Hello please, how do I completely remove the personal details
i have attached a document to showcase the problem.
thank you.

Sorry for the misunderstanding. Now on your site k2 registration on. Please disable the registration from the K2 Parameters.

由于使用的华为云的CDN加速，结果发现我的阿里云服务器突然卡顿，网页打开极慢。登陆华为云CDN管理后台发现最高带宽占用30M，流量短时间内达到10GB以上，这么大的流量我的服务器肯定扛不住啊。于是还跟华为云进行了一个撕逼，然后果断弃了华为云。

但是更换了其他CDN或者WAF之后，CPU占用依然居高不下，网上找了很多办法都不管用。

看了下是 PHP CGI 进程占用CPU最多，而且经过检测发现是 浏览器内核检测 网站的 PHP CGI 占用最高，其他的很少。然而看第三方网站统计，并没有很大的访问量啊。

于是我用下面步骤进行排除：

第一步，暂停了占用最多CPU的网站，发现很快CPU占用下来了。也就是肯定是这个网站的原因，但是我近期并未更新网站代码啊，应该不存在死循环之类的bug导致占用 CPU 过多；

第二步，紧接着我排查所有页面，经检查未发现挂马或者被黑的现象；

第三步，将 ie.icoa.cn 解析到一个新的目录，并放置一个静态的 html 首页。发现网站可以正常访问，而且CPU并未出现占用过高的情况；

第四步，测试PHP运行是否正常，将html页面改成php页面，测试正常，CPU正常；

第五步，将网站原首页复制到新网站目录下，测试一切正常。就当我以为没问题的时候，将整个网站全部复制到新网站目录下，立刻出现CPU占用过高的情况。然后我就想到这种情况肯定不是由于正常访问造成的，因为刚刚恢复访问，不至于有这么大的正常访问。个人猜测肯定是有爬虫抓取，而且无底线的抓取耗尽了资源；

第六步，将所有页面删除，然后一个页面一个页面的往新网站目录下拷贝文件，终于我在复制了 最新UA记录 这个页面的时候，CPU立刻爆表。破案了，肯定是有人想要UA数据，于是用爬虫爬我公开的最新UA记录页面。

第七步，我删除了 最新UA记录 页面之后，CPU占用恢复正常。

于是找到了原因，是某些没有底线的爬虫，抓取的频率太高，耗尽了我的服务器资源。抱歉你们这么做，我只好不让你们爬了！

Another one of the great built-in features of IIS 8 is Dynamic IP Restrictions (DIPR). With a few simple configuration steps you can quickly set limits for blocking IP addresses based on the number of concurrent requests or frequency of requests over a period time. With these parameters in place IIS will take over blocking requests unattended thereby making your server more secure.\r\n\r\nBefore DIPR was available on IIS 7 you could manually block 1 IP or a range of IPs easily in the IP Address and Domain Restrictions module. However this could be a time consuming task if your server was under attack. Using a tool like Log Parser to examine the site’s logs you could identify IPs with suspicious activity but then you still had manually enter Deny Rules. Determined hackers will use a variety of IPs from proxy servers so by the time you’ve blocked a handful a new range could be starting up. DIPR was released out-of-band for IIS 7 and IIS 7.5 so you can leverage this great security tool on those web servers as well. In this walk through I cover how to configure Dynamic IP Restrictions and even show a test in action.\r\n

\r\n

Installing Dynamic IP Restrictions

\r\nOpen the Server Manager and to Web Server role. Under Security ensure that IP and Domain Restrictions is installed.\r\n\r\n\r\n\r\n \r\n

IP Address and Domain Restrictions in IIS Manager

\r\nOpen IIS Manager and click on IP Address and Domain Restrictions.\r\n\r\n\r\n\r\n \r\n\r\nFrom this window you can either Add Allow Entry rules or Add Deny Entry rules. These rules would be for manually blocking (or allowing) one IP address or an IP address range. You have to be careful when blocking an IP range because you could inadvertently block legitimate traffic. Click on Edit Dynamic Restriction Settings to set the dynamic thresholds for blocking IP addresses.\r\n\r\n\r\n\r\n \r\n\r\nClick Edit Feature Settings to set the Deny Action Type. In this example I’ve set Forbidden so blocked requests will receive an http 403 status error. These errors will also be recorded in the site’s log for us to review later.\r\n\r\n\r\n\r\n \r\n\r\nOn the Dynamic IP Restriction Settings screen you can choose the maximum number of concurrent requests to block. And you can also Deny IP addresses based on frequency of requests over a period of time.\r\n\r\n\r\n\r\n \r\n\r\nAs always depending on the volume of your web site’s traffic you should test these settings to ensure that legitimate traffic does not get blocked.\r\n\r\n \r\n

\r\n

Testing Dynamic IP Address Blocking

\r\nI didn’t have a real security incident available for testing the DIPR module so I did the next best thing. Using Fiddler the free debugging tool from Telerik and StressStimulus a free load testing plugin from StimulusTechnology I hammered my test virtual server for a few minutes and got the desired results. With Fiddler open you will see the StressStimulus module. From here you can record your test case or open an existing test case as well as edit the test case paramters.\r\n\r\n\r\n\r\n \r\n

\r\n

\r\n

Test Results

\r\nStressStimulus gives you multiple detailed charts to review to gauge the performance of your site and identify potential areas of weakness. For my test I choose to hit the wp-login.php page on my test WordPress site with 3 concurrent requests and 100 iterations. The test completed within a few minutes.\r\n

\r\n \r\n\r\nVisiting the test page from the server running StressStimulus I get the expected result. It’s blocked by a 403 error.  The full description of this code is 403.502 – Forbidden: Too many requests from the same client IP; Dynamic IP. \r\n

\r\n \r\n\r\nUsing the Log Parser query below to analyze the site log I see that 331 requests were blocked with a 403.502 status code.\r\n

SELECT TOP 100\r\nSTRCAT(EXTRACT_PATH(cs-uri-stem),'/') AS RequestPath, sc-status,sc-substatus,\r\nEXTRACT_FILENAME(cs-uri-stem) AS RequestedFile,\r\nCOUNT(*) AS TotalHits, c-ip\r\nFROM w3svc.og TO top-403-ip-requests\r\nGROUP BY cs-uri-stem, sc-status,sc-substatus,c-ip\r\nORDER BY TotalHits DESC

\r\n

\r\n\r\n \r\n\r\nFurther examination of the log with Log Parser shows the full break down of the requests blocked with 403 status.\r\n\r\nSELECT TOP 100\r\nSTRCAT(EXTRACT_PATH(cs-uri-stem),’/’) AS RequestPath, sc-status,sc-substatus,\r\nEXTRACT_FILENAME(cs-uri-stem) AS RequestedFile,\r\nCOUNT(*) AS TotalHits, c-ip\r\nFROM w3svc.og TO top-403-ip-requests\r\nwhere sc-status=403\r\nGROUP BY cs-uri-stem, sc-status,sc-substatus,c-ip\r\nORDER BY TotalHits DESC\r\n

\r\n

\r\n\r\n \r\n

Summary

\r\nThe Dynamic IP Restrictions module is available with IIS 8 as well as IIS 7 and IIS 7.5. It is a powerful tool to block automated attacks on your site and requires minimal configuration and maintenance. Thanks for reading.