cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
swright
New

Site is down - malicious traffic?

My site has been down for over 24 hours.  The first time I contacted support I was told there was malicious traffic on the site and it would be available again "in a few hours".

 

More than 24 hours later, my site is still down and now when going to the cPanel Admin, I received a message that my account was suspended.  After contacting support again, my account was reactivated (no word on why it was suspended to begin with), but they didn't know why my site was still down.

 

Support keeps saying my site works for them, so it must be my IP provider, but I've had dozens of customer complaints using multiple IP providers, so it's not just me.  I think it works for support because they're accessing the site internally.  However, the site is not working for anyone not working at GoDaddy.  I repeat this every time I contact support, but it always ends up with them diagnosing my personal connection, which of course is not the probkem.

 

Anyway, my site is still down, nobody can tell me why, or when/if it will be back up again.  Any suggestions?

 

Thanks,

Steve

1 ACCEPTED SOLUTION

@swright 

 

It is possible that if you had a large spike - say you went from 500 visits/day to 5000 or more - that could have been interrupted by the system as malicious. Given that you are on a cPanel (Shared) server - there are some automated settings that kick in to protect not only your account but the entire server. 

 

It is possible that when you called in the first time there was an alert on the account or that the support person reached out to the higher level tech folks to see what might be going on.

 

This is one of those items that they would have had to noted in your account as once the error clears you have to dig into the logs to find out. In terms of not being notified - there is a couple of reasons for this. 

 

When you look at the stats you can see what country etc the traffic is coming from. I had a server(VPS) recently that was getting scanned by a Chinese search engine and it caused the server to spike to 150% load (so overloaded) - I ended up blocking the IP address is the server returned to normal 

 

Something like that could have happened and GoDaddy has to do some manual things to correct for it.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post

5 REPLIES 5
swright
New

Well, my site is back up again.  Guess I just had to wait another 30 minutes.  I wish I knew what happened though so I can try to prevent this happening again.

 

*Edited to add that this was never a problem with my IP provider/browser/etc.  I had 3 external volunteers confirm the site is now working for them, when it wasn't before.  All 3 had different providers and different browsers (Chrome, Firefox, and Edge).

@swright 

 

I would check out the following

1) See if you have any scripts / files that weren't on the server before 

2) check the 2 stats programs in cPanel - you can see the top files / urls being called

3) If you have WordPress site(s) make sure they are all updated

 

Please also remember if you are hosting multiple sites on a cPanel account - they are all in the same "sandbox" so even if site XYZ isn't the cause of the issue, it could be affected by one of the other sites.

 

Also see how much storage you are using on the server.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

Thank you for the suggestions.  There aren't any new scripts or files within the last month or so and it's not a WordPress site.  The only thing slightly unusual in the stats is that there is more traffic than usual, but nothing looks suspicious to me.  The additional traffic I can attribute to more people looking to adopt rescue animals (which is great!) during the quarantine (the site is for an animal rescue).  I just wish I'd been sent an email or notified some other way if the site was being taken down.  I still don't know if it was shut down on purpose or if GoDaddy just had some issues for 24+ hours.  The first time I contacted support I was told it was shut down due to malicious traffic, but I had no warning about this, and no mention of malicious traffic was made when I contacted support twice after the first contact.

@swright 

 

It is possible that if you had a large spike - say you went from 500 visits/day to 5000 or more - that could have been interrupted by the system as malicious. Given that you are on a cPanel (Shared) server - there are some automated settings that kick in to protect not only your account but the entire server. 

 

It is possible that when you called in the first time there was an alert on the account or that the support person reached out to the higher level tech folks to see what might be going on.

 

This is one of those items that they would have had to noted in your account as once the error clears you have to dig into the logs to find out. In terms of not being notified - there is a couple of reasons for this. 

 

When you look at the stats you can see what country etc the traffic is coming from. I had a server(VPS) recently that was getting scanned by a Chinese search engine and it caused the server to spike to 150% load (so overloaded) - I ended up blocking the IP address is the server returned to normal 

 

Something like that could have happened and GoDaddy has to do some manual things to correct for it.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post

Interesting.  When I looked at the traffic as I was trying to diagnose the problem myself, I noticed an IP address I tracked from China before the site went down.  It looked to me like only a single HTTP request, so I didn't think much of it, although I did block the IP address.  It does look like it's from a well-known Chinese search engine.

 

My site is still up today and I'll continue to monitor the traffic coming into it.

 

Thanks for the tips!  It's greatly appreciated!