Forums

Thousands of requests in my web application

Hello,

My web app traffic charts in showing to me that my Django application in getting more requests than normal. My traffic have never passed 50k hits per month, but last month it hit 664k!! For instance, last 4 months hit numbers were:

 september 41.97k
 october  46.53k
 november 275.07k
 december 664.42k

So, I am worried about it and it made me search for answers in the web server logs. I downloaded the logs of the last 3 days to analyze it. What happens is that from the 62760 requests contained in these logs, 56624 were from a IP starting with "91.200", for instance, 91.200.12.133. I went to google chrome and typed this ip address, it took me to a website of "PRTG NETWORK MONITOR".

Well, I have no ideia how I will fix it and failed to understand what is causing the problem too. Actually, I don't even know where to ask for help, since I don't think stackoverflow accept this kind of question. That being said, any help will be helpful.

Thank you

At a guess, someone has set up PRTG Network Monitor to monitor your site for downtime. They look like they're a reasonably legitimate site, so if it's not something you set up yourself, you should probably get in touch with them and ask them why they're monitoring your site. This page appears to have their contact details.

First of all, thanks for the reply. It helped a lot. I sent them a message and they said to me that somebody using their service decided starting to monitor my website and adviced me to block the ip range somehow. Is there a way to make this configuration in pythonanywhere?

Unfortunately not. That's not really a very good response from them, though -- if they're making large numbers of unwanted requests to your site, they should certainly allow you to stop them. Perhaps if you contact them again and say that you regard this as network abuse they'll take it a little more seriously?

brenoasrm,

PRTG is network monitoring software. It's downloaded from the Paessler website, and installed on users own computers. It's not a service. Someone is running PRTG software and scanning your site. This isn't Paessler's problem, in the same way that if the guy doing the scanning is running Windows on his server, it's not Microsoft's problem either,

If you do a whois lookup on the IP address that's hitting your site, you'll see that is belongs to someone in Ukraine:

inetnum: 91.200.12.0 - 91.200.15.255 Netname: VHOSTER-NET Country Code: UA Country: Ukraine Person: Andrey Rudenko Address: Ukraine Phone: +38 044 3792850 Hostname: ANTN Source: APNIC

I suggest you contact them, or their ISP to complain about the traffic. But I can see that 15 other websites have already blocked this IP range, so I don't know how receptive they'll be to your complaint. So your only option will be to block their IP range somehow.

Thanks,

Simon.

Simon -- many thanks for clarifying that!

brenoasrm -- is the problem for you that the hits are making your logs hard to read? Or is it that your website is being overloaded and isn't serving your "real" users properly?

Simon - thank you!. Now I understand clearly what is happened.

Giles - I don't know if my users are having a bad experience. I don't think so, because I have few users, just 150-200 daily. But it's bothering me anyway.

There are many claims in this website about one of the ips

Is it possible that pythonanywhere blocks the ips in the firewall or something like that? I saw this solution here and sounds like a good ideia

I'm afraid we don't have a way to block their IPs (or not without needing a) manual intervention from us, on an ongoing basis, and b) blocking them for lots of other users as well).

if it's not causing actual problems for your users, maybe just ignore it?

or else you can implement your own "block" -- i mean you'll still have to respond to the requests, and use up processing time doing so, but you could examine the source IP address for all requests and return some error code (eg 403 unauthorised? ) for any coming from that site? That might cause whoever's monitoring you to switch their monitor off...

I won't ignore thousands of requests in my website knowing what I read about those ips on the internet.

I just thought it would be better to block them in the firewall instead of me needing to change my application to do so.

It's not just me, if you block them in the firewall, as you've said, it would benefinit all pythonanywhere users that won't have the same problem I'm having right now. I know you should be carefull when you're dealing with blocking ips to not impact your users negatively, but when you have proof that those machines are just trying to damage your users applications, it should not be a problem, I guess.

It's tricky, though. The problem is that IP addresses aren't the same things as users. You've probably heard the stories where people were unjustly accused of pirating music and movies because they happened to be using an IP address that had previously belonged to the real pirate.

An IP address is allocated by an ISP to a particular user of their service, but they can and do move the IPs around, so the person using the IP one day might not be the person using it the next day. So if we blindly block IPs, we're essentially blocking anyone else who ever happens to get that IP from their ISP from viewing any page on PythonAnywhere.