I had this site crashing recently due to an EPS resource limit exceeded. Some comments from the server techs at Liquid Web (where I have all my sites hosted):
- Looking at your server, I see that a single IP address, 147.78.47.34, has made 1590 HTTPS requests to https://santapaulaairport.com/our-businesses , several of them post or have get parameters, and are using a browser that has been out of date for about a decade. (Turning off this page temporarily did not stop the issue - they just hit other pages. We blocked the IPs but "they" just used others)
- That said what I think is causing you the most issue here is the EP limit you have set in CloudLinux as when it hits that limit you then get the 508 pages.
- The Traffic you are seeing here is well below what a DDoS would generally look like (in fact I am hesitant to call what is being experienced a DDoS). This is more like some abusive traffic is hitting the server and causing just cloudlinux limits that were set to now be hit. Traffic like this really common and even more so lately.
When I look at RAM or bandwidth usage, or server loads, there is nothing out of the ordinary. So it seems that the overload is actually a relatively small amount of traffic and it seems to have avoided Admin Tools noticing it as I see none of the IPs we ended up blocking in the server firewall appeared in Admin Tools blocking.
Now, I'm not blaming Admin Tools at all - far from it; it's saved my bacon a lot!!, just trying to understand how it's meant to work in regards blocking/not blocking this sort of traffic. My understanding of it was anything like a post or get request would be picked up and analyzed by Admin Tools and multiple of them from the same IP would trigger an automatic block, assuming the auto block feature is turned on (it is).
To stop the crashing I ended up installing a Web Firewall from Sucuri, but that's going to get expensive with 90+ sites to do.
