/events-calendar/?ajaxCalendar hit 1000’s times by bots, eats bandwidth

Hello,

I’m going to let the Devs know about this.

Actually I have the same problem. Its an amazon server from Singapore, which wants connect to Event Manager every 4 minutes.

It started mid December.

WP 6.4.2.
EM 6.4.6.4.

I’ve got exactly the same problem, to the extent that my page is unresponsive, because it’s on a small shared webhosting plan and maxing out CPU usage.

I banned some of the worst offenders via .htaccess, activated softaculous bot protection and use the blackhole for bad bots plugin. First measure helped, so I can’t verify if the others would be useful.

I am not experiencing this same problem but it is the facebook and bing bots. They are excessively accessing the ajaxCalendar.

Has there been any progress on this issue?

I am limiting bots via WordFence but I am not sure this will be enough.

@angelo_nwl any news on this one?

I’ve got the same problem. Any news about this???

This is happening us as well.

Does anyone have a solution?

/calendar/?id=1438129239&ajaxCalendar=1&mo=5&yr=2024

The id is changing every time on GET requests, which is causing the bots to get caught in a loop. The bots can’t tell they shouldn’t be following that link

Would blocking GET requests to that URL work? I believe when used as intended they are supposed to be ajax POST requests.

• This reply was modified 5 months, 1 week ago by Seagull87.

Hello Everyone,

We need to evaluate this a little more but meantime we’ve made some solutions that’ll help a lot we hope.

We’ll remove the id= querystring and we can add it on via JS, that’ll help immediately and will be out in today’s update.

Additionally, we’re adding a calendar_nav_nofollow parameter you can add to your shortcode. We’ll elaborate further on this in a following release, but you can also make that a default value set to try by hooking into the em_calendar_get_default_search filter, the array key is in there.

If you have multiple calendars spread out around your site, I’d recommend adding that nofollow argument and leave maybe one without it.

Ugh, same issue, from Facebook. Tried adding the shortcode parameter, no luck (in fact it looks like it might have gotten worse).

Version:?6.4.9
WP 6.5.5?

We’ve had the facebook spider blocked via useragent for over a week now and they are still constantly requesting the calendar with the id= query string. I assume things won’t calm down until facebook have exhausted all the links they’ve already gathered. Hopefully they shouldn’t be picking up any more new links now thanks to the last update.

Chiming in to +1 this thread. I’ve had this issue happening for a while to the point that it was preventing real users to access my websites, and only today I realized it was because of the bots constantly querying the ajaxCalendar endpoint. After blocking both Amazonbot and Facebook’s bot user agents on Nginx, the issue seems to be solved and both CPU and bandwidth consumption dropped gigantically. Would recommend going this way if you can afford to block both bots.

I have the same issue with Facebook bot, across all 5 of the sites I have using Event Calendar. They are using 12GB of bandwidth a month and more! Need a fix asap. We have the latest version so fix above doesn’t seem to have worked.

• This reply was modified 4 months ago by danifly.

We need to work closer with people on this, ideally with more direct feedback regarding access logs that may contain semi-sensitive info, as we need to know what page they are shifting from/to. You can get in touch via our contact form for privacy.

We’re working directly with some pro customers to mitigate this, we not allowed to ask you here for FTP/login info as per the .org forum policies.

That said, so far the customers with this issue are on slightly older versions and we’re pending feedback after updating. What’s important (so far as per my findings) is removing links with id=… from getting crawled, because that ID is unique and therefore each page load creates a unique url and therefore endless navigation back/forth in the calendars.

For example, our demo site is on the latest versions and there’s no id in the navigation URLs anymore. Robots won’t necessarily respect the nofollow tag (they may follow it and not index it, but that’s still a hit on your server). Our demo site also was sluggish recently, I think the cause may well have been the same, but recently (coincidentally after fixing this in recent updates) load is down to optimal again.

@flagship890 may have a point here too:

I assume things won’t calm down until facebook have exhausted all the links they’ve already gathered. Hopefully they shouldn’t be picking up any more new links now thanks to the last update.

edit your robots.txt file takes about 24 hours but this worked for us.

User-agent: *
Disallow: /wp-admin

User-agent: Amazonbot # Amazon’s user agent
Disallow: /calendar/ # disallow this directory

User-agent: * # any robot
Disallow: /calendar/ # disallow this directory

User-agent: meta-externalagent
Disallow: /calendar/ # Disallow a specific directory

you may need to tweak the disallow rules specific to your situation but this immediately solved our issue with the bots rather than blocking it out right which would still consume bandwidth and logs.