Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Paul]

I've had a really persistent attack on my website for the last 3 months. So far over 6000 different IPs are involved, with well over 100k attempts (this with brute force protection set up to block IPs after 5 attempts for 30 minutes). Mostly from Russia and China, but some from the US and other countries too. I guess it's probably one guy or organization's botnet. I've blocked out a big range of IPs from Russia and China, but then I just started seeing more IPs from the USA, Africa, South America, and Europe.

It's a itty bitty site I threw together in a few hours and only ranks well locally, so I'm not sure why I'm being targeted. Funnily enough, none of my clients (many of whom get more traffic than I do) have had the same issues. I never even had international traffic until this started.

Anyone else run sites and have had similar experiences? It's definitely eye opening. It makes me glad I didn't use the default username, since almost all the login attempts have been as "Admin" or "Administrator." It isn't a threat at all for my security because none of them have used my login, but it does slow things down and suck up server resources.

[chaoticag]

In general with things like this you would prolly want to pay for a consultation with a network security firm. It's almost sounding like an attempted DDoS, so yeah, that can be an issue. If most of the attempts are trying default user names, there is prolly a way to automate banning those ip address ranges. Setting up two factor authentication could also work. Lastly I hear cloudflare does stuff regarding this sorta thing, but it's all hearsay and nothing firsthand.

Definitely consult with a security focused company though, they prolly saw this before as it's fairly common.

[Paul]

Nah, if they wanted to DDoS me they would have hit me all at once. It's been something like 100 attempts an hour. Not enough to DDoS the site, just a very persistent brute force attempt (all using the wrong username, and my password is a huge string of random letters and numbers with upper and lower case, so I doubt they'll ever get in).

I figured they would eventually give up and move on to better targets. I'm not really sure how my little site even got targeted. Unless it's one of my local competitors doing it, I know one guy whose customers I've been steadily taking because his work is sloppy and they come to me to fix it.

[Cthulhu]

It may be somebody testing his botnet and brute forcing algorithms.  Here where I am Kroger (a grocery store)'s online ordering service was completely taken down for several hours by automated registrations with damaged syntax.  The security people figure it was done by someone testing out a program who didn't realize what they were doing.

[Flying Dice]

Yeah, could well be that your site happened to be a good target for testing because they figured you wouldn't have the resources to do much about it.

[TheBiggerFish]

Huh.