Last night we were hit with what I think was a DOS attack. We have Wordfence installed, but I had to manually block the IP in our .htaccess file to stop the attack. Here is the order of events that occurred.
So my question is, what can I do to prevent this from happening again? The Wordfence notification said it blocked the IP, but it did not. Is there anyway I can further secure our site to prevent this from happening again? If this had been a more sophisticated attack from multiple IPs, how would we stop it?
Any thoughts on this would be greatly appreciated.
Thank you
]]>Does anyone have any ideas of what I may need to adjust to actually block login attempts from this odd username?
Thanks!
]]>The issue has been identified by our server administrators and the abusive IP addresses have been blocked on our network.
—–
222.186.60.102
46.45.144.2
161.202.17.152
125.212.207.77
192.41.71.208
185.103.252.174
185.106.92.140
85.143.223.208
112.217.161.210
185.103.252.173
104.238.181.185
184.172.202.212
5.44.154.253
—————————-
My question, has anyone else had this problem recently?
Is this due to a WordPress vulnerability?
Am I doing the right thing blocking googlebots – assuming they are googlebots?
my Site without cloudflare Iam under attack mode does not work ..
i have contact with the hosting they give many of ip and said you must deny them. i do it but the problem still.
i add many of plugins such akismet,captcha, wordfence and spam free and w3-total-cache but the problem still show me and my website been slow. the problem is only with wordpress blog but another html page dont show me this problem.
I want to Prevent dos or ddos attack permanently without iam under attack mode … how??
Is there a professional way … What do I do?
my site: sumeronline.com
help me. thanks
The same thing happened yesterday. My hosting provider emailed me – “If you look at the Apache Server Status report (below) you’ll see that psychosolodiver.com was flooded with requests (column named REQ) yesterday morning, just before MySQL hung..I suspect it was a deliberate DOS attack.”
All was fine after a reboot yesterday. However, sometime this morning, I noticed when going to my site, that it’s no longer there.
All it says is: “Psychosolodiver.com — Coming Soon! Really soon”
Thing is, I could still get to my wp-admin logon.
Where would this be pulling from and why? If this is a hacker, it’s a pretty lame message.
I have tried switching templates, but that doesn’t change anything.
I’m running WordPress 3.7 and have the Security Essentials Plugin installed.
I have suspended my account pending an investigation.
What is your take on this? Why would that message all of a sudden be displayed instead of my site?
]]>The first techs said it was probably a DOS attack. But then I got another email saying there were too many requests for chron. I looked it up and all I could see was one plugin for Editorial Calendar, which I disabled. I had just enabled Feedburner Feedsmith, so I disabled that one, too, as well as Redirection, which has been giving me weird logs for a while. (reported that in another post here, no replies.)
12 hours later, Ipower allowed the blogs up again, and said:
Researching the WordPress support forums and the net in general for each of the plugins will usually give you an idea of whether other people have had resource issues with it. A common example is the all-in-one-seo-pack.
Reading around here, I can’t find complaints about all in one. Since I don’t see ANY of these requests – they aren’t in my trackers at all – how could we possibly know what is causing so many requests? How do I know what plugins to trust now?
Has anyone seen this recently? Most questions on chron.php seem to be a couple of years ago.
]]>Dear Customer,
Our systems team did some investigation and did inform us that the issue was with WordPress, and with the notes directory. A copy of the logs has been provided below. An IP was continually hitting it, essentially launching a DDoS attack against our server. Our systems team blocked that IP and we temporarily disabled /home/a/1/0/13560/13560/www/notes until you are able to look further into the issue. But the rest of your site is active. Feel free to let us know if you require any further assistance.
Thank you,
Abuse Department
Hostway Corporation
I have no idea what to do, and not knowing any code, no idea even what to look for. I cannot even download the “notes” folder by ftp as I get the message:
Could not change directory to :/13560/public_html/notes”. Server said Permission denied, Error – 125: remote chdir failed
Any help will be gratefully received. I have not attached the log the server sent as it is extensive: but I can do so if it is of use.
TIA.
TR