Hi Guys,

Right now I have 96 guests on my site even though the average is usually well under 20. When checking the 'Users on-line' it appears dozens of them are viewing the same page even though the privileges for that page are unchecked for guests.

Is there an issue with page privileges?

I have recently had to firewall block all AWS IP addresses from Asia as these too were hammering my site (page performance increased by 5 fold once I'd done it) so I'm clearly in the limelight.

I need to get on top of this issue in a more organised way as the current guests are all single IP addresses from legitimate providers. Can anybody offer any solutions for this problem?

Your feedback would be very much appreciated.

TQ


 

Hi, I'm not sure if the Permissions Tree Editor would help here, but maybe worth a try.

To edit permissions in Composr you can either use:

• The Permissions Tree Editor
• Disparate configuration (described in sections below)

The Permissions Tree Editor allows you to see and set permissions for all site structure and content from a single user-friendly interface. It is designed to allow quick setting of permissions without having to trawl through a different screen for everything being worked with. Access the Permissions Tree Editor from: Admin Zone > Security > Permissions Tree Editor

Another feature of the Permissions Tree Editor is the ability to make batch selections and apply permissions to everything selected. You can do this in the conventional way using the Ctrl/Shift keys (Option/Shift keys on a mac).

Composr Tutorial: Access control and privileges – Composr

Thanks for the prompt reply Adam.

The page in question has a red dot in the 'Permissions tree editor' for Guests so, if everything is working correctly, they may be receiving an error but the 'users on-line' list still displays the page title (not the page name).

I don't much mind if that particular page is being read, I'm more concerned about the volume of traffic and the underlying reason why so many IP addresses are simultaneously probing the site. The fact that it's that page is just the giveaway.

I would consider running it as a members only site (must be logged in to see anything) if guests could sign-up and my preferred search engine bots could still scrape the site, if that's even possible.

Thanks again.

TQ


 

No worries, I check the forums almost daily and try to help (as a non-dev). Seems strange to me that guests would be hammering a page they cannot "see", perhaps they are undetected bots?

I imagine bots can still visit the sitemap.xml on a Members only website. You could try experimenting with adding a robots.txt in the root of your install and see if that helps? Not all bots respect it but the main ones do.

What Is A Robots.txt File? Best Practices For Robot.txt Syntax

Robots.txt is a text file webmasters create to instruct robots (typically search engine robots) how to crawl & index pages on their website. The robots.txt file is part of the robots exclusion protocol (REP), a group of web standards that regulate how robots crawl the web, access and index content,…

View

I already have a working robots.txt which they are not respecting but it's more likely someone trying to break the site which is not uncommon.

Thanks again

TQ

Botnets are a PITA. First thing I would do is look at the raw access logs and see if there is some obvious pattern to them. Often they have some kind of user-agent that is easy to identify and block.
Primarily block at the webserver level (e.g. htaccess), as any hit to Composr will use some level of resources.
Getting the static cache working for guest users is also a good approach as it significantly reduces the computational cost of common guest hits to common URLs.

I'm having the same issue, all seem to come from overseas addresses. I was forced to put Cloudflare in "Under attack" mode to resolve the issue.