May 16, 2017 at 8:20 am #14249
I just got this email from my Hosting provider,
“We are seeing a very severe usage of disk space (Binary Logs, used for replication purposes) on our sql servers, which we have tracked down to the EventPhotos_RSI_810562. Normally they would rotate every few hours 1GB, but currently they are growing at a rate of 1GB per 10min (and climbing).
Not quite sure what they are doing, but feels like they are adding all those images to a cart”
eventphotos.rayshiuimages.com is the site having this issue, the images being put into the shopping cart are from different galleries. I don’t see any information relating to this in my WP Photo Seller menus. Is there a way to see if any items have been “stranded” in carts or collect emails from sales?
As I have no clue about these things, thought I’d ask if anyone here has any ideas?
Thanks for the help.May 16, 2017 at 10:24 am #75693PeterMember
I’ve never seen such a problem before.
Is there an example of some of those logs you can provide?
Any more info you can get from your host support people (such as which table is being written to) would be helpful too.May 17, 2017 at 6:29 pm #75694
Thanks for the quick reply. Here’s the latest (I haven’t been able to find the log in question tho).
“If you go into phpmyadmin (bravenet, databases), and find the wp_EventPhotos_RSIwps_sessions table, take a look for a entry named “PMW3MJ2AM6SUY4A1IKTTGMPDH6L0YRHJ5E1TJ2XZ” (I just used find J2XZ to find it). But that entire blob was being written to the database repeatedly over and over.”
At the moment, the fix is blocking the IP address causing this issue. Thanks for any insight you can provide.May 17, 2017 at 7:28 pm #75695wzpModerator
You “might” be the target of a DoS attack. Do you know anyone who “doesn’t like you?”May 18, 2017 at 5:22 am #75696PeterMember
Are you saying that there are multiple records with session_id = “PMW3MJ2AM6SUY4A1IKTTGMPDH6L0YRHJ5E1TJ2XZ”?
That is highly unlikely.
What I think is happening is that whoever is constantly visiting your site is always accessing it with the relevant photo seller session cookies cleared. Hence, this is why this plugin thinks that each visit is a brand new one and thus it will set a cookie and create an entry in the sessions table.
Therefore as per wzp’s suggestion, I think you are being probably being targeted by some kind of automated bot.
I recommend that you take steps to ban that IP address.May 18, 2017 at 1:11 pm #75697
Thanks for the help wzp and Peter.
Peter, I’m not sure what I’m saying I’m just relaying info from my host. I’m pretty sure there are more than one session ID. Tech support has since purged the records but sent me one log file of one instance. If you want I can send it to you.
wzp, I’m pretty sure plenty of people don’t like me, lol.
I guess the current fix of banning the offending IP is the only fix…
Once again, thank you guys for the all the help and patience!
- You must be logged in to reply to this topic.