown Host
COUNT: 109 / 03.93% IP: 91.52.38.253 HOST: p5B3426FD.dip0.t-ipconnect.de
COUNT: 109 / 03.93% IP: 91.65.154.18 HOST: 91-65-154-18-dynip.superkabel.de
COUNT: 107 / 03.85% IP: 87.230.108.20 HOST: gw1.cgn3.hosteurope.de

I did notice that this was a Joomla installation, and would recommend that you enable caching for it as well as follow some of the other recommendations found here :
http://support.hostgator.com/articles/getting-started/general-help/optimizing-joomla

Please note that if you already have caching enabled, you will need to take more action such as looking into any high use modules or plugins, and seeing if there are any updates, or possibly any that you can disable to reduce the load that your site causes. The Joomla Community Portal is also a great resource to use when dealing with issues such as installation, optimizing, caching, etc..

http://community.joomla.org/

but still waiting for the current log file...havent received nothing

is there a way like to upload a little script which creates a log file?

Hi there,

i just got a bit more information whats going on and according to the hoster it seems to be kommento is the problem and bots trying to spam: Here the message I got from the hoster:

Greetings,

Thank you for taking the time to contact Hostgator.

During the hour preceding the last automated block that your account triggered, I observed an inordinate number of POST requests made for the com_komento component of the Joomla site at mobtivity.com . This could potentially be the result of bots attempting to spam comments on your site.

As each of these requests appears to be generating a php process, causing spikes in CPU activity, it may be prudent for you to consider replacing this component with one that is less resource intensive.

Unfortunately the rewrite I added (listed below) to your .htaccess file only served to mitigate portion of the bot traffic coming in since the aforementioned POST requests were coming from a multitude of unique IP addresses and user agents, hence why I'm suggesting that you consider disabling the com_komento component.

Nevertheless, I have gone ahead and lifted the restrictions that were in place on this account, and we will continue to monitor the situation.

Added rewrite:

ErrorDocument 416 "Bad Request"
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1; SV1"
RewriteRule .* - [R=416,L]

Request sample:

91.52.42.130 - - [20/Dec/2013:06:07:13 -0600] "POST /?option=com_komento HTTP/1.1" 200 53 "http://www.mobtivity.com/de/news/no-ip-eine-kostenlose-alternative-zu-dyndns-org.html " "Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/30.0.1599.101 Chrome anonymized by Abelssoft 758805714"
80.153.200.7 - - [20/Dec/2013:06:07:14 -0600] "POST /?option=com_komento HTTP/1.1" 200 33 "http://www.mobtivity.com/de/news/no-ip-eine-kostenlose-alternative-zu-dyndns-org.html " "Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0"
192.185.1.20 - - [20/Dec/2013:06:07:16 -0600] "POST /?option=com_komento HTTP/1.1" 200 53 "http://www.mobtivity.com/de/news/tutorial-bmw-connecteddrive-softwareupdate-fuer-das-fahrzeug-einspielen.html " "Mozilla/5.0 (X11; Linux i686; rv:6.0.2) (aUX4vNj7MjxS0bcC+eMyi2HASrTKDLd7VXZgyaDSVeI=) Gecko/20100101 Firefox/6.0.2"
95.90.163.34 - - [20/Dec/2013:06:07:19 -0600] "POST /?option=com_komento HTTP/1.1" 200 33 "http://www.mobtivity.com/de/news/tutorial-bmw-connecteddrive-softwareupdate-fuer-das-fahrzeug-einspielen.html " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
85.205.122.153 - - [20/Dec/2013:06:07:35 -0600] "POST /?option=com_komento HTTP/1.1" 200 33 "http://www.mobtivity.com/de/news/no-ip-eine-kostenlose-alternative-zu-dyndns-org.html " "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
158.181.94.115 - - [20/Dec/2013:06:07:41 -0600] "POST /?option=com_komento HTTP/1.1" 200 33 "http://www.mobtivity.com/de/news/no-ip-eine-kostenlose-alternative-zu-dyndns-org.html " "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"

Hello Peter,

If the bots are trying to spam the site, I would strongly suggest that you turn on Recaptcha on the site. There's no work around for this unless your hosting provider blocks these ip addresses from accessing the site

hi mark,

is recaptcha better than the built in captcha? thats what i am using currently....


As he wrote its hard for him do block the bots, because they are all coming from diffrent ips...

Hello Peter,

It's actually about the same since they both prevent bots from automatically posting comments. I don't think that there's a work around for this unfortunately and the best way is to block the bots by IP Address.

hi there,

i still have the issue with komento, i guess i have to remove it. The problem is, the comments dont get spammed, actually there are no comments really made, but just the requests for comments are high enough to drive the cpu load over the limit of my hoster. i still have this problem and it is gettin worse in the last couple weeks and mainly frequented is komento, even that it is now disabled it gets 39% of my cpu load.

Is it maybe something in the programming that it uses to much cpu you can check into? like if its bots and stuff to make it easier on cpu load?

Hello Peter,

You need to request your host to find out which particular code / script that's hogging the CPU because if there's no comments made, I don't understand why it would hog up so much of CPU. Unless Komento is configured to use in development mode but even so, these only renders the javascript files.

Hi Mark,

thanks for your reply. I asked and what i got was this:

Top Request Strings:
Count: 723 / 39.90% Request: "POST /?option=com_komento HTTP/1.1"

I dont know if it helps you, but thats supposed to be the problem when i have high cpu usage. Does it make sense to you?

Hello Peter,

Hm, it seems like there's a connection made to Komento for 723 times? It really doesn't make sense Is there any other data along with these information? Perhaps the "post" data?

HI, my account just got restricted again and i send a new email to the admin, thast what i got:

We do not have any specific POST data that can be seen, however, we noticed that when the URL is loaded, your site begins to use a large amount of CPU usage. The 404 that is generated may have been the cause of the resource usage. Here is some of the access logs for POST requests that appear to be consuming a large amount of resources.

178.192.149.35 - - [22/Jun/2014:15:27:27 -0500] "POST /?option=com_komento HTTP/1.1" 403 18200 "http://www.mobtivity.com/de/news/galaxy-note-3-update-auf-android-kitkat-mit-root-und-knox-0x0.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
93.192.213.107 - - [22/Jun/2014:15:27:29 -0500] "POST /?option=com_komento HTTP/1.1" 416 31 "http://webcache.googleusercontent.com/search?q=cache:KcmyjYVlBg4J:www.mobtivity.com/de/news/bmw-connected-jetzt-auch-fuer-android-verfuegbar.html+&cd=7&hl=de&ct=clnk&gl=de&client=firefox-a" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"
93.192.213.107 - - [22/Jun/2014:15:27:35 -0500] "POST /components/com_jvotesystem/ajax.php HTTP/1.1" 200 745 "http://webcache.googleusercontent.com/search?q=cache:KcmyjYVlBg4J:www.mobtivity.com/de/news/bmw-connected-jetzt-auch-fuer-android-verfuegbar.html+&cd=7&hl=de&ct=clnk&gl=de&client=firefox-a" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"
93.192.213.107 - - [22/Jun/2014:15:27:45 -0500] "POST /components/com_jvotesystem/ajax.php HTTP/1.1" 200 745 "http://webcache.googleusercontent.com/search?q=cache:KcmyjYVlBg4J:www.mobtivity.com/de/news/bmw-connected-jetzt-auch-fuer-android-verfuegbar.html+&cd=7&hl=de&ct=clnk&gl=de&client=firefox-a" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"

the weird thing is, that i have komento disabled right now, so nobody can see it. I guess i have to uninstall it, but then i will loose all my coments or? but still, they say every time the komento is loaded it uses high ressources

Hello Peter,

Hm, that access log is too generic and I am not really sure if it actually sure it means anything. Is there any other reports that your hosting provider can provide?

Hi mark,

i contacted them and waiting for a reply. I just had another spike on cpu ressources today, I am also currently checking to get a root server to solve this problem and it comes handy for a couple other projects i want to try out. Lets see what i can find....

Sure, let me know the findings because I am quite puzzled as to why Komento is taking so much resources when there's no comments at all. It doesn't make any sense.

Hi Mark,

thats what i got from them now.

Where can I check if there are any coments or pending comments, couldnt find any and komento is now disabled in Joomla itself and also i deactivated the integration into easyblog in the komento settins. If i open up a post, it doesnt show Komento anymore....


At this time, from reviewing the traffic logs for your account it does appear that it was Komento that was the cause of this. Below you can see the access logs entries for only the Komento module:

Top 10 requesting IP Addresses based on count:
COUNT: 108 / 50.23% IP: 178.192.149.35 HOST: 35-149.192-178.cust.bluewin.ch
COUNT: 100 / 46.51% IP: 84.72.1.22 HOST: 84-72-1-22.dclient.hispeed.ch
COUNT: 6 / 02.79% IP: 157.55.39.248 HOST: msnbot-157-55-39-248.search.msn.com
COUNT: 1 / 00.47% IP: 157.55.39.195 HOST: msnbot-157-55-39-195.search.msn.com


Top 10 Request Strings:
Count: 208 / 96.74% Request: "POST /?option=com_komento HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=516 HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=324 HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=224 HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=367 HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=179 HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=840 HTTP/1.1"
Count: 1 / 00.47% Request: "GET /de/component/komento/rss.feed?component=com_easyblog&cid=44 HTTP/1.1"

HTTP Response Codes:
Count: 208 / 96.74% Code: 403 - Forbidden
Count: 7 / 03.26% Code: 404 - Not Found

Top 10 Referers:
Count: 108 / 50.23% Referer: "http://www.mobtivity.com/de/news/galaxy-note-3-update-auf-android-kitkat-mit-root-und-knox-0x0.html"
Count: 100 / 46.51% Referer: "http://www.mobtivity.com/de/news/philips-mit-zwei-neuen-picopix-projektoren-zur-ifa.html"
Count: 7 / 03.26% Referer: "-"

Top 10 User Agents:
Count: 108 / 50.23% User Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
Count: 100 / 46.51% User Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36"
Count: 7 / 03.26% User Agent: "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"