Anyone else have their Timely Calendar get attacked in massive DDOS attack?

  • Webhost SiteGround shut down our little website for using over 100% of our allotted our monthly CPU usage. Timely Calendar plug-in is heavily implicated as main target for attack. Site logs show tons of “…GET /events/calendar-2/action~oneday/exact_date…” every 2 seconds.
    Heavy hits started circa February 2/26 and 2/27 and continued into March 5th and are still going on. This is same time MS Exchange servers mail and calendar servers got hugely hacked: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/

    I disabled the Ai1EC plugin, but the above requests to the plug-in haven’t stopped. WordFence reports Cloudflare CDN is temporarily set to “I’m Under Attack” mode.

    `Modified plugin file: wp-content/plugins/all-in-one-event-calendar/public/js_cache/ai1ec_js_widget.js
    Type: File
    Issue Found March 9, 2021 12:51 am
    Medium

    Modified plugin file: wp-content/plugins/all-in-one-event-calendar/public/js_cache/calendar.js
    Type: File
    Issue Found March 9, 2021 12:51 am
    Medium

    Details: This file belongs to plugin “All-in-One Event Calendar by Time.ly” version “2.6.8” and has been modified from the file that is distributed by www.ads-software.com for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don’t manage their code correctly.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • This sounds similar to a problem some folks and I were having a while back.

    Find what worked for us here:

    https://www.ads-software.com/support/topic/resource-limit-reached-error-due-to-targetted-attacks/#post-13122579

    Thread Starter gentian16

    (@gentian16)

    I shared walkingpaper suggestions (thank you!!!!) to developer who cautions us against some of the fixes. I am not comfortable with editing .htaccess file. Ai1EC has been a disaster for us and I cannot stop the DoS attacks even with plug-in deactivated. SG put CloudFlare CDN into Under Attack mode. Traffic subsided for few days so I moved CDN from Attack to High and we got hit big time again last night. So we are back in Under Attack mode.

    I’m desperate to get 6 years worth of Calendar data out of Ai1EC so I dont lose weekly events location GPS etc. If I exported as .ics file (I subscribe to Ai1EC in Apples iCal) would I be able to import that into another Calendar plug-in like Events Calendar? I’m scared to even activate Ai1EC but maybe long enough to export .ics or copy/paste ton of event info because we have recurring events????

    This is the kind of !@@#$ I got last night in my error logs:

    119.116.188.208 https://www.washingtoncrossingaudubon.org – [17/Mar/2021:15:57:37 +0000] “GET /?plugin=all-in-one-event-calendar&controller=ai1ec_exporter_controller&action=export_events&ai1ec_cat_ids=21,102&ai1ec_tag_ids=135,109,126,143,141,110,136,144&xml=true HTTP/1.1” 301 437 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36” | – | 0.006 0.006 0.006 MISS 0 NC:000000 UP:SKIP_CACHE_EXPIRED

    Thread Starter gentian16

    (@gentian16)

    PS hits are almost all from China

    Best of luck migrating that data out of Ai1. I wish I had the time to do that!

    I’m curious what your developer said about those fixes. Just want to make sure I didn’t miss something important.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Anyone else have their Timely Calendar get attacked in massive DDOS attack?’ is closed to new replies.