hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : Server being hit by a botnet.
Reply

Forum Jump

Server being hit by a botnet.

Reply Post New Thread In VPS Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Newbie
 
Join Date: Jan 2010
Posts: 9

Server being hit by a botnet.


My server is being hit by a botnet and it has been going for a few hours now. I have stopped the attack by activating cloudflares "im under attack" mode for now.

The attack started yesterday and stopped late last night but then started up again today.

I am afraid using the site in the under attack mode will also be blocking google bots from my site, so I would like to turn that off sometime.

Anyone got any solutions for me?

Forgot to mention they are hitting my /wp-login.php file.

Thanks


Last edited by ChrisZA; 09-02-2013 at 08:22 AM.


Sponsored Links
  #2  
Old
Corporate Member
 
Join Date: Jun 2011
Location: Sidmouth, United Kingdom
Posts: 1,429
The wp-login.php attack is very pesky. There's guidance here on mitigating/blocking it:

http://codex.wordpress.org/Brute_Force_Attacks

__________________
George - EthernetServers.com
Fully Managed cPanel VPS ♦ cPanel Shared Hosting ♦ WHM Reseller Hosting
Two fantastic locations - Buffalo, USA ♦ Los Angeles, USA
Chat with us on Skype: EthernetServers | Email: george@ethernetservers.com

  #3  
Old
Newbie
 
Join Date: Jan 2010
Posts: 9
Thanks I will have a look and see if it helps.

Sponsored Links
  #4  
Old
Corporate Member
 
Join Date: Jun 2011
Location: Sidmouth, United Kingdom
Posts: 1,429

__________________
George - EthernetServers.com
Fully Managed cPanel VPS ♦ cPanel Shared Hosting ♦ WHM Reseller Hosting
Two fantastic locations - Buffalo, USA ♦ Los Angeles, USA
Chat with us on Skype: EthernetServers | Email: george@ethernetservers.com

  #5  
Old
Newbie
 
Join Date: Jan 2010
Posts: 9
Correct me if I am wrong, do I post the script from that page in my .htaccess file?

When I add it to my .htaccess file my site returns a 500 error.

Sorry if im being stupid, I am pretty tired.

  #6  
Old
WHT Addict
 
Join Date: Jan 2013
Posts: 163
Re: Server being hit by a botnet.

I have the same issue. You can use wordfense plugin to protect your blog against brutal attract. I do the same. Also you can block those IP using vps firewall. Now there's no issue.

  #7  
Old
Junior Guru
 
Join Date: Apr 2004
Posts: 199
Re: Server being hit by a botnet.

Do you have firewall like csf? That might do some good with those many login attemps.

__________________
Code goes in and code comes out..

  #8  
Old
Web Hosting Master
 
Join Date: Dec 2012
Location: Lithuania
Posts: 689
1. Go with Cloudflare (even FREE plan can help)
2. Install CSF firewall software
3. Install fail2ban (optional, may have some issues with CSF)
4. Install mod_security to avoid most XSS attacks

__________________
Build a custom VPS in Europe | VPS Resellers welcome
Enterprise-level quality at an affordable price.
Time4VPS: Flexible, worry-free VPS hosting.

  #9  
Old
Newbie
 
Join Date: Jan 2010
Posts: 9
Quote:
Originally Posted by vanHelsing View Post
Do you have firewall like csf? That might do some good with those many login attemps.
I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.

The attack seems to have died down for now.

Cloudflare has been my best defense this far, I would recommend using them for times like these.

Thanks to everyone here for the helpful info.

  #10  
Old
Newbie
 
Join Date: Jan 2010
Posts: 9
Quote:
Originally Posted by Time4VPS View Post
1. Go with Cloudflare (even FREE plan can help)
2. Install CSF firewall software
3. Install fail2ban (optional, may have some issues with CSF)
4. Install mod_security to avoid most XSS attacks
Cloudflare was a life saver, I use the free version and activated "I am under attack mode" once that was active it stopped everything. If anyone does do this, you may need to restart your httpd service after activating attack mode.

I have CSF but that did nothing with this attack.
I'll have a look at fail2ban and definitely install mod_sec.

Thanks for the tips.

  #11  
Old
Web Hosting Master
 
Join Date: Dec 2012
Location: Lithuania
Posts: 689
Quote:
Originally Posted by VexBlade View Post
<...>

I have CSF but that did nothing with this attack.
Each attack is unique. You need to tune-up CSF to handle requests properly. Default configuration of CSF not always can help.

I'am glad that you solved your issue. Let WHT know if you have any more problems

__________________
Build a custom VPS in Europe | VPS Resellers welcome
Enterprise-level quality at an affordable price.
Time4VPS: Flexible, worry-free VPS hosting.

  #12  
Old
Junior Guru Wannabe
 
Join Date: Aug 2013
Location: London
Posts: 45
Why do hackers have to ruin everything.

Sorry to sound stupid but what is Cloudflare, how does it work?

  #13  
Old
Premium Member
 
Join Date: Sep 2012
Location: Switzerland
Posts: 148
Quote:
Originally Posted by ChronicMusic View Post
Why do hackers have to ruin everything.

Sorry to sound stupid but what is Cloudflare, how does it work?
In a nutshell Cloudflare is a CDN company that also focuses on protection from online threats. You'll find more information on their website.

__________________
INCLOUDIBLY.NET :: DDoS Protected Hosting

  #14  
Old
Web Hosting Master
 
Join Date: Dec 2011
Location: Germany
Posts: 974
Quote:
Originally Posted by VexBlade View Post
I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.

The attack seems to have died down for now.

Cloudflare has been my best defense this far, I would recommend using them for times like these.

Thanks to everyone here for the helpful info.
You can use fail2ban with a custom regex to ban IPs which hit wp-login.php for more than 5 times a minute for instance. Let me know if you want to go with that, as I could quickly write you a fitting regex if you could post your access log entries and the log path.

__________________
r00t-Services.net | Anti DDoS, WAF, Security, Optimization, Troubleshooting.
In business since 2011 | Contact us: support[at]r00t-services.net
Affordable & Powerful DDoS Protection Service in Europe and the USA! (⌐■_■)--︻╦╤─ - - - DDoS

  #15  
Old
Web Hosting Master
 
Join Date: May 2013
Location: USA
Posts: 830
Quote:
Originally Posted by HVH - George View Post
This mod_rewrite patch has worked well for our customers who have become targeted by this attack.

__________________
▄▀▄ Brian Harrison, Lead Programmer - Reprise Hosting (AS62838)
▄▀▄ Deals on private cheap VPN plans. OpenVPN and PPTP! Unmetered bandwidth.
▄▀▄ Website migration, 24/7/365 support, basic server setup, 15 day money back.
▄▀▄ Looking for DEALS on self-managed cheap VPS hosting? Visit VPSHostingDEAL.com

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
My server is under SYN and/or botnet, how can I prevent this attack? SiSHCO Hosting Security and Technology 14 03-16-2010 02:57 AM
Botnet attack my server HomerJSimpson Hosting Security and Technology 4 11-03-2009 03:19 PM
Attack from a Botnet on my Root Server, with the same Referer. Internoc24 Hosting Security and Technology 6 09-23-2007 04:36 AM
Can you hit my server? Jhorra Other Reviews 6 03-12-2007 03:37 PM

Related posts from TheWhir.com
Title Type Date Posted
Hackers Use Enterprise Linux Systems in Botnet DDoS Attacks: Prolexic Research Web Hosting News 2014-09-04 11:22:30
Attackers Targeting On-Premise IT are Shifting Focus to Cloud Hosting Providers: Alert Logic Report Web Hosting News 2014-04-30 18:21:53
Canadian Web Hosting Joins OpenStack Foundation, Preps Public Cloud Launch Web Hosting News 2013-05-15 15:36:46
Polish Domain Registry NASK Seizes Domains Used in Pervasive Virut Botnet Web Hosting News 2013-01-21 16:56:31
Canadian Web Hosting Offers New Botnet and Malware Prevention Service Web Hosting News 2012-11-02 15:12:55


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?