Portal Home > Knowledgebase > Articles Database > fed up with hostgator security. expecting help from here
fed up with hostgator security. expecting help from here
| Posted by kaleelkr, 03-16-2016, 11:33 AM |
| Hello people.
I am a Php programmer. working for news portal website. Our website was a shared hosting in Go-daddy. I told MD to change shared hosting to dedicated server for best performance of website. And MD accepted my suggestion and told me to choose best hosting service provider. after many googling unfortunately i choose hostgator dedicated server and payed for six month !!!
It was working fine till yesterday and we only have 50-60 live visitor at a time and it was working. But yesterday we breaked an Exclusive story that news spread all over media and news paper with our site name in India. people started visit our website not much 400-500 and our website gone.. completely hang.
MD told me to take full responsibility and make it solve as soon as possible. bcz i choose the server. I contacted Hostgator ( live chat / on phone every where ) they are telling we got huge visit that is the problem !!! even 500 people live can't handle by their dedicated server.
every time i called them they asking to submit ticket and wait for hours bcz their server team only available through ticket. after submiting ticket they says we getting too much span attck on server use to CDN like Cloudeflare. i did everything they told. site is live now ... but many time getting down from our office and many other place.
I don't want to use cloudeflare and can't say BOSS that we need to change server provider BCZ already paid huge amount. Any chance to resolve my issue.
please help me on this issue how to protect my site without CDN ?
This is end of my credibility and my life.. i am fully out of confidant now. any one please help
sorry for my bad english. am here with my WHM any thing else you need from me i can provide
this is how some time our DEDICATE SITE Showing ..
Last edited by anon-e-mouse; 03-16-2016 at 04:28 PM.
Reason: removed attachment
|
| Posted by FIAHOST, 03-16-2016, 11:40 AM |
| You don't need a CDN or a massive server for 500 visitors a day or even an hour. Even my sandbox server can handle 10x more visitors without any issues (a small dedi 1 HD, 2 Gb RAM and a Celeron CPU)
Do you have a dedi or a VPS?
Typically, the VPS can crumble quickly under the load especially if the host is overselling the ressources (very usual).
Now with a dedicated, you get slower and slower as the number of visitors increases (pages take longer to load) but doesn't crash unless you get REALLY a lot of visitors (thousands per hour)
EDIT:
I am re-reading your post again. Are you talking about 500 simultaneous visitors? What are the specs of your server?
|
| Posted by kaleelkr, 03-16-2016, 11:45 AM |
| I have 300 visitors online everytime on analytics .. daily 20k traffic
|
| Posted by kaleelkr, 03-16-2016, 11:47 AM |
| Elite
Intel E3-1265v3
2.50 GHz Quad Core w/HT
22 GB RAM
2000 GB HDD in RAID 1
2 TB Transfer
2 Free IPs
Location : INDIA
server spec
|
| Posted by kaleelkr, 03-16-2016, 11:58 AM |
| attaching my cloudflare analytics status
|
| Posted by aniga17, 03-16-2016, 12:12 PM |
| Hello Would you please clarify exact attack you are experiencing?
What kind of panel you are using?
Is there any firewall installed on the server?
|
| Posted by aniga17, 03-16-2016, 12:15 PM |
| Are you using xmlrpc.php file if not please add this code to your main htaccess
RedirectMatch 301 ^/xmlrpc.php http://www.anydomainyouwant.com?
This code will redirect any traffic to XML RPC
hope it helps
|
| Posted by kaleelkr, 03-16-2016, 12:31 PM |
| yes. server support says fireall installed on all server
normal cPanel.
|
| Posted by aniga17, 03-16-2016, 12:44 PM |
| Would you please add this code to your main htaccess RedirectMatch 301 ^/xmlrpc.php http://www.anydomainyouwant.com?
|
| Posted by kaleelkr, 03-16-2016, 12:52 PM |
| done ..is this correct format ?
check attachment pls
|
| Posted by aniga17, 03-16-2016, 01:38 PM |
| Yes it is now login into Cpanel and check left side of Cpanel if there is High CPU usage something like that
|
| Posted by kaleelkr, 03-16-2016, 01:48 PM |
| now there is no high CPU use but yesterday index.php show 60%
|
| Posted by ceibanet, 03-16-2016, 02:06 PM |
| doesn't really seem like your server should have any problem with handling 500 concurrent visitors. A small vps can handle that, your server seems powerful enough, the htaccess looks to be good as well. I really can't be sure what's happening, you can try checking your whm for all the processes running, and see what is causing the highest spike. You will be able to narrow where it is coming from like that
|
| Posted by FIAHOST, 03-16-2016, 07:27 PM |
| You can login as root and drop the results of these commands:
uptime
ps -faxu
netstat -npe
|
| Posted by brianoz, 03-16-2016, 07:33 PM |
| With 500 simultaneous users, you probably shouldn't be running cPanel - you should probably be running either custom LAMP or LEMP (nginx/percona mysql or mariadb).
|
| Posted by ryus, 03-16-2016, 08:39 PM |
| What errors are you getting when the site goes down? Did you check server logs? Can be optimization issues with Apache/mysql.
|
| Posted by kaleelkr, 03-17-2016, 12:13 AM |
| The problem is site getting to me. but our editors and reporters spread all over India. everyone calling me with 1 hour gap says site is down server could not found. but everything else getting. after some time it works again for them. it is happening everytime. don't know what was the issue. may be this happening to our visitors too
|
| Posted by Layer03, 03-17-2016, 12:18 AM |
| Which firewall are you running csf?
|
| Posted by kaleelkr, 03-17-2016, 01:34 AM |
| Mar 17 05:11:09 ns1 lfd[29202]: Incoming IP 112.133.248.109 temporary block removed
Mar 17 05:11:09 ns1 lfd[29202]: Outgoing IP 112.133.248.109 temporary block removed
Mar 17 05:15:40 ns1 lfd[29791]: (CT) IP 112.133.248.109 (IN/India/-) found to have 35 connections - *Blocked in csf* for 1800 secs [CT_LIMIT]
this is how firewall log showing . this is our office ip
|
| Posted by HostWithLove_Cody, 03-17-2016, 03:09 AM |
| Go to WHM >> Plugins >> ConfigServer Security & Firewall >> Firewall Configuration >> CTRL+F and find "CT_LIMIT".
Change the value from 35 to something like 100.
|
| Posted by NortheBridge, 03-17-2016, 03:11 AM |
| Well, if that is your office's IP have you considered whitelisting it in the firewall? Or at the very least, increase the maximum simultaneous connections allowed by CSF. The default settings are extremely low for virtually anything other than a small blog with no visitors.
Frankly, at that level of visitors, you should be using a hardware firewall (or even pfSense Virtual Appliance) which is far easier to administrate at scale.
|
| Posted by kaleelkr, 03-17-2016, 11:16 AM |
| doNE ! it's working fine now. Thanks
now visitors not much and server is running fine. am afraid if again we gotn huge visitors it will happend again ? how to check that My server can hold huge traffic or not ? is there any way .. pls checkout their replay
I don't want to face situation that i got before. because host gator taking time to response their ticket. i can't let site down until they respond . bcz it's live news portal
|
| Posted by HostWithLove_Cody, 03-17-2016, 11:34 AM |
| If your editors/reporters in India are saying they can't access the server, first of all I assume they are using the same internet connection? If so, based on the CSF log you provided earlier, it is clear they were establishing too many connections to your server from the same IP Address within a given duration and CSF is blocking their IP Address for security precautions.
Raising it from 35 to 100 should help tremendously, however a permanent solution should be to whitelist their office IP Address. You should get in touch with any staff from their office and ask them to use something like www.whatismyip.com and provide that information to you. Then you can whitelist it through CSF (WHM >> Plugins >> ConfigServer Security & Firewall >> Add the IP Address under "Quick Allow".
The other issue you mentioned about too many servers visitors loading your website at once, causing your server to "hang". Hard to tell without further information or reviewing the server logs, but I think it could be due to excess resource usage. I believe you may see better performance if you configure your Apache settings a little, or consider installing something like LiteSpeed which should improve performance dramatically. However LiteSpeed requires a license and you will need to pay extra per month.
I wanted to mention asking HostGator to optimize Apache for you but given their quality of support I feel that may be risky. I would recommend keeping CloudFlare enabled in the meanwhile so as to reduce direct requests and this will alleviate some server load. And once it comes to the end of your tenure with HostGator, you can consider looking for a better managed provider that you can entrust to optimize/manage the server properly for you.
|
Add to Favourites 
Print this Article
Also Read
