Strategy And Tips – TristanPoulsen.com https://tristanpoulsen.com Welcome to TristanPoulsen.com Wed, 07 May 2025 17:38:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://tristanpoulsen.com/wp-content/uploads/2024/07/cropped-Tristan-Forryst-Poulsen-initials-logo-32x32.png Strategy And Tips – TristanPoulsen.com https://tristanpoulsen.com 32 32 How I Stopped Bots from Crashing My cPanel Server https://tristanpoulsen.com/how-i-stopped-bots-from-crashing-my-cpanel-server/ Wed, 07 May 2025 17:36:09 +0000 https://tristanpoulsen.com/?p=856 Read more]]> If you’re managing a cPanel + WHM server (mine runs on AlmaLinux) and notice CPU usage spiking to 100%, there’s a good chance that aggressive bots or inefficient PHP processes are hammering your server. That’s exactly what happened to me — and here’s how I fixed it.

The Problem

My server load was pinned at 100%, with php-fpm processes consuming the bulk of the CPU. Using tools like htop and ps, I traced the activity back to a few specific WordPress sites hosted on the server.

The common culprit? Bot traffic hammering uncached pages and XML-RPC endpoints.

The Fix (3-Part Solution)

1. 🧱 Block Bots with .htaccess

I edited the .htaccess file for each affected site and added rules to block known abusive bots by user agent:

# Block bad bots by user-agent
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} (semrush|ahrefs|mj12bot|dotbot|python-requests|curl|wget|masscan|sqlmap|fimap|nmap|nikto) [NC]
RewriteRule .* - [F,L]
</IfModule>

This simple change started deflecting unnecessary load before it could hit WordPress or PHP.

2. 🛡 Install and Configure Fail2Ban

I installed Fail2Ban to automatically block IPs that triggered suspicious patterns in my Apache logs (like repeated bot-like requests):

sudo yum install epel-release -y
sudo yum install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Then, I created a jail to detect and ban bad bots:

/etc/fail2ban/jail.d/apache-badbots.conf

[apache-badbots]
enabled = true
port    = http,https
filter  = apache-badbots
logpath = /usr/local/apache/logs/access_log
maxretry = 10
findtime = 300
bantime = 3600

/etc/fail2ban/filter.d/apache-badbots.conf

[Definition]
failregex = ^<HOST> -.*"(GET|POST).*(crawler|bot|spider|python|curl|wget).*HTTP.*"

With this in place, the server now proactively bans repeat offenders and malicious bots.

3. 🔄 Restart PHP-FPM and Apache to Flush Load

Once the defenses were in place, I restarted the two main services to clear out any bloated or stuck processes:

systemctl restart ea-php81-php-fpm
systemctl restart httpd

This dropped my CPU usage almost instantly and gave the server a clean slate to work with.

Summary

After these changes:

  • CPU usage dropped from 100% to <10%
  • PHP-FPM processes normalized
  • The server has stayed stable under load, even with continued traffic

If you’re running cPanel/WHM and notice unexplained high load:

  • Check your access logs
  • Filter bots at the .htaccess level
  • Set up Fail2Ban to auto-ban bad actors
  • And always restart PHP-FPM/Apache after config changes
]]>