fixed. the "Who's Online" table was filled due to an overly aggressive site indexer, which presented results similar to a DDoS attack. Some site configuration settings were modified in an attempt to prevent that from happening again.
The source IP range is GEO-IP located within Hong Kong which is DDoSing the host directly, again.
I've GEO-IP blocked the IP address range :/ this time, all of Asia.
UBBDEV is hosted on a very old untouched shared server (over a decade old) with limited ram, and is still running PHP 5.4, and a combination of other outdated items which makes it easily susceptible to these things. Hopefully some of today's tweaks will put a cap on it for good this time.
Blocked China at the CDN level, and increased the security level on the firewall; hopefully these combined with Isaacs earlier updates should ease things back to normal.
Okay, Question for future reference. I don't use a cdn. The only way I see to block a county is to via htaccess using .ip2location.com. As just for china that ends in 6443 IP.s to block and some of them are ranges. Is there is easy way to do this
Blue Man Group There is no such thing as stupid questions. Just stupid answers
That is what I meant a lot of deny lines and just for one country. Maybe I need to look into a cdn. So that means a huge htaccess file to maintain I was hoping to hear there is some type of service but I guess cdn is the answer?
Blue Man Group There is no such thing as stupid questions. Just stupid answers
Generally speaking, if you're getting 10k hits per hour from a certain country (such as UBBDev), all from different IP addresses which are spamming pages with bogus traffic, your server may be under attack; in fact, your web host may even be under attack.
There is no doubt they may already know about a burst of traffic, but you should call them directly and let them know to see if there is anything you can do, and ask them what steps you can take to protect yourself from those attacks.
A Content Delivery Network (such as CloudFlare) generally allows one to set custom firewall rules for your site will allow you to flag different security levels, turn on an "I'm under attack" mode, and generally they even give one free SSL certificates.