I was looking my apache logs and I find out this.
Log Line: 192.168.1.2 - - [30/Nov/2016:15:46:52 +0100] "GET http://www.Mywebsite.... HTTP/1.1" 200 5539 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
This happen a few times with that IP, but i cannot understand how is bingbot executing from that IP.
Thanks in advance
I have joomla 3 on my host . i have also installed RSfirewall and have captcha on all my forms. It seems someone is unsing a distructive robot to use all my resources and my monthly bandwidth limit.
Is there a way or joomla plugin that restirct specify service to each ip in a period of time? for example 20 request in 5 mintues? This is part of my raw access log:
185.165.40.80 - - [12/Nov/2016:13:46:30 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:46:30 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:46:56 +0330] "GET /index.php/information/bulletin-board/item/376-aghaze-tabtename-doreye-ghayeghrani HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:13:49:50 +0330] "GET /?format=feed&type=rss HTTP/1.0" 500 7309 "-" "Feedly/1.0 (+http://www.feedly.com/fetcher.html; like FeedFetcher-Google)"
185.165.40.80 - - [12/Nov/2016:13:50:16 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A456 Safari/602.1"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:40 +0330] "GET /information/bulletin-board?switch_modes=2 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:51:35 +0330] "GET /information/bulletin-board/item/359-happy-new-year-from-dr-fotuhi HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:51:53 +0330] "GET /events/sport-events/item/385-docharkhe-savari-chitgar-12-ordibehesht94 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:52:47 +0330] "GET /information/news/item/288-dore4 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:52:51 +0330] "GET /index.php/information/item/504-2015-08-16-07-06-53?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:55:45 +0330] "GET /information/bulletin-board/item/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94 HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:55:45 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://www.alumsharif.org/information/bulletin-board/item/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:56:40 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:56:40 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:00 +0330] "GET /information/news/item/747-shahram-nazero-concert?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:57:07 +0330] "GET / HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:08 +0330] "GET / HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:08 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:09 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:10 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:59:49 +0330] "GET /information/advertisement/itemlist/category/24-documents-and-resources?format=feed&type=rss HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:59:49 +0330] "GET /information/job-opportunities/item/688-takhfifan-co-job-ads?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:14:01:09 +0330] "GET /administrator/index.php?option=com_rsfirewall&view=logs HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-120x120-precomposed.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-120x120.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-precomposed.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:12 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:44 +0330] "GET /component/jcomments/feed/com_k2/363 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:14:02:22 +0330] "GET /information/bulletin-board/item/376-aghaze-tabtename-doreye-ghayeghrani/376-aghaze-tabtename-doreye-ghayeghrani HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:14:03:44 +0330] "GET /information/job-opportunities/item/694-tejarat-electronic-iranian-co-job-ad HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:14:04:13 +0330] "GET /information/graduates-and-media/item/100-farzad-vahid-speech-about-rousseau/100-farzad-vahid-speech-about-rousseau HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
.
I personally do not think that blocking access to joomla should happen via a joomla module. Via this way the access already happen. So I personally block access directly on the server rather then in the application. Back in time I had a customer who had issues with HTTP spiders who only downloaded some content from his website in order to re-use the content on there own. We ended up using .htaccess files as written here or here. If that isnĀ“t an option for you, you might wish to implement some kind of QoS (e.g. MOD QoS for Apache). You can also try to optimize your joomla instance (e.g. compress HTML code & pictures) so that there will be less files transfered. For Joomla there are multiple plugins which can do a HTML (inc. CSS) compression. For Images you could run a check against Google Pagespeed and then compress the images which are announced there. Many images on websites can be compressed without that the user really see an difference (see an example here).
Im not sure that this is an answer that you can use, but we were faced with the same problem, so with RSFirewall, we engaged the GeoIP blocking feature, and well, blocked all the countries that we KNEW we weren't doing business with.
Two things happened:
The vast majority of the bad traffic was blocked by RSFirewall, and
With logging of those blocks turned on, we were able to use the logging database to find the repeat offenders and use THAT information to block them in .htaccess.
It was a gradual process, watching logs, and gradually easing back on what was automatically blocked, but there is no silver bullet for these guys unfortuately.
Another possibility, which I've bookmarked, but haven't tried yet, is a PHP class that is being actively developed called Web App Firewall. I can't recommend it, as I haven't tried it, but it might give you some ideas about how you could identify and block certain traffic by implementing it into a Joomla system plugin.
All above advises were true and helped me i also programmed a custom PHP code that runs whenever index.php is requested and then I blocked access by hotlink(Direct access) It helped me a lot but still didn't completely solve the problem.
Recently I found the best solution... I started to use a website called CloudFlare.. it works a proxy between my site and user... it completely controls requests and activities and also improves site speed and reduce bandwidth used significantly by caching. it also provides free SSH and tons of feature. after I started using it everything is safe and site is working faster and without any problem...I wanted to advise u guys to use this great service
www.cloudflare.com
My VPS shutdown because the HDD is filling up and I realized that the microcache.log file is becoming 12GB after I delete it. The content of microcache.log file is:
23.88.110.68 - - [12/Jun/2014:16:09:45 -0400] "GET http://ib.adnxs.com/ttj?id=2168123&position=below HTTP/1.0" 502 166 "battercar.com/?p=436" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2" nocache:
173.208.213.94 - - [12/Jun/2014:16:09:45 -0400] "GET ib.adnxs.com/tt?id=2962937 HTTP/1.0" 502 568 "http://www.existeducation.com/tag/tap/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0" nocache:
(continues thousans of lines...)
How can I repair my VPS? I got tired to delete this file everyday.
VPS : Centos 6 with nginx
Large LOG files should be deleted http://wikitechsolutions.com/2761/microcache-log-file-exceeds-my-vps-hdd
After downloading & installing sonar (v3.6.2) I am getting the below error when running the analysis through maven (sonar:sonar)
[ERROR] Failed to execute goal org.codehaus.sonar:sonar-maven-plugin:2.3.1:sonar (default- cli) on project bf-CompositeStub: Execution default-cli of goal org.codehaus.sonar:sonar- maven-plugin:2.3.1:sonar failed: PicoLifecycleException: method 'public void org.sonar.jpa.session.AbstractDatabaseConnector.start()', instance 'org.sonar.jpa.session.DriverDatabaseConnector#134c5ff, java.lang.RuntimeException: wrapper: Cannot open connection to database: SQL driver not found org.h2.Driver -> [Help 1]
The access logs show that the problem is a 404 is being thrown when the jdbc drivers are requested.
I get the same error when directly trying to get the drivers through a remote browser (10.30.32.136:9000/deploy/jdbc-driver.jar)
or on the same box as the web server (curl localhost:9000/deploy/jdbc-driver.jar)
However I am able to browse the sonar site from a remote browser.
Here are the jetty access logs.
10.30.32.29 - - [30/Jul/2013:08:44:16 +0000] "GET / HTTP/1.1" 200 3323 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:44:21 +0000] "GET /dependencies/index HTTP/1.1" 200 2159 "http://10.30.32.136:9000/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:44:23 +0000] "GET /comparison/index HTTP/1.1" 200 4356 "http://10.30.32.136:9000/dependencies/index" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:44:24 +0000] "GET /dashboard/?did=5 HTTP/1.1" 200 3336 "http://10.30.32.136:9000/comparison/index" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:08:45:12 +0000] "GET /deploy/jdbc-driver.jar HTTP/1.1" 404 1034 "-" "Java/1.6.0_29"
10.30.32.29 - - [30/Jul/2013:09:30:07 +0000] "GET / HTTP/1.1" 200 3323 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:09:30:11 +0000] "GET /deploy/jdbc-driver.jar HTTP/1.1" 404 1034 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
10.30.32.29 - - [30/Jul/2013:09:30:11 +0000] "GET /favicon.ico HTTP/1.1" 404 1034 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36"
127.0.0.1 - - [30/Jul/2013:09:31:25 +0000] "GET /deploy/jdbc-driver.jar HTTP/1.1" 404 1034 "-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
I have tried changing the context root & using a mysql instance by changing properties in the sonar.properties file and reinstalling sonar completely but get the same issue each time.
See:
Here are images are downloaded good:
https://polishwords.com.pl/dev/testAbort2.php
And here:
https://polishwords.com.pl/dev/testAbort.php
I get them in Firefox with HTTPS and randomly one of them is Aborted and does not display correctly.
In logs on server it looks like this:
[22/Mar/2013:23:29:11 +0100] "GET /images/mukonczeniestudiow.jpg HTTP/1.1" 200 6705 "-" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"
And when the file is loaded ok:
[22/Mar/2013:23:30:41 +0100] "GET /images/mukonczeniestudiow.jpg HTTP/1.1" 200 6907 "https://polishwords.com.pl/dev/testAbort.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"
What can be the cause of this problem?
In Chrome and in Opera it seems to work fine. I have latest Firefox.
It was something on server blocking several queries