SiteGround Server Overload

[Living Miracles]

Hello,

On October 4th, all of our sites on our SiteGround server randomly went down and stayed down. When we asked their support team to look into this and see what is going on to help us get our sites back up, they responded that they checked and found that our server overloaded due to high CPU usage. They shared that the top executed scripts on our server at the time of this downtime on the server was “…/public_html/wp-content/plugins/bulletproof-security/405.php” from various sites. To take care of it at that time, they suggested we use the “I’m Under Attack!” Security Level option in our Cloudflare account for the site that had the highest executions.

This same issue occurred the next day and a couple of more times the following week. Since then, we have made some server optimization changes that we believe would help in better handling these surges on our server. However, we’re not sure if it is directly due to these changes that we made that we haven’t had the downtime since or if it is because we haven’t had the same sort of surge to our server.

We had also noticed that some of our sites are creating a lot of “security-log.zip” files (they get sent to our email inbox when they reach a certain size on the site) in general and are averaging about one of these emails per site per day. For example, one of the sites had almost 15,000 “Total 405 HEAD Request Log Entries.” As part of a test, for two of these sites, we changed the Security Level option to “High” and also enabled the “Bot Fight Mode” and “JavaScript Detections” options in our Cloudflare account. We did this thinking that if the settings help prevent the requests from reaching our site in the first place, then we should notice a significant decrease in Security Log entries for these two sites. However, as far as we can tell, there hasn’t been any noticeable decrease.

So with all of that, we would like to ask some related questions at this point:

• From what we understand, this “…/public_html/wp-content/plugins/bulletproof-security/405.php” page is what pops up/gets executed when a HEAD request gets blocked. From what you’re aware of, is it normal for our server to get overloaded from what seemed to be some sort of “DDoS” attack if those requests were getting blocked? Does it use any more or less of our server’s resources to block those requests than for them to get through?
• Does it use additional server resources to add/write entries to our Security Log (e.g., when a request gets blocked)?
• Can you help us figure out what is going on, why our Security Log entries haven’t decreased with the settings we chose in our Cloudflare account? Does that make sense to you? Or can you possibly point us in the right direction with this situation?

Anything you can share with us in answering these questions is greatly appreciated and would be truly helpful for us.

Thank you,
Living Miracles

[AITpro Admin]

I changed the forum topic title since the forum title you used cannot possibly be accurate.  Security Logging uses very little resources.  This forum site gets regularly attacked at rates of between 100 – 1,000 attacks per second and there is absolutely no noticeable website performance issues and no noticeable server resource usage.

So since Security Logging does not use any significant resources then the root cause of the problem is something else.  Each HEAD Request that is logged or any other things that are logged are identical to a visitor visiting your website.

BPS Pro is performance optimized for minimal resource usage in general.  Over many years some people with Dedicated and VPS host servers on various web hosts have had server resource issues/problems with things in BPS Pro that use very little resources.  You would think that a Dedicated or VPS server out of the box would be faster than a Shared hosting server.  In my personal experience with testing VPS hosting I purchased the lowest Tier VPS host server and out of the box it was bare bones and not already performance optimized.  The VPS server required a fair amount of work to get it to perform well, but in the end it never performed as well as my Shared hosting server on the same web host.  So since I was paying 4 times as much for a VPS server that did not perform as well as my Shared hosting server I obviously decided to cancel that VPS host server/hosting.

So it may just be that your Dedicated server is a low Tier deal that needs to be bumped up to a higher Tier or maybe it needs a Load Balancer so that it performs better.  What is odd to me is how with pretty much all Dedicated and VPS hosting is that how things in BPS Pro that cause insignificant resource usage cause performance spikes on Dedicated and VPS host servers.  Either the tools/utilities that measures performance ticks is inaccurate or in order for a Dedicated or VPS host server to perform as well as a Shared hosting server it would need to be a top Tier server package with a comparable Shared host server Load Balancer and/or other server optimizations, etc.

[AITpro Admin]

Also blocking HEAD Requests is a personal choice.  So if for some reason your host server cannot handle that then do not block HEAD Requests.

1. Copy the REQUEST METHODS FILTERED .htaccess code below to the BPS Root Custom Code text box:  9. CUSTOM CODE REQUEST METHODS FILTERED
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

[Living Miracles]

Thank you for all that information and context, including your mention that “blocking HEAD Requests is a personal choice.” It is much appreciated.

In this case, since not blocking HEAD Requests doesn’t seem to be a security concern from what you’re saying, we’ve decided to try out that custom code to stop the blocking of HEAD Requests on a couple of our sites. So we’ll see how that goes for us, at least with decreasing the amount of “security-log.zip” files we’re getting in our email inbox.

Thank you,
Living Miracles

[AITpro Admin]

Cool. Yeah you can also choose not to have zip files emailed to you on the BPS Pro S-Monitor page. All of these things are extraneous options that are included in BPS Pro to offer every possible preference to users. The majority of primary security features in BPS Pro are automated and then there are some things that may require manual preference adjustment. BPS Pro is designed specifically for performance and limited resource usage to work in every possible environment. In general, anything I do/create is performance optimized because doing things any other way is frankly not smart. 😉

On a personal note, some products that I buy are following the new “code”, which is full automation, but on the other hand some things that I buy require figuring out some cryptic dev stuff or other mysterious product things that are not obvious even to seasoned technical peeps. BPS Pro is drop dead simple to install and use. It took me years to make that happen and still working to make BPS Pro even simpler all the time brother and that is the magic of the magic of code. LOL

[Living Miracles]

Our tests of using this custom code on a couple of sites went well, so we decided to implement this across the board to all our other WordPress sites. It has now been several days and it has indeed dramatically reduced the amount of “security-log.zip” files we’re getting in our email inbox. So thank you again for mentioning that!

Well, we appreciate and are thankful for everything you’ve done and continue to do with this outstanding security plugin, brother. 🙏🏼

[AITpro Admin]

Great! Glad to hear that is working out.

Also wanted to mention a couple of other methods that I use personally for dealing with Log file emails.  I use Microsoft Outlook for my computer email app, created a Outlook Personal folder for Log file emails called Log Files and then created an incoming email rule to send all Log file emails to that folder.  Basically I am just storing/saving them without having to see those Log file emails in my Inbox.  Occasionally I go through those Log files to see what hackers and spammers are up to, which is not really necessary for anyone else to do.

[Living Miracles]

Thanks for passing that along. We actually have something very similar to that set up in the email service that we use as well. We would also occasionally check that folder on our end and we just thought that if we didn’t need to receive so many of these files from all of our sites (due to lots of HEAD requests getting blocked), then ideally we wouldn’t. So thanks again for helping us solve that situation for now!

[Author]

Posts