Results 1 to 15 of 15
  1. #1

    Server being hit by a botnet.

    My server is being hit by a botnet and it has been going for a few hours now. I have stopped the attack by activating cloudflares "im under attack" mode for now.

    The attack started yesterday and stopped late last night but then started up again today.

    I am afraid using the site in the under attack mode will also be blocking google bots from my site, so I would like to turn that off sometime.

    Anyone got any solutions for me?

    Forgot to mention they are hitting my /wp-login.php file.

    Thanks
    Last edited by ChrisZA; 09-02-2013 at 08:22 AM.

  2. #2
    Join Date
    Jun 2011
    Location
    UK
    Posts
    2,146
    The wp-login.php attack is very pesky. There's guidance here on mitigating/blocking it:

    http://codex.wordpress.org/Brute_Force_Attacks
    █ cPanel Hosting | MariaDB ♦ LiteSpeed ♦ CloudLinux ♦ Softaculous App Installer
    █ Managed cPanel VPS | WHMXtra ♦ Daily Backups ♦ Pro-Active Security Updates
    60 Day Money Back Guarantee ♦ 24/7/365 Technical Support ♦ 99.9% Uptime Guarantee

  3. #3
    Thanks I will have a look and see if it helps.

  4. #4
    Join Date
    Jun 2011
    Location
    UK
    Posts
    2,146
    █ cPanel Hosting | MariaDB ♦ LiteSpeed ♦ CloudLinux ♦ Softaculous App Installer
    █ Managed cPanel VPS | WHMXtra ♦ Daily Backups ♦ Pro-Active Security Updates
    60 Day Money Back Guarantee ♦ 24/7/365 Technical Support ♦ 99.9% Uptime Guarantee

  5. #5
    Correct me if I am wrong, do I post the script from that page in my .htaccess file?

    When I add it to my .htaccess file my site returns a 500 error.

    Sorry if im being stupid, I am pretty tired.

  6. #6

    Re: Server being hit by a botnet.

    I have the same issue. You can use wordfense plugin to protect your blog against brutal attract. I do the same. Also you can block those IP using vps firewall. Now there's no issue.

  7. #7

    Re: Server being hit by a botnet.

    Do you have firewall like csf? That might do some good with those many login attemps.
    Code goes in and code comes out..

  8. #8
    Join Date
    Dec 2012
    Location
    Lithuania
    Posts
    692
    1. Go with Cloudflare (even FREE plan can help)
    2. Install CSF firewall software
    3. Install fail2ban (optional, may have some issues with CSF)
    4. Install mod_security to avoid most XSS attacks
    Build a custom VPS in Europe | VPS Resellers welcome
    Enterprise-level quality at an affordable price.
    Time4VPS: Flexible, worry-free VPS hosting.

  9. #9
    Quote Originally Posted by vanHelsing View Post
    Do you have firewall like csf? That might do some good with those many login attemps.
    I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.

    The attack seems to have died down for now.

    Cloudflare has been my best defense this far, I would recommend using them for times like these.

    Thanks to everyone here for the helpful info.

  10. #10
    Quote Originally Posted by Time4VPS View Post
    1. Go with Cloudflare (even FREE plan can help)
    2. Install CSF firewall software
    3. Install fail2ban (optional, may have some issues with CSF)
    4. Install mod_security to avoid most XSS attacks
    Cloudflare was a life saver, I use the free version and activated "I am under attack mode" once that was active it stopped everything. If anyone does do this, you may need to restart your httpd service after activating attack mode.

    I have CSF but that did nothing with this attack.
    I'll have a look at fail2ban and definitely install mod_sec.

    Thanks for the tips.

  11. #11
    Join Date
    Dec 2012
    Location
    Lithuania
    Posts
    692
    Quote Originally Posted by VexBlade View Post
    <...>

    I have CSF but that did nothing with this attack.
    Each attack is unique. You need to tune-up CSF to handle requests properly. Default configuration of CSF not always can help.

    I'am glad that you solved your issue. Let WHT know if you have any more problems
    Build a custom VPS in Europe | VPS Resellers welcome
    Enterprise-level quality at an affordable price.
    Time4VPS: Flexible, worry-free VPS hosting.

  12. #12
    Join Date
    Aug 2013
    Location
    London
    Posts
    45
    Why do hackers have to ruin everything.

    Sorry to sound stupid but what is Cloudflare, how does it work?

  13. #13
    Join Date
    Sep 2012
    Location
    Switzerland
    Posts
    153
    Quote Originally Posted by ChronicMusic View Post
    Why do hackers have to ruin everything.

    Sorry to sound stupid but what is Cloudflare, how does it work?
    In a nutshell Cloudflare is a CDN company that also focuses on protection from online threats. You'll find more information on their website.
    INCLOUDIBLY.NET :: DDoS Protected Hosting

  14. #14
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,028
    Quote Originally Posted by VexBlade View Post
    I do use csf and it seems to be doing nothing, guess it just thinks its regular traffic.

    The attack seems to have died down for now.

    Cloudflare has been my best defense this far, I would recommend using them for times like these.

    Thanks to everyone here for the helpful info.
    You can use fail2ban with a custom regex to ban IPs which hit wp-login.php for more than 5 times a minute for instance. Let me know if you want to go with that, as I could quickly write you a fitting regex if you could post your access log entries and the log path.
    r00t-Services.net | DDoS Protected VMs & Remote DDoS Protection, Security, Optimization.
    In business since 2011 | Contact us: support[at]r00t-services.net
    Affordable & Powerful DDoS Protection Service in Europe and the USA! (⌐■_■)--︻╦╤─ - - - DDoS

  15. #15
    Join Date
    May 2013
    Location
    USA
    Posts
    834
    Quote Originally Posted by HVH - George View Post
    This mod_rewrite patch has worked well for our customers who have become targeted by this attack.
    ▄▀▄ Brian Harrison, Lead Programmer - Reprise Hosting (AS62838)
    ▄▀▄ Deals on cheap dedicated server hosting. IPMI included! Unmetered bandwidth.
    ▄▀▄ Website migration, 24/7/365 support, basic server setup, 15 day money back.
    ▄▀▄ Looking for DEALS on self-managed cheap VPS hosting? Visit VPSHostingDEAL.com

  16. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. My server is under SYN and/or botnet, how can I prevent this attack?
    By SiSHCO in forum Hosting Security and Technology
    Replies: 14
    Last Post: 03-16-2010, 02:57 AM
  2. Botnet attack my server
    By HomerJSimpson in forum Hosting Security and Technology
    Replies: 4
    Last Post: 11-03-2009, 03:19 PM
  3. Attack from a Botnet on my Root Server, with the same Referer.
    By Internoc24 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 09-23-2007, 04:36 AM
  4. Can you hit my server?
    By Jhorra in forum Other Reviews
    Replies: 6
    Last Post: 03-12-2007, 03:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •