Total Posts:
94
Karma:
558
Joined:
3/13/2015
Location:
Belgium
Hello guys, Today I tried to visit my site and found it offline. I quickly checked my error pages and saw that my database (1 GB allocated) was full. First thing I did was expand the allocated DB size in Smarterasp to 2GB. I came back to check on the database size literally 5 minutes later and found it grew 40mb in size! I checked the tables and saw tremendous amounts of guest users. Up to 10 guest users created every second for the past few days. In the error logs I see the follwing: Error sending e-mail. Failure sending mail. This also up to 10 times every second. Am I right to assume I'm under attack? What to do? Kind regards, Jef
Total Posts:
145
Karma:
810
Joined:
11/8/2011
Location:
United States
Same problem here, I just posted about it. Also smarterasp. Kenny
Total Posts:
94
Karma:
558
Joined:
3/13/2015
Location:
Belgium
I looked into my database. The following tables are using the most space: Customer 116541 rows Customer_Customer 116551 rows GenericAttribute 118918 rows Log 240255 rows Deleting my guest users for the current day and clearing the log, decreased the database size to 500 Mb which is normal. Kind regards, Jef
MVP
Gold Solution Partner
Certified Developer
Total Posts:
2129
Karma:
22131
Joined:
7/23/2009
Location:
India
Hi Jef, Thank you for sharing these details. Keep monitoring to understand the issue. And I guess, you already enabled the scheduled task to delete guest customers. You should also check traffic from google analytics to see if these are real users or crawlers or something else! Regards, Krunal
Total Posts:
94
Karma:
558
Joined:
3/13/2015
Location:
Belgium
Hello, I can't find any anomalies in Google Analytics. I also receive 503 frequently when trying to do something like opening an article.
Total Posts:
94
Karma:
558
Joined:
3/13/2015
Location:
Belgium
Hello, I checked the IIS Raw logs on SmarterASP. Good call. I see a bunch of this: 2017-10-02 23:57:30 POST /productemailafriend/2816 - 114.103.92.19 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 1918 2017-10-02 23:57:30 POST /productemailafriend/2816 - 49.81.50.225 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 2720 2017-10-02 23:57:30 POST /productemailafriend/2816 - 103.240.182.49 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 1869 2017-10-02 23:57:30 POST /productemailafriend/2816 - 114.235.153.158 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 2469 2017-10-02 23:57:30 POST /productemailafriend/2816 - 183.160.73.42 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 1868 2017-10-02 23:57:30 POST /productemailafriend/2816 - 114.235.153.13 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 1921 2017-10-02 23:57:30 POST /productemailafriend/2816 - 114.234.144.118 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:54.0)+Gecko/20100101+Firefox/54.0 https://www.brickhunters.be/be/productemailafriend/2816 200 29572 1956 This is a ridiculous amount.
MVP
Gold Solution Partner
Certified Developer
Total Posts:
2129
Karma:
22131
Joined:
7/23/2009
Location:
India
Seems like an automated requests from multiple IPs. Do you allow email a friend for guest users?
Total Posts:
94
Karma:
558
Joined:
3/13/2015
Location:
Belgium
I guess so. Do you think disabling it would help any further? If so, how can I do that?