Short Bytes: This is a simple and real account of how I prevented 508 resource limit error on my personal blog. How it all began and how I ended up learning small yet very significant things otherwise I never had learned them.
Here is a screenshot of an email and I was getting almost more than a hundred of these every day.
Well, I was scared a bit initially because I hardly knew much about the WordPress security, like most of the common WordPress users. But little did I know that I was soon going to learn about the same in coming days.
I became email blind after a few days, regularly staring at the same emails and I had totally put in my trust on plugins to provide me security. But I was missing the fact that none of the security plugins were paid. Though WordFence had the advanced blocking and filtering options but most of them are available to the paid users.
On 29th of March, I suddenly began seeing an unusual spike in my traffic on Google Analytics. Well, I was skeptically happy. But I also felt a spike in the number of emails from WordFence about login attempts to my site. I felt something fishy.
But I did not know what to do. By 11.30 PM, my website was dark and down. Only thing I was able to see after typing trekkerpedia.com in my web browser was the below screen:
Even I was unable to login as WordPress admin and then my online Google hunt began for a solution to this problem. Google was flooded with solutions but none of them were working.
Somewhere, it was written that I should analyze my resource usage and logs. I did not know how to do that being a novice. I logged into the control panel of my site and I saw ‘logs’ section. Maybe that was the first time, I had seen that section since the inception of my blog. Also, that was the first time, I felt hopeful.
Under the logs section, I checked out for the different options and all were soaring high in the sky. I still have one of the screenshots:
But those screenshots were the only proof that my site was under attack and someone was using extensively using my site’s resources. But who was it and what was that person doing?
I went back to the logs sections and saw the option ‘Latest Visitors’. So, I opened that and then I saw an IP address who was downloading some data from my website regularly. Here is a screenshot of the same:
So the quest which has begun around 11.30 PM ended at around 1.16 AM. Now, I had the IP address in my hand and I also knew that the person was downloading a lot of data from my website leading to the limitation of the resources.
You can see that IP address marked in the above pictures. But the bigger question was how to stop that guy from doing so?
I did IP lookup for that IP address over the internet and I was only to find just a few details about him. Like his location, country, organization etc. But those handful of details were still insufficient for me.
At around 1.30 PM, I decided to mail my hosting service lamenting my technical grieves. Here is one of the emails:
In the meanwhile, I was also looking for how to block IP address on my site. Most of the solutions involved admin login which was unavailable to me.
I was waiting for a reply but there was no luck for next one hour. So, I finally decided to explore the control panel on my own. And I finally was able to find IP Address Deny manager under the security section.
After adding that IP address, my website was back up and I was still sitting in front of my site checking other functionalities for next half an hour.
Next morning, I realized that I did nothing great in terms of securing my site, it was just a fluke that I got the right steps within hours to set things right. However, had I just be sitting or depending upon some tools or service provider or someone whom I knew better in these terms, I surely had not learned and had wasted more of my time.
Ultimately, I learned never to give up with even those things which you do not know. Here is a link to my travel blog if you want to take a look at: trekkerpedia.com