This topic has 13 replies, 3 voices, and was last updated 9 years by 
-
-
Hi everyone
I have been dealing with server resource overages and account suspension on a shared server over the last few weeks, and I’m being forced to move to VPS. My resource usage is hitting 1000% of allowable, with only 800 page views on the days that the site is actually online.This is also with Cloudflare delivering static content, Heartbeat set to 60 seconds, WP Super Cache, although Super Cache is disabled on the ajax pages like Group and Activity.
What’s going on? Is this typical? Am I doing something significantly wrong?
It was on the same boat as you until I got myself educated on how spammers/sploggers steal content and bandwidth for their own gain.
So I suggest that you get rid of CloudFlare. Strengthen your .htaccess and robots.txt. Install ZB Block especially if you are using BuddyPress. Delete all the spammers who registered. Check your latest visitors log on the control panel to check what pages these lowlifes are accessing and note them down. It will help you tailor your .htaccess file.
My bandwidth usage is minimal. It’s something in the frequency of server calls and how much processing is done by the server that is causing the suspensions.
So here are some explicit questions:
1. What are your recommended heartbeat settings?
2. What are your recommended W3 Total / WP Super Cache settings?
3. What is the shortest list of cached pages to exempt in order to ensure the social networking features are still useable?
4. Is this theme only viable for VPS users?
I don’t have the answers to all your questions.
My site is still under development and will be launched by first week of next month. I can tell you though that when my server usage skyrocketed, the web host support recommended for an upgrade. It did not really make any sense since I was still not signing up new members to the community groups. I found out that spammers/sploggers are stealing bandwidth and I’m getting tons of registrations. So, I streamlined the registration and login process. I also strengthened the security on the site. My usage is now back to normal and I’m still on a shared hosting plan.
@gigidesign You know what, you actually have given me something to think about.
I am using BP Security Check, Limit Login Attempts, and WangGuard. I have a feeling it might be WangGuard. The WangGuard specifically eliminated spam signups, but may have accelerated the server calls.
I’m also looking through the logs and the majority of the last 1000 records are a Cloudflare Europe address repeatedly calling admin-ajax.php, so we have a Heartbeat issue. I just counted and it’s over 40 calls in a single minute. That means Heartbeat Control isn’t doing what it’s supposed to be doing.
I’m also staying away from using plugins because it’s kind of like doing a bubblegum repair. For example, if it takes up server resources to stay logged into the WP Admin for too long, then don’t do that. If you’re still developing your pages/posts, you can just save it as draft and come back to it. So, you don’t really need the Heartbeat Control.
I took your advice and dumped Cloudflare, and installed ZB Block. Once the Cloudflare IP masking was removed, I was able to determine that the majority of calls were from Googlebots, so I used Webmaster Tools to make the crawl rate the lowest possible. Turns out it wasn’t being logged into the dashboard that was overdriving the admin-ajax.php, it was robots.
Now I’m looking at the logs and I’m seeing single IP addresses scraping massive numbers of featured images in a short time period. At first I thought I just had the Related Articles set to show 100 on posts, but now I see it’s something more devious.
This is all very new to me.
I also doublechecked my WP Super Cache and it says I have 7 cached pages. So obviously I don’t have the settings very aggressive.
Good for you. I’m also new to all these (OOL/PHP/Apache/Java/WP) but I’m a pro in software development. Hopefully, you’ll sleep better now.
Okay some new developments.
My front page is back up, but access to wp-admin and wp-login result in 503 errors.
So I used the menu login, and the Firebug error count just started going up rapidly. It was admin-ajax.php calls, 4 times per second. In cpanel, my visitor log showed me the same type of long list of admin-ajax.php calls that I had previously seen with the Googlebot call.
I still have ftp access so I used it to delete Heartbeat Control, but it’s not helping.
I’m working with the webhost, but I’m lost.
You must not have whitelisted your ip. Did you follow the instructions in the manual?
Anyways, pm me ur skype id so I can walk you through.
Okay it turned out the ZB Block was causing the admin-ajax 503 errors and blocking my access to the dashboard. I deleted ZB Block and eliminated the php to get access back to my site.
I reinstalled and renabled heartbeat at 60 seconds, disabled on the dashboard.
CPanel’s Last Visitor logs is showing I have lots of admin-ajax.php calls, and P3 Plugin Profiler has finished scanning and shows all my resource consumption is Buddypress Media – admin-ajax.php calls.
My IP isn’t showing up on the Last Visitors list calling admin-ajax.php which means the Heartbeat Control plugin set to Disable Dashboard is working, but the interval specified (60 seconds) is not.
Talked to the host and because the wp-login form uses admin-ajax.php to let our users login, the recommendation was to monitor IPs and blacklist them. BRUTAL
Okay, I did some web searches and found this child theme function that seems to have knocked out all the spam IP calls, without breaking the Activity stream, update posting, or login form:
COPY CODEfunction my_deregister_heartbeat() { global $pagenow; if ( 'post.php' != $pagenow && 'post-new.php' != $pagenow ) { wp_deregister_script('heartbeat'); wp_register_script('heartbeat', false); } } add_action( 'admin_enqueue_scripts', 'my_deregister_heartbeat' );In this next chapter, resource usage has been around 50% for most of the day, but has now climbed to 150%.
I’ve enabled http:BL plugin in order to automatically block all IPs profiled as dangerous in Project Honey Pot. This way I won’t have to manually update the htaccess file.
Will this final tool keep me from having to upgrade to VPS?
Find out tomorrow.
Thank you for keeping us updated. I’m very interested in this.
Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionThis support site is not about custom work. If you need custom development please contact cornel@seventhqueen.com
The forum ‘General questions’ is closed to new topics and replies.
