I run a small website which hosts a translation of a webnovel. I barely get any attention and no hits. Suddenly, at 12:15, I get an email from infinityfree saying I used 50% of my hits. One minute later, at 12:16, I got another email informing me I hit the limit and my account is deactivated. Then, I got another email telling me my account was suspended for spam.
The website is down and cloudflare labels it a phishing site, and support informed me that despite the account being listed as blocked for “abuse”, it’s just down because I somehow hit the hits limit.
My only guess on how I got such a sudden spike in hits is I got DDOSsed. Not sure how likely that is. Support informed me that they don’t track such things, so it’s up to me to figure out what happened and hopefully mitigate whatever caused the site to go down.
I’m completely new to hosting websites and barely know anything, so I’d appreciate it if anyone can point me in the right direction. As far as I know, CloudFlare is not something I can manage as it’s a free domain, and seemingly it didn’t do anything in the first place. Once I get access to my site, I’ll see if I can check my statistics WP plugin to see what the heck happened, and of course back up the site in case it goes down again.
Yup, I read that page already, but nothing in the article really helped me. It’s a very simple website with very few assets, and my average hit usage was very low in the first place. Only one time did it spike up and hit the limit, which I can see on the panel’s statistics page. That’s where my suspicion of a DDOS comes from.
Is there anything I can do to figure out what’s causing this, for future reference? I believe it’s unlikely for me to figure out anything retroactively, but it’d be good if I set up such a system in case this happens again.
Alright, I’ll have to dig into how to optimize the site.
Still, it feels a bit off. Even if each pageview is 110 or so hits, I get an average of 120ish pageviews, with no more than 200 in total, that’d be around 20k-25k hits at most, right?
Asking the same question over and over is unlikely to yield different results, especially when everyone including the article says that it’s not possible.
You are free to deem this as “unhelpful” of course, but sitill, it’s unlikely to change anything.
Alright. So I have to be very conservative when measuring resources. Thanks.
I’m just trying to figure out a starting point on how to counter this problem. I’m not complaining, was just giving context. My apologies if it came across that way.
Thanks to KangJL’s image, I have a starting point on how to measure hits, and I know where to start googling to make my website more efficient.
Just to clarify, the statistics on cpanel over the past few months never got close to 50% of the hit usage, nevermind 100%. That’s why when I suddenly hit the limit, I thought it was some sort of attack, not an underlying issue with my site. Using the chrome network analysis tool I found a few things that caused a lot of hits, and disabling/deleting them has reduced my per-page hit count from 130ish to 70. Will keep looking for ways to optimize the site.
i have a few tip to lower the hit, first is try not to host all of your image, css, js file on infinityfree if possible, for image i can recommend you to use imgur or imgbb, for css you can use github, for js you can use cloudflare free cdn (i think this tip only work if your site is custom build), if you think thats too much work then try not to create mutiple file for your site, like put css and js on same place of the page, like instead of you can just put your js script on the site like . The tip sound simple but it dramatically reduce the hit of the page. I hope this helpful to you.
It is very helpful, thank you. CSS being hosted on github is nothing new to me, I have done that before. I don’t upload many images, I think I’ve only got the website logo, and three or so images, so they should be alright for now. Cloudflare is out of the question because I don’t own the domain.
That hits usage does not look high enough for a DDoS attack. My guess is you got it by a web scraper or bot (potentially a vulnerability scanner or AI scraper).
You have a free subdomain so not much you can do to avoid this, my recommendations are to get a custom domain and drastically reduced number of hits required per load
So there isn’t much I can do about such spikes then, huh? Alright, thanks for the pointers.
I thought infinityfree would block such scrapers or bots…
I’ll work on improving my site’s hit usage in the meantime.
It’s impossible to block all scrapers and bots. There are companies that spend thousands if not millions of dollars a year and they still fail (think Google, Microsoft, etc)
will take it into consideration, but I think for now I’ll monitor and see how often I get hit. If it’s a one-off or infrequent, I think I might just tank the hits. Not like my website gets traffic anyways, it’s more a hobby. Appreciate the help.