My Sites Have Been Shut Down for Apple-touch-icon.png requests?

Question

My host (hostgator) has shut down my websites for what they say is CPU overusage. I'm using wordpress. I've added nothing new, but in their logs I see that there are hundreds of requests for various forms of apple-touch-icon.png.

Example:

107.182.226.209 mywebsite.com   /apple-touch-icon-120x120.png
107.182.226.209 mywebsite.com   /apple-touch-icon-120x120.png
107.182.226.209 mywebsite.com   /apple-touch-icon.png
107.182.226.209 mywebsite.com   /apple-touch-icon.png
107.72.164.117  mywebsite.com   /apple-touch-icon.png
107.72.164.117  mywebsite.com   /apple-touch-icon.png
107.72.164.27   mywebsite.com   /apple-touch-icon.png
107.72.164.27   mywebsite.com   /apple-touch-icon.png
107.77.169.5    mywebsite.com   /apple-touch-icon-120x120-precomposed.png
107.77.169.5    mywebsite.com   /apple-touch-icon-120x120-precomposed.png
107.77.169.5    mywebsite.com   /apple-touch-icon.png
107.77.169.5    mywebsite.com   /apple-touch-icon.png

Can someone please tell me how to fix this? They say they will not re-enable my hosting until it is resolved and offer no help.

Answer 1

This may be an attempt at a brute force attack at your website, given the number of requests and the fact your hosting provider shut down your site for cpu usage. I have websites with wordpress and have seen requests for these files even though they didn't exist. This may indicate that what Jon Stirling said about devices checking for certain files may be correct and it may not be a security issue.

If you want to make sure your website doesn't get shut down for traffic issues, I would recommend the Wordfence Security plugin. Even in the free version, it will block ip's for too many bad login attempts, throttle ip's for accessing the site too often, and it has its own firewall and security scanning tools. It can alert you when there is a security issue on your website.

Answer 2

"Hundreds of requests" should not result in your host shutting down your website.

Having said that, if you are using WordPress or Joomla (or any other major CMS), then any hit to a 404 file will result in the whole CMS being loaded. Here's the what happens: if a browser requests a file, then the web server will search for that file in the filesystem, if it can't find it, then it will give control the CMS (through an .htaccess rule) so that the latter can determine what to do with that request. In most cases, the CMS will also return a 404, but only after loading the whole CMS environment. Imagine what would happen when a many 404 requests are simultaneously made to the server (note: we discussed this issue here), that's why it is always a good idea to monitor your 404 errors, and act upon them.