Results 1 to 8 of 8
  1. #1

    2mhost.com - Web Stress Testing to use up bandwidth quota?

    I was just curious as to whether anyone has ever came across a situation where your monthly bandwidth/transfer quota is being consumed at an exponential rate without any increase of traffic to the site?


    My current situation is this.

    I have an account 2mhost and a monthly bandwidth transfer quota of 100,000 MB. For the past few months it's been steadily growing. When I first transfered the site to this host their cheapest package quota wasnt sufficient and I ended up with a bandwidth overage error page on my site, so I had to upgrade. In doing so I've always ended the month just shy of 80% total quota.

    My problem is that it's only the 17th, and a few days ago i was at about 32%, now im at 51% with no increase of pageviews. Looking into awestats shows the alexandria2.2mhost.com using 30 gigs!! I questioned the tech support via live chat and they said it was wordpress accessing the images. So I downloaded the raw access logs and noticed that Every few seconds the server ip would make a request to a dozen or so images, each image being requested 3 times.

    here's a portion of the log:

    Code:
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/traveling-along.thumbnail.jpg HTTP/1.1" 200 2501 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/traveling-along.thumbnail.jpg HTTP/1.1" 200 2501 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/traveling-along.thumbnail.jpg HTTP/1.1" 200 2501 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-1.thumbnail.JPG HTTP/1.1" 200 3685 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-1.thumbnail.JPG HTTP/1.1" 200 3685 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-1.thumbnail.JPG HTTP/1.1" 200 3685 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-2.thumbnail.JPG HTTP/1.1" 200 3845 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-2.thumbnail.JPG HTTP/1.1" 200 3845 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-2.thumbnail.JPG HTTP/1.1" 200 3845 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-3.thumbnail.JPG HTTP/1.1" 200 3435 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-3.thumbnail.JPG HTTP/1.1" 200 3435 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/in-step-3.thumbnail.JPG HTTP/1.1" 200 3435 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/drop-off-main-pic.jpg HTTP/1.1" 200 24259 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/drop-off-main-pic.jpg HTTP/1.1" 200 24259 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/drop-off-main-pic.jpg HTTP/1.1" 200 24259 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/concert-copy.jpg HTTP/1.1" 200 35191 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/concert-copy.jpg HTTP/1.1" 200 35191 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/concert-copy.jpg HTTP/1.1" 200 35191 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/j.thumbnail.jpg HTTP/1.1" 200 2627 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/j.thumbnail.jpg HTTP/1.1" 200 2627 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/j.thumbnail.jpg HTTP/1.1" 200 2627 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/jon.thumbnail.jpg HTTP/1.1" 200 2589 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/jon.thumbnail.jpg HTTP/1.1" 200 2589 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/jon.thumbnail.jpg HTTP/1.1" 200 2589 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/ashmore.thumbnail.jpg HTTP/1.1" 200 3084 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/ashmore.thumbnail.jpg HTTP/1.1" 200 3084 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/ashmore.thumbnail.jpg HTTP/1.1" 200 3084 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/e.thumbnail.jpg HTTP/1.1" 200 3606 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/e.thumbnail.jpg HTTP/1.1" 200 3606 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/e.thumbnail.jpg HTTP/1.1" 200 3606 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/oo.thumbnail.jpg HTTP/1.1" 200 3795 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/oo.thumbnail.jpg HTTP/1.1" 200 3795 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/oo.thumbnail.jpg HTTP/1.1" 200 3795 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/sean.thumbnail.jpg HTTP/1.1" 200 2924 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/sean.thumbnail.jpg HTTP/1.1" 200 2924 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/sean.thumbnail.jpg HTTP/1.1" 200 2924 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/haley.thumbnail.jpg HTTP/1.1" 200 2974 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/haley.thumbnail.jpg HTTP/1.1" 200 2974 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/haley.thumbnail.jpg HTTP/1.1" 200 2974 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/singing.jpg HTTP/1.1" 200 13857 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/singing.jpg HTTP/1.1" 200 13857 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/singing.jpg HTTP/1.1" 200 13857 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/laughing.jpg HTTP/1.1" 200 42756 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/laughing.jpg HTTP/1.1" 200 42756 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/laughing.jpg HTTP/1.1" 200 42756 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/glitter.jpg HTTP/1.1" 200 32062 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/glitter.jpg HTTP/1.1" 200 32062 "-" "PHP/5.2.6"
    74.86.153.134 - - [17/May/2008:00:27:20 -0500] "GET /wp-content/uploads/2008/05/glitter.jpg HTTP/1.1" 200 32062 "-" "PHP/5.2.6"
    These same files repeat at:

    17/May/2008:00:27:20 -0500
    17/May/2008:00:27:31 -0500
    17/May/2008:00:27:35 -0500
    17/May/2008:00:27:55 -0500
    17/May/2008:00:28:18 -0500


    This goes on and on in my logs spanning several hours even during the times when my site normally gets the fewest hits.
    It seems like the same sort of thing I'd see when running the web stress test tool from microsoft.

    What do you think? What should I do? I already told the tech support that I would parse the log files, look into it, and see if it really was wordpress. I've since blocked the ip of the host to see if it would have any adverse effect (e.g., image gallery not loading, etc) and it has no effect on the functionality of wordpress. The site has maintained an average with no sudden spikes in terms of user hits/site usage.

    Has anyone else experienced anything like this? I'm thinking they're trying to get me to upgrade the account or at least purchase more bandwidth. This is unacceptible.

    Thanks for your help in advanced,
    -zatechguru


    edit: These images are NOT found in the same gallery, or together on the same page. so there are no single page requests that would result in a request for these specific images.
    Last edited by zatechguru; 05-17-2008 at 12:42 PM. Reason: added note

  2. #2

    Lightbulb Luck of the Draw

    Sounds like you're just unlucky that you chose 2mhost. How important is having Wordpress to your website? I would make one more transfer to another web host and forget about the issue.

    Why did you tranfer from your original hosting company. What issues did you have. Was is SPAM related?

    My issue with Wordpress is that I just put two links in my blog that would not work. I spend 25 minutes on the issue and could not find a solution. Looks like maybe they are having technical difficulties. Could be due to an unexpected surge of popularity, slowing down the Wordpress server.
    Visit Best Web Hosting Companies

  3. #3
    Join Date
    May 2006
    Location
    /home/India/Kolkata
    Posts
    306
    Looks like someone attacking your site (spambot) or DDoS to bring it down?

  4. #4
    Originally the site was free-hosted at wordpress.com. It gained popularity and needed to expand features. So I moved it from wordpress.com to 2mhost.

    As to the surge of popularity, that is highly unlikely as I also utilize wordpress.com stats tracking along with the standard awstats. The daily traffic is pretty predictable. It's been pretty steady since I've set it up in Jan.

    As far as the DDoS, I highly doubt that is the issue. The raw logs show that the images were being accessed directly with no .html or .php request before and the requesters ip address was the ip of the server hosting it. So unless someone was running DDoS on the server, I'd say that it's not that. Anyhow thanks for your reply top10hosting and agnivo007. I guess I'll write some custom scripts to determine just who is doing what exactly. As of now I've downloaded a full backup and will be looking for a new host. Where's a good search engine for hosting? hostsearch.com seems to be full of fluff.

  5. #5

    *

    I bet your next host will have the same issues. Put me down for $200 on that. But, you want to think positive, right? Whatever! Your hosting problems will be solved 5 months from now. It's all meaningless to me!

    Could you let us know how you solved the Wordpress problem, after you do?
    Visit Best Web Hosting Companies

  6. #6
    Join Date
    Apr 2007
    Location
    zero one zero one zero
    Posts
    1,468
    Try posting on the WordPress support forums, they should have a solution - http://wordpress.org/support/
    Afterburst - the best unmetered VPS - read why here!

  7. #7
    zatechguru: I will be happy to help, just pm me your domain name and I'll check this issue for you.

  8. #8
    Ayen, I found your domain zaangels.com, in domlogs, I see this many chunks of logs like this:


    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-cron.php?check=1fe6ea3c56f8a25682631bd3498d0599 HTTP/1.0" 403 - "-" "-"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/za-write-off-banner3.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/za-write-off-banner3.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/zac-on-set.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/zac-on-set.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/fashion-awards.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/fashion-awards.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/mtv-movie-awards-copy.thumbnail.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/mtv-movie-awards-copy.thumbnail.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/sneakernight-cover.thumbnail.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/sneakernight-cover.thumbnail.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/vanessa2.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/vanessa2.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/traveling-along.thumbnail.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/traveling-along.thumbnail.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/in-step-1.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/in-step-1.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/in-step-2.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/in-step-2.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/in-step-3.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/in-step-3.thumbnail.JPG HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/drop-off-main-pic.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/drop-off-main-pic.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/concert-copy.jpg HTTP/1.1" 403 - "-" "PHP/5.2.6"
    74.86.153.134 - - [18/May/2008:09:48:20 -0500] "GET /wp-content/uploads/2008/05/concert-copy.jpg HTTP/1.1" 403 - "-
    " "PHP/5.2.6"


    the server IP appear because wordpress itself requests wp-cron.php and (I think) wp-cron is requesting the list of images. I'm not much of wordpress user, but we can discuss this further in email sales [@] 2mhost.com, we can push the bandwidth limit, I like the websites that get traffic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •