High Server Load. Site shut down by Host

Store Builder Questions
1

Hi,



We have latest version of cs cart installed and it was running fine on shared hosting for about a month. Then we got an email from the host stating that our site was using up to 75% of cpu on server.



Here are the stats provide by the host:



Looks like /index.php?dispatch=visitor.update&check_invitation=Y is causing the main problem.



Any idea what would cause this or how to fix it?



I checked the top two ip addresses and they are from one of our admin users who is just using the cs cart admin.



From Host:

===================================================================



I reviewed the logs and here are the top 10 users when the account was suspended:

Top 10 requesting IP Addresses based on count:

COUNT: 12543 / 48.94% IP: 97.112.182.207 HOST: 97-112-182-207.clsp.qwest.net

COUNT: 6284 / 24.52% IP: 67.165.253.153 HOST: c-67-165-253-153.hsd1.co.comcast.net

COUNT: 4982 / 19.44% IP: 71.223.110.156 HOST: 71-223-110-156.phnx.qwest.net

COUNT: 1482 / 05.78% IP: 24.146.189.230 HOST: ool-1892bde6.dyn.optonline.net

COUNT: 85 / 00.33% IP: 220.254.244.15 HOST: f-usr244015.janis.or.jp

COUNT: 83 / 00.32% IP: 75.149.81.117 HOST: 75-149-81-117-Illinois.hfc.comcastbusiness.net

COUNT: 15 / 00.06% IP: 150.70.75.162 HOST: wtp-g4-maya8.sjdc

COUNT: 10 / 00.04% IP: 66.249.73.141 HOST: crawl-66-249-73-141.googlebot.com

COUNT: 7 / 00.03% IP: 37.140.141.17 HOST: img-spider-37-140-141-17.yandex.com

COUNT: 7 / 00.03% IP: 180.73.94.249 HOST: Unknown Host



As you can see, the top 4 users make up 98.68% of your website traffic. This almost lines up with the number one request string:

Top 10 Request Strings:

Count: 25052 / 97.74% Request: GET /index.php?dispatch=visitor.update&check_invitation=Y

Count: 67 / 00.26% Request: GET /

Count: 26 / 00.10% Request: POST /index.php?dispatch=statistics.collect

Count: 25 / 00.10% Request: GET /index.php?dispatch=visitor.update&visitor_environment%5Btitle%5D=anonymous&visitor_environment%5Bhref%5D=mf+href&visitor_environment%5Bbrowser%5D=mf+browser&visitor_environment%5Bos%5D=mf+os&visitor_environment%5Breferer%5D=mf+referer&first=Y&check_invitation=Y

Count: 14 / 00.05% Request: GET /robots.txt

Count: 6 / 00.02% Request: GET /index.php?check_invitation=Y&dispatch=visitor.update

Count: 5 / 00.02% Request: GET /1010Chinking.html

Count: 5 / 00.02% Request: GET /uv-guard-5-gallon.html

Count: 5 / 00.02% Request: GET /addons/live_help/js/visitor.js

Count: 5 / 00.02% Request: GET /lib/js/jcarousel/jquery.jcarousel.js

2

Uninstall statistics.

3

I don't know of any addon or controller called 'visitors'. Suggest you contact whomever you got it from.

4

Thanks for the responses. I uninstalled statistics. So far, that seems to work. Host said the site settled down. We have a pretty standard installation with only add ons that came with cart.

5

i have the same problem, CPU utilization is 100% Apache processes and databases.



GET /index.php?dispatch=visitor.update&check_invitation=Y HTTP/1.1"



Statistic module uninstall, but still the same trouble.



Please help anybody

Sorry for my english, i'm from Ukraine.



site address 4club.com.ua

6

very much it began to appear after upgrade to 2,2,5 version

7

I know of no controller named 'visitor'. So if you have a dispatch to 'visitor' either someone has installed an addon of that name or your've been hacked and it's been installed behind your back. Do you have a 'visitor' directory in your addons folde or your controllers/customer or controllers/common directories?

8

It could be the cart logging.? Disable those as well and check.

9

[quote name='tbirnseth' timestamp='1349978663' post='146871']

I know of no controller named 'visitor'. So if you have a dispatch to 'visitor' either someone has installed an addon of that name or your've been hacked and it's been installed behind your back. Do you have a 'visitor' directory in your addons folde or your controllers/customer or controllers/common directories?

[/quote]



no, I checked, this addon is not in this folder, and other ways

[quote name='The Tool' timestamp='1349979403' post='146873']

It could be the cart logging.? Disable those as well and check.

[/quote]



Sorry, but i don't understand you.

10

if it is worth upgrading to 3,0,3?

I saw that you can do it through the admin panel of the site. Important for me to move all the information, including users, news, products with pictures (about 40,000), purchase orders, your delivery and payment, currency and other settings.

If not then I set up all over again so leave plenty of time.

11

Someone is accessing your site with that dispatch request which is invalid. This will generally (if the controller is not found) return them to the home page. So someone is hammering you with an invalid request. Get your host's assistance to identify the IP address associated with the request and block it.

12

More than likely McAfee's hacker safe retarded scanner doing that, currently having an identical issue with a client and can't block it.

13

Jessie, why would they hammer the server with an invalid URL? Or is it that they expect to see a 404?



One could argue that an invalid controller should indeed return a 404 Usually an invalid mode will.

14

Thanks for this post. We also have a site on a shared GoDaddy server. We were getting 'Server reset' errors about every 5 clicks. The Apache logs showed the store processes were taking up a gig of memory. Turning off the statistics add-on solved the problem.