Results 1 to 15 of 15
Thread: Server being hit by a botnet.
-
09-02-2013, 08:18 AM #1Newbie
- Join Date
- Jan 2010
- Posts
- 9
Server being hit by a botnet.
My server is being hit by a botnet and it has been going for a few hours now. I have stopped the attack by activating cloudflares "im under attack" mode for now.
The attack started yesterday and stopped late last night but then started up again today.
I am afraid using the site in the under attack mode will also be blocking google bots from my site, so I would like to turn that off sometime.
Anyone got any solutions for me?
Forgot to mention they are hitting my /wp-login.php file.
ThanksLast edited by ChrisZA; 09-02-2013 at 08:22 AM.
-
09-02-2013, 08:31 AM #2
The wp-login.php attack is very pesky. There's guidance here on mitigating/blocking it:
http://codex.wordpress.org/Brute_Force_Attacks~]# Ethernet Servers Ltd - Est. 2014! - sales @ ethernetservers.com
~]# Try out our WordPress speed tests for yourself!
~]# NVMe Web Hosting | Unmanaged VPS | Fully Managed VPS | Dedicated Servers | Domain Names
~]# Don't settle for any less than the very best - come & join our family today!
-
09-02-2013, 08:45 AM #3Newbie
- Join Date
- Jan 2010
- Posts
- 9
Thanks I will have a look and see if it helps.
-
09-02-2013, 08:47 AM #4
This may help you: http://www.frameloss.org/2013/04/26/...for-wordpress/
~]# Ethernet Servers Ltd - Est. 2014! - sales @ ethernetservers.com
~]# Try out our WordPress speed tests for yourself!
~]# NVMe Web Hosting | Unmanaged VPS | Fully Managed VPS | Dedicated Servers | Domain Names
~]# Don't settle for any less than the very best - come & join our family today!
-
09-02-2013, 09:15 AM #5Newbie
- Join Date
- Jan 2010
- Posts
- 9
Correct me if I am wrong, do I post the script from that page in my .htaccess file?
When I add it to my .htaccess file my site returns a 500 error.
Sorry if im being stupid, I am pretty tired.
-
09-02-2013, 02:14 PM #6Junior Guru
- Join Date
- Jan 2013
- Posts
- 179
Re: Server being hit by a botnet.
I have the same issue. You can use wordfense plugin to protect your blog against brutal attract. I do the same. Also you can block those IP using vps firewall. Now there's no issue.
-
09-02-2013, 11:12 PM #7Junior Guru
- Join Date
- Apr 2004
- Posts
- 200
Re: Server being hit by a botnet.
Do you have firewall like csf? That might do some good with those many login attemps.
Code goes in and code comes out..
-
09-03-2013, 02:39 AM #8Disabled
- Join Date
- Jan 2010
- Location
- Lithuania
- Posts
- 1,115
1. Go with Cloudflare (even FREE plan can help)
2. Install CSF firewall software
3. Install fail2ban (optional, may have some issues with CSF)
4. Install mod_security to avoid most XSS attacks
-
09-03-2013, 02:45 AM #9Newbie
- Join Date
- Jan 2010
- Posts
- 9
I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.
The attack seems to have died down for now.
Cloudflare has been my best defense this far, I would recommend using them for times like these.
Thanks to everyone here for the helpful info.
-
09-03-2013, 02:53 AM #10Newbie
- Join Date
- Jan 2010
- Posts
- 9
Cloudflare was a life saver, I use the free version and activated "I am under attack mode" once that was active it stopped everything. If anyone does do this, you may need to restart your httpd service after activating attack mode.
I have CSF but that did nothing with this attack.
I'll have a look at fail2ban and definitely install mod_sec.
Thanks for the tips.
-
09-03-2013, 02:55 AM #11Disabled
- Join Date
- Jan 2010
- Location
- Lithuania
- Posts
- 1,115
-
09-03-2013, 07:32 AM #12Junior Guru Wannabe
- Join Date
- Aug 2013
- Location
- London
- Posts
- 47
Why do hackers have to ruin everything.
Sorry to sound stupid but what is Cloudflare, how does it work?
-
09-03-2013, 09:24 AM #13Disabled
- Join Date
- Sep 2012
- Location
- Estonia
- Posts
- 164
-
09-03-2013, 10:37 AM #14Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
09-04-2013, 04:16 AM #15Web Hosting Master
- Join Date
- May 2013
- Location
- USA
- Posts
- 931
▄▀▄ Brian Harrison, Lead Engineer - Reprise Hosting (AS62838)
▄▀▄ Deals on cheap dedicated server hosting. IPMI included! Unmetered bandwidth.
▄▀▄ Website migration, 24/7/365 support, basic server setup, 15 day money back.
▄▀▄ Looking for DEALS on self-managed cheap VPS hosting? Visit VPSHostingDEAL.com
Similar Threads
-
My server is under SYN and/or botnet, how can I prevent this attack?
By SiSHCO in forum Hosting Security and TechnologyReplies: 14Last Post: 03-16-2010, 02:57 AM -
Botnet attack my server
By HomerJSimpson in forum Hosting Security and TechnologyReplies: 4Last Post: 11-03-2009, 03:19 PM -
Attack from a Botnet on my Root Server, with the same Referer.
By Internoc24 in forum Hosting Security and TechnologyReplies: 6Last Post: 09-23-2007, 04:36 AM -
Can you hit my server?
By Jhorra in forum Other ReviewsReplies: 6Last Post: 03-12-2007, 03:37 PM