Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Really Persistent Bots: Or why not to use default usernames.  (Read 705 times)

Paul

  • Bay Watcher
  • Polite discourse with a dash of insanity.
    • View Profile
    • Need an affordable website? I can help.
Really Persistent Bots: Or why not to use default usernames.
« on: November 26, 2016, 05:38:21 pm »

I've had a really persistent attack on my website for the last 3 months. So far over 6000 different IPs are involved, with well over 100k attempts (this with brute force protection set up to block IPs after 5 attempts for 30 minutes). Mostly from Russia and China, but some from the US and other countries too. I guess it's probably one guy or organization's botnet. I've blocked out a big range of IPs from Russia and China, but then I just started seeing more IPs from the USA, Africa, South America, and Europe.

It's a itty bitty site I threw together in a few hours and only ranks well locally, so I'm not sure why I'm being targeted. Funnily enough, none of my clients (many of whom get more traffic than I do) have had the same issues. I never even had international traffic until this started.

Anyone else run sites and have had similar experiences? It's definitely eye opening. It makes me glad I didn't use the default username, since almost all the login attempts have been as "Admin" or "Administrator." It isn't a threat at all for my security because none of them have used my login, but it does slow things down and suck up server resources.
Logged
Do you like Science Fiction? I'm writing the Weaveborn Saga over on Royal Road and my website. Link

chaoticag

  • Bay Watcher
  • All Natural Pengbean
    • View Profile
Re: Really Persistent Bots: Or why not to use default usernames.
« Reply #1 on: November 26, 2016, 05:53:35 pm »

In general with things like this you would prolly want to pay for a consultation with a network security firm. It's almost sounding like an attempted DDoS, so yeah, that can be an issue. If most of the attempts are trying default user names, there is prolly a way to automate banning those ip address ranges. Setting up two factor authentication could also work. Lastly I hear cloudflare does stuff regarding this sorta thing, but it's all hearsay and nothing firsthand.

Definitely consult with a security focused company though, they prolly saw this before as it's fairly common.
Logged

Paul

  • Bay Watcher
  • Polite discourse with a dash of insanity.
    • View Profile
    • Need an affordable website? I can help.
Re: Really Persistent Bots: Or why not to use default usernames.
« Reply #2 on: November 26, 2016, 07:14:50 pm »

Nah, if they wanted to DDoS me they would have hit me all at once. It's been something like 100 attempts an hour. Not enough to DDoS the site, just a very persistent brute force attempt (all using the wrong username, and my password is a huge string of random letters and numbers with upper and lower case, so I doubt they'll ever get in).

I figured they would eventually give up and move on to better targets. I'm not really sure how my little site even got targeted. Unless it's one of my local competitors doing it, I know one guy whose customers I've been steadily taking because his work is sloppy and they come to me to fix it.
Logged
Do you like Science Fiction? I'm writing the Weaveborn Saga over on Royal Road and my website. Link

Cthulhu

  • Bay Watcher
  • A squid
    • View Profile
Re: Really Persistent Bots: Or why not to use default usernames.
« Reply #3 on: November 26, 2016, 08:43:57 pm »

It may be somebody testing his botnet and brute forcing algorithms.  Here where I am Kroger (a grocery store)'s online ordering service was completely taken down for several hours by automated registrations with damaged syntax.  The security people figure it was done by someone testing out a program who didn't realize what they were doing.
Logged
Shoes...

Flying Dice

  • Bay Watcher
  • inveterate shitposter
    • View Profile
Re: Really Persistent Bots: Or why not to use default usernames.
« Reply #4 on: November 26, 2016, 10:58:16 pm »

Yeah, could well be that your site happened to be a good target for testing because they figured you wouldn't have the resources to do much about it.
Logged


Aurora on small monitors:
1. Game Parameters -> Reduced Height Windows.
2. Lock taskbar to the right side of your desktop.
3. Run Resize Enable

TheBiggerFish

  • Bay Watcher
  • Somewhere around here.
    • View Profile
Re: Really Persistent Bots: Or why not to use default usernames.
« Reply #5 on: November 27, 2016, 07:08:04 am »

Huh.
Logged
Sigtext

It has been determined that Trump is an average unladen swallow travelling northbound at his maximum sustainable speed of -3 Obama-cubits per second in the middle of a class 3 hurricane.