https://trac.crin.org/trac/ticket/94 <p> Ticket to working out what to do with this issue... </p> en-us https://trac.crin.org/trac/chrome/site/logo.gif https://trac.crin.org/trac/ticket/94 Trac 1.0.2 chris Thu, 15 Dec 2016 19:28:13 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>memory-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:28:25 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>load-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:28:36 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>cpu-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:29:10 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>multips_memory-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:29:21 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>multips-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:29:33 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>phpfpm_status-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:29:45 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>phpfpm_memory-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:30:13 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>phpfpm_memory-day.2.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:30:54 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>nginx_status-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:31:42 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>http_loadtime-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:31:57 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>fw_packets-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:32:09 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>if_eth0-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:32:23 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>fw_conntrack-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:32:36 GMT https://trac.crin.org/trac/ticket/94 https://trac.crin.org/trac/ticket/94 <ul> <li><strong>attachment</strong> set to <em>memcached_rates-day.png</em> </li> </ul> Ticket chris Thu, 15 Dec 2016 19:45:01 GMT https://trac.crin.org/trac/ticket/94#comment:1 https://trac.crin.org/trac/ticket/94#comment:1 <ul> <li><strong>hours</strong> changed from <em>0</em> to <em>0.5</em> </li> <li><strong>totalhours</strong> set to <em>0.5</em> </li> </ul> <p> The PHP server, <a class="wiki" href="https://trac.crin.org/trac/wiki/Crin2">Crin2</a> is really suffering: </p> <pre class="wiki">top - 19:23:57 up 228 days, 6 min, 2 users, load average: 7.24, 8.24, 8.42 Tasks: 181 total, 11 running, 170 sleeping, 0 stopped, 0 zombie %Cpu(s): 7.3 us, 0.2 sy, 0.0 ni, 92.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem: 8195036 total, 7548024 used, 647012 free, 48340 buffers KiB Swap: 5468156 total, 139116 used, 5329040 free. 1132416 cached Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 28407 www-data 20 0 622320 260800 43776 R 100.0 3.2 26:28.39 php5-fpm 28965 www-data 20 0 781076 422372 46692 R 100.0 5.2 25:13.99 php5-fpm 28408 www-data 20 0 503676 145892 46688 R 95.7 1.8 25:59.46 php5-fpm 28411 www-data 20 0 506228 145824 43980 R 95.7 1.8 25:10.23 php5-fpm 28415 www-data 20 0 528292 173916 52080 R 95.7 2.1 24:48.56 php5-fpm 28975 www-data 20 0 497376 135620 42848 R 95.7 1.7 24:58.28 php5-fpm 28976 www-data 20 0 644020 282436 43636 R 95.7 3.4 25:07.01 php5-fpm 28405 www-data 20 0 614152 253392 43880 R 89.3 3.1 26:19.49 php5-fpm 28966 www-data 20 0 470168 108520 42912 R 89.3 1.3 23:57.28 php5-fpm 28974 www-data 20 0 631000 270404 43256 R 89.3 3.3 24:34.78 php5-fpm ... </pre><p> Some graphs of the ongoing high load: </p> <p> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/memory-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/memory-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/load-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/load-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/cpu-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/cpu-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/multips_memory-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/multips_memory-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/multips-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/multips-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/phpfpm_status-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/phpfpm_status-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/phpfpm_memory-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/phpfpm_memory-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/nginx_status-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/nginx_status-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/http_loadtime-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/http_loadtime-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/fw_packets-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/fw_packets-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/if_eth0-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/if_eth0-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/fw_conntrack-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/fw_conntrack-day.png" /></a> <a style="padding:0; border:none" href="https://trac.crin.org/trac/attachment/ticket/94/memcached_rates-day.png"><img src="https://trac.crin.org/trac/raw-attachment/ticket/94/memcached_rates-day.png" /></a> </p> <p> And the bot responsible: </p> <pre class="wiki">Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html) </pre><p> The number of requests: </p> <pre class="wiki">grep "SemrushBot/" /var/log/nginx/crin.org.ssl_access.log | wc -l 15866 </pre><p> And an example request: </p> <pre class="wiki">46.229.168.66 - - [15/Dec/2016:19:36:41 +0000] "GET /en/library/custom-search-legal?f%5B0%5D=field_date%3Avalue%3A%5B2008-01-01T00%3A00%3A00Z%20TO%202009-01-01T00%3A00%3A00Z%5D&amp;f%5B1%5D=field_date%3Avalue%3A%5B2006-01-01T00%3A00%3A00Z%20TO%202007-01-01T00%3A00%3A00Z%5D&amp;qt-countr-tabs=3 HTTP/1.1" 200 19601 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)" </pre><p> So we could simply block this bot, or rate limit it, notes that the reason it is generating a high load is because it is requesting searches. </p> <p> At the moment we have this in <tt>/etc/nginx/nginx.conf</tt>: </p> <pre class="wiki">limit_req_zone $binary_remote_addr zone=one:10m rate=6r/s; </pre><p> And I can't see a simple way right now to add a lower rate for one IP address so using the ip tables script to block it: </p> <pre class="wiki">ipdrop 46.229.168.66 </pre><p> And I'll check back later to see the results... </p> Ticket chris Thu, 15 Dec 2016 19:46:32 GMT https://trac.crin.org/trac/ticket/94#comment:2 https://trac.crin.org/trac/ticket/94#comment:2 <p> It is using more than one IP: </p> <pre class="wiki">46.229.168.71 - - [15/Dec/2016:19:45:46 +0000] "GET /en/library/custom-search-legal?f%5B0%5D=field_date%3Avalue%3A%5B2013-01-01T00%3A00%3A00Z%20TO%202014-01-01T00%3A00%3A00Z%5D&amp;f%5B1%5D=field_date%3Avalue%3A%5B1997-01-01T00%3A00%3A00Z%20TO%201998-01-01T00%3A00%3A00Z%5D&amp;field_country=All&amp;field_country_1=All&amp;field_crc=All&amp;field_instruments=All&amp;field_monitoring_body=All&amp;field_scope=All&amp;field_themes=All&amp;promo=1&amp;search_api_language=current HTTP/1.1" 499 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)" </pre><p> So: </p> <pre class="wiki">ipdrop 46.229.168.71 </pre> Ticket chris Thu, 15 Dec 2016 19:48:49 GMT https://trac.crin.org/trac/ticket/94#comment:3 https://trac.crin.org/trac/ticket/94#comment:3 <p> And a few more: </p> <pre class="wiki">ipdrop 46.229.168.67 ipdrop 46.229.168.72 ipdrop 46.229.168.73 ipdrop 46.229.168.69 ipdrop 46.229.168.70 ipdrop 46.229.168.74 ipdrop 46.229.168.65 ipdrop 46.229.168.68 </pre> Ticket