Announcement

#1 2018-03-12 19:54:19

kozmob
Member
2012-01-14
41

Site deactivated; can I eliminate guest login, repair database

Greetings;
My personal website including several Piwigo galleries have been deactivated by my web host due to “excessive resource usage.” This is apparently from spam or bots trying to register or login to my piwigo sites. I’m told by the host that the databases "mydomain_piwigo8c3" and "mydomain_pwg1" have over 100k rows and are over 1900MB and 57MB respectively. I don’t know what those specific databases are. Are they requests to register or login?

It looks like there are two things I might need to do; 1-reduce the databases, and 2-eliminate the guest registration/login features.

I can see the databases on my host but I can't view or edit them. I can delete them if necessary but I don't want to lose my gallery data.

Since the site is deactivated, I can’t get into it as admin to eliminate the guest registration/login feature. Anybody else have this problem? Is there a solution?

I can get to the files in my piwigo folders on the host and edit if necessary. Can I edit the files (such as register.php?) to eliminate the guest registration/login feature? Keep in mind my html editing skill is at about level 2 out of 10. If there is some cut-and-paste code I can slip in, I can likely do that.

If I can at least reduce the databases, my host might reactivate the site and then I can get in and eliminate the guest register/login option.

Thanks so much for any help. Without some guidance I'm dead in the water. I don't want to have to eliminate my galleries and start from scratch.

Piwigo version: I don't know cuz I can't get to the website to see it. I haven't installed version 2.9.3 and I believe  have the version previous to it.
PHP version: ?
MySQL version: ?
Piwigo URL: http://kozpics.com

Offline

 

#2 2018-03-13 11:09:52

erAck
Member
2015-09-06
114

Re: Site deactivated; can I eliminate guest login, repair database

Your hoster is crap. Really. If it calls 2GB already excessive.. I wonder though how a Piwigo database with just over 100k rows can have 2GB. Or was that 100M rows maybe?

Anyway, you could try to trim the visits history, maybe there are tons of entries, but for that you'd need to be able to login to your gallery as admin. Also if you use a plugin like AStat that can build up quite some history data. In your mydomain_piwigo8c3 database there may be a piwigo_history table (or differently named *_history if you chose another table prefix) that is huge. If you allowed user registration the piwigo_users table could have grown. In any way, you'd best need admin access to your gallery to trim history or delete users and deactivate user registration. Otherwise you'd need access to some database tool like phpMyAdmin to trim the tables, and likely someone who does it for you. Talk to your hoster. Editing any html or php files on your site is not a solution, you'll need database access either through Piwigo or with a database frontend. User registration then can be disabled in the Piwigo admin Configuration, tab General, section Permissions, uncheck "Allow user registration".

Offline

 

#3 2018-03-13 16:20:16

kozmob
Member
2012-01-14
41

Re: Site deactivated; can I eliminate guest login, repair database

Thanks for the reply and advice. Yeah, that host sucks. I’m trying to migrate to another host.

I can’t make the admin changes you suggest because the host won’t open the site to me. That’s the problem. They expect me to fix it without access to the live site.

I couldn’t find a relevant history file. The files I found were either .php or .html files or had to do with language or themes.

I got into the site logs though and I see thousands of automated attempts to download picture files. Most of the attempts resulted in errors because the files being looked for didn’t exist. It looks like many pictures were mined though. It’s obviously a bot (not sure if that’s the right term for the automated system) because there are as many as 6 attempts each second. When there is a successful hit, the attempts are about 4 to 10 seconds apart; time for a download.

Thanks again for your help. I’ll start another thread about the apparent hack risk.

Offline

 

#4 2018-03-13 17:50:29

erAck
Member
2015-09-06
114

Re: Site deactivated; can I eliminate guest login, repair database

kozmob wrote:

I can’t make the admin changes you suggest because the host won’t open the site to me. That’s the problem. They expect me to fix it without access to the live site.

Then you need to use whatever database administration tool the hoster provides for your hosting and trim the history and user tables I mentioned, if that actually is the cause. Maybe someone here can identify what flag would need to be changed in the database to disable new user registration without access to the Piwigo admin panel.

I couldn’t find a relevant history file. The files I found were either .php or .html files or had to do with language or themes.

As I said, the history is kept in the piwigo_history table in the database.

I got into the site logs though and I see thousands of automated attempts to download picture files. Most of the attempts resulted in errors because the files being looked for didn’t exist. It looks like many pictures were mined though. It’s obviously a bot (not sure if that’s the right term for the automated system) because there are as many as 6 attempts each second. When there is a successful hit, the attempts are about 4 to 10 seconds apart; time for a download.

It might even be that this is the "excessive resource use" the hoster mentioned and it's annoyed by the bot eating up the bandwidth. It can be some bot gone wild, or just a search engine crawler, or some referer spammer, or something else.

Thanks again for your help. I’ll start another thread about the apparent hack risk.

There is no hack risk involved. It's normal that some bots try to massively download whatever they can get hold of. If it is always the same or the same range of IPs then you could deny in .htaccess to cut actually delivered traffic. Other than that, bots connecting everywhere, well, is the Internet..

Offline

 

#5 2018-03-14 08:40:07

flop25
Piwigo Team
2006-07-06
6838

Re: Site deactivated; can I eliminate guest login, repair database

Hello
your  "excessive resource use" might be more related to the resized picture generation (thumbnails etc)
if your hosting company was a professional one, they would have provided more detailed information such as log or cpu usage per process etc

if your hoster won't give you this information, well basically you can't change anything to avoid the situation to happen again


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#6 2018-03-14 13:29:59

kozmob
Member
2012-01-14
41

Re: Site deactivated; can I eliminate guest login, repair database

thanks for the reply. The host will only tell me that I should hire a developer to fix the site. That's no help. I'm now in the process of migrating the site to another host where I can get the site activated and see what's happening.

Offline

 

#7 2018-03-15 02:32:04

erAck
Member
2015-09-06
114

Re: Site deactivated; can I eliminate guest login, repair database

The hoster should at least tell you what resources are excessively used, CPU power, database use, bandwidth... If it doesn't then it's not worth the money.

A new site probably will not exhibit the same behavior until the site is discovered to be scraped by some bots again..

However, disable user registration if you don't need it, and every few months or so Purge history details under Tools -> Maintenance if your database grows too much, or if you use the AStat plugin clean the history on its Tools page where you can specify a cut date.

Offline

 

#8 2018-03-17 14:01:26

erAck
Member
2015-09-06
114

Re: Site deactivated; can I eliminate guest login, repair database

erAck wrote:

every few months or so Purge history details under Tools -> Maintenance if your database grows too much, or if you use the AStat plugin clean the history on its Tools page where you can specify a cut date.

Just to mention that Piwigo 2.9.3 has a built-in autopurge mechanism, see [Forum, post 170222 by flop25 in topic 28604] Automatism keeping history small, and there's also [extension by Eric] Prune History that now works again. So manual pruning should never be necessary with a recent Piwigo version.

Offline

 

#9 2018-03-17 18:09:03

kozmob
Member
2012-01-14
41

Re: Site deactivated; can I eliminate guest login, repair database

great, erAck. Thanks for all this. I'm making progress in migrating my sites to a new host and will look into these features as soon as I get the sites back up.

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2018 · Contact