Alerts from another domain

If you build sites for clients, is it possible that a former client has changed the domain name of an existing site that you had originally set up?

You can get contact information from public “whois” records, if you want to try reaching them:
https://whois.domaintools.com/multiplestreams.com

The only client sites are both built and fully maintained by me as the clients have no idea. I was in NZ, now Australia and this site and owner are in Sacramento.

The registrant is Gary Brewer in California who uses GoDaddy and Enom (I use neither). The only common link is Hostgator. Different IP address.

Odd that he would set the contact email to [email protected] (My domain is like sausages99, so hard to confuse with another name)

BTW WFMattR Hostgator (shared) has shut me down 3x in 3 weeks as Wordfence was doing it’s job. “Excessive traffic”. I have every setting set to “Block after 3 tries” (You get what I mean). I was under a DDoS at 2000 hits a day and WordFence did an excellent job – So kudos by the bucketful for that!.

Not sure how to limit the server load under these circumstances. They were attacking WP-Login but, even with the page name changed, they found the new page and continued.

I’ve noticed the cross-site attacks have dropped off and the SQL injections have also reduced but the brute force ones are escalating rapidly.

That definitely sounds odd then, unless it’s a very rare coincidence with unusual domain names that happen to be one letter or number apart, where it could be a typo. Maybe he has a “sausages98” domain. ??

I would try contacting him if you can, but with caution, in case it is some sort of scam attempt. That would be an odd way for someone to try, but you can’t be too careful. If his site keeps sending email this way, after contacting him, you might have to contact his hosting company.

Thanks for the feedback on Wordfence, too! About the only thing you can do to limit the load impact from within your site when under attack like that, would be to enable Falcon caching — in addition to the speed benefit for real traffic, it lets Wordfence block bad users in a more efficient way, using the .htaccess file, so WordPress and the database don’t do as much work for each attempt. Unfortunately, I’ve heard that before from users on Hostgator — I’m not sure if this will be enough for Hostgator’s limits, since you can’t actually stop the traffic from trying, but it is worth a try. Falcon works well on most sites, but the cache may prevent things like twitter feeds from updating, depending on how they’re built.

Thanks Matt – Falcon was the first thing I activated when I installed WordFence. I also have CloudFlare on all sites.

HG simply don’t care about DDoS etc. when they are only getting $10 a year.

I’ve written to the registrant this morning so we’ll see. There’s no confirmation on the alert email I guess (Can’t remember – been using WF since it came out).

In setting up the VPS I’ve learned how to limit attempts on a page and also how to block countries at server level to prevent this. Shame that cPanel don’t introduce a country block feature.

Perhaps there’s a niche for you. WordFence for cPanel.

Sadly, WordPress is a sieve and too far down the directory tree, so it’s a mammoth task I know.

Thanks again.

Any luck on getting the email issue sorted out with the other site?

-Matt R