Results 1 to 15 of 15
  1. #1

    Server being hit by a botnet.

    My server is being hit by a botnet and it has been going for a few hours now. I have stopped the attack by activating cloudflares "im under attack" mode for now.

    The attack started yesterday and stopped late last night but then started up again today.

    I am afraid using the site in the under attack mode will also be blocking google bots from my site, so I would like to turn that off sometime.

    Anyone got any solutions for me?

    Forgot to mention they are hitting my /wp-login.php file.

    Thanks
    Last edited by ChrisZA; 09-02-2013 at 08:22 AM.

  2. #2
    Join Date
    Jun 2011
    Location
    USA/UK/SG
    Posts
    3,636
    The wp-login.php attack is very pesky. There's guidance here on mitigating/blocking it:

    http://codex.wordpress.org/Brute_Force_Attacks
    ~]# Ethernet Servers Ltd - Est. 2014! - sales @ ethernetservers.com
    ~]# Try out our WordPress speed tests for yourself!
    ~]# NVMe Web Hosting | Unmanaged VPS | Fully Managed VPS | Dedicated Servers | Domain Names
    ~]# Don't settle for any less than the very best - come & join our family today!

  3. #3
    Thanks I will have a look and see if it helps.

  4. #4
    Join Date
    Jun 2011
    Location
    USA/UK/SG
    Posts
    3,636
    ~]# Ethernet Servers Ltd - Est. 2014! - sales @ ethernetservers.com
    ~]# Try out our WordPress speed tests for yourself!
    ~]# NVMe Web Hosting | Unmanaged VPS | Fully Managed VPS | Dedicated Servers | Domain Names
    ~]# Don't settle for any less than the very best - come & join our family today!

  5. #5
    Correct me if I am wrong, do I post the script from that page in my .htaccess file?

    When I add it to my .htaccess file my site returns a 500 error.

    Sorry if im being stupid, I am pretty tired.

  6. #6

    Re: Server being hit by a botnet.

    I have the same issue. You can use wordfense plugin to protect your blog against brutal attract. I do the same. Also you can block those IP using vps firewall. Now there's no issue.

  7. #7

    Re: Server being hit by a botnet.

    Do you have firewall like csf? That might do some good with those many login attemps.
    Code goes in and code comes out..

  8. #8
    Join Date
    Jan 2010
    Location
    Lithuania
    Posts
    1,115
    1. Go with Cloudflare (even FREE plan can help)
    2. Install CSF firewall software
    3. Install fail2ban (optional, may have some issues with CSF)
    4. Install mod_security to avoid most XSS attacks

  9. #9
    Quote Originally Posted by vanHelsing View Post
    Do you have firewall like csf? That might do some good with those many login attemps.
    I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.

    The attack seems to have died down for now.

    Cloudflare has been my best defense this far, I would recommend using them for times like these.

    Thanks to everyone here for the helpful info.

  10. #10
    Quote Originally Posted by Time4VPS View Post
    1. Go with Cloudflare (even FREE plan can help)
    2. Install CSF firewall software
    3. Install fail2ban (optional, may have some issues with CSF)
    4. Install mod_security to avoid most XSS attacks
    Cloudflare was a life saver, I use the free version and activated "I am under attack mode" once that was active it stopped everything. If anyone does do this, you may need to restart your httpd service after activating attack mode.

    I have CSF but that did nothing with this attack.
    I'll have a look at fail2ban and definitely install mod_sec.

    Thanks for the tips.

  11. #11
    Join Date
    Jan 2010
    Location
    Lithuania
    Posts
    1,115
    Quote Originally Posted by VexBlade View Post
    <...>

    I have CSF but that did nothing with this attack.
    Each attack is unique. You need to tune-up CSF to handle requests properly. Default configuration of CSF not always can help.

    I'am glad that you solved your issue. Let WHT know if you have any more problems

  12. #12
    Join Date
    Aug 2013
    Location
    London
    Posts
    47
    Why do hackers have to ruin everything.

    Sorry to sound stupid but what is Cloudflare, how does it work?

  13. #13
    Join Date
    Sep 2012
    Location
    Estonia
    Posts
    164
    Quote Originally Posted by ChronicMusic View Post
    Why do hackers have to ruin everything.

    Sorry to sound stupid but what is Cloudflare, how does it work?
    In a nutshell Cloudflare is a CDN company that also focuses on protection from online threats. You'll find more information on their website.

  14. #14
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Quote Originally Posted by VexBlade View Post
    I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.

    The attack seems to have died down for now.

    Cloudflare has been my best defense this far, I would recommend using them for times like these.

    Thanks to everyone here for the helpful info.
    You can use fail2ban with a custom regex to ban IPs which hit wp-login.php for more than 5 times a minute for instance. Let me know if you want to go with that, as I could quickly write you a fitting regex if you could post your access log entries and the log path.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  15. #15
    Join Date
    May 2013
    Location
    USA
    Posts
    931
    Quote Originally Posted by HVH - George View Post
    This mod_rewrite patch has worked well for our customers who have become targeted by this attack.
    ▄▀▄ Brian Harrison, Lead Engineer - Reprise Hosting (AS62838)
    ▄▀▄ Deals on cheap dedicated server hosting. IPMI included! Unmetered bandwidth.
    ▄▀▄ Website migration, 24/7/365 support, basic server setup, 15 day money back.
    ▄▀▄ Looking for DEALS on self-managed cheap VPS hosting? Visit VPSHostingDEAL.com

Similar Threads

  1. My server is under SYN and/or botnet, how can I prevent this attack?
    By SiSHCO in forum Hosting Security and Technology
    Replies: 14
    Last Post: 03-16-2010, 02:57 AM
  2. Botnet attack my server
    By HomerJSimpson in forum Hosting Security and Technology
    Replies: 4
    Last Post: 11-03-2009, 03:19 PM
  3. Attack from a Botnet on my Root Server, with the same Referer.
    By Internoc24 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 09-23-2007, 04:36 AM
  4. Can you hit my server?
    By Jhorra in forum Other Reviews
    Replies: 6
    Last Post: 03-12-2007, 03:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •