We've done absolutely everything to try and free up resources on our server. I'm running 16gb of ram in a powerful server, and it's constantly maxed out. Slowing our work to almost impossible. I've spent over 30 hours making registration none, hard deleting over 100,000 fake spam accounts, creating a new login page that's 2 pages deep and has NO Links to it so the bots can't find it to try and even login, then setting up redirects rules in IIS from /login or /login.aspx or ?ct=login to abort request and still our server is pegged. Slammed, it's gotten to the point that I'm about to quit DNN after 14 years and switch to another CMS.
I have another server running the same number of sites, but mostly wordpress. It's running the same processor, same data center but only 8GB of Ram, so 50% less, these sites get MORE real traffic, and the memory usage is never above 54%, so it's only using about 5gb of ram at it's max.
Compare that to my other server, running almost all DNN sites at 16gb ram (Which cost us $225/month just for the extra 8gb of ram from our data center) and it stays pegged. I can't afford to keep fighting this problem. I can't even work on my websites, as the pages take too long to load and even timeout sometimes from the reload times.
Here's what I did to the server but the bots keep trying to login to the 100,000+ spam registered users that I deleted.
1. Make sure that registration is set to “None”
2. Deleted ALL users.
3. Cleared the event log.
4. Created a new page on the site and put the Account Login” module on the page. I made sure the page was not in the menu, and not indexed. I also made it a sub page of another page that was not in the menu, not indexed and disabled. Example, new login would be /SignIntoSite/LogInNow.aspx The parent page “Sign In TO Site” is disabled, not indexed and not in menu. THe sub page “LogInNow.aspx” is not indexed and not in menu. So, there’s no where to link to this page for the bots to follow and try and login.
5. I then used the .css file to make the standard “Login” link on each page invisible by setting the class to “visibility:hidden;” in the css file so they can't even find a link to login to the old login page.
6. I then logged into IIS and created a new “URL Rewrite” rule for each of the domains. The URL Reqwrites are "RequestBlockingRules" that state /login or /login.aspx goes to "Abort Request".
7. If the site is running DNN6, I setup the deny ctl bypass in the web.config with the
security
requestFiltering
denyQueryStringSequences
add sequence="ctl" /
denyQueryStringSequences
/requestFiltering
/security
WILL DNN PLEASE FIX THIS PROBLEM????? Thanks.