21 {{ upvoteCount | shortNum }}
21 {{ upvoteCount | shortNum }}

Site Being Attacked

by Tara Garmon
16 replies
I really don't know where to turn, because my hosting companies have been completely useless with this.

BACKGROUND:

A few months ago I won a domain at auction that had very good PR, MOZTrust, domain authority, etc. I paid a considerable amount for it during fairly heavy bidding against a couple of other people. I bought it because this domain is actually in one of the niches I'm most passionate about, and I wanted to make a site in this niche without taking months to build any authority.

Anyway, after the bidding I put the site up on my HostGator account. A started building the site with WordPress. Before long, I got notified by HostGator that I was using too many resources. What? I've been with them for YEARS and never had a problem.

Long story short, after contacting support for help a whole bunch of times all they could tell me is I was having excessive requests for register.aspx. They offered me NO help in stopping this, and all my sites were crawling.

Moved the site to GoDaddy hosting. Same thing started happening. CRAZY slowness. Again, NO help from support whatsoever. They just didn't care to help me figure out how to stop this.

Moved to NameCheap hosting. SAME THING. Support just said excessive requests for register.aspx. Recommended CloudFlare, which I had set up on both HostGator and GoDaddy, and it didn't help at the free level. Don't know if it would help at the higher levels, because there's no trial and I don't want to be locked into a monthly fee if it isn't even going to stop this particular problem.

I've been working my butt off to brand this site. I've spent HUNDREDS of dollars on traffic, content, etc. Not to mention hours and hours of work. But I'm afraid if these attacks don't stop, the site will never go anywhere.

Help!

I found a hosting company that claims to protect against DDOS attacks, but I don't even know if this is a DDOS and they only charge $15 per year for their highest level plan which claims to be completely unmetered. Seems fishy. And I can't find any reviews for them.

Any idea on a starter hosting company that is affordable and actually gives a crap about its customers? I mean, support that will help you figure out a problem and offer a solution instead of expecting me to do it all when I'm not a sysadmin?
#attacked #site
  • Profile picture of the author Kay King
    This is not a hosting problem in my opinion. It is your website and all the hosting company can do is alert you to a problem.

    If it were me I would hire a WP or tech expert for a couple hours and let that person figure out the problem. It could be a bad or insecure installation of WP in the beginning or plug-in problem or many other things.

    There's no point in continuing to change hosting companies if you don't fix the problem with the site. If you paid good money for a domain - spend a bit and get the site working correctly. It will be worth it.
    Signature
    Saving one dog will not change the world - but the world changes forever for that one dog
    ***
    2024 Patriot's Award for Service to Veterans
    {{ DiscussionBoard.errors[10142152].message }}
  • Profile picture of the author Tara Garmon
    The trouble is, there are thousands of requests for a file on my server that doesn't exist, leading me to believe it's a deliberate attack. They're trying to reach register.aspx at a rate of dozens of times per minute. It's got to be a bot or something. Plus, HostGator said they blocked requests for that file, but something else started happening right afterward that lead me to believe it was an attack and HostGator never even bothered to respond to let me know what was causing the new issues after they blocked requests to that file.

    The main reason I've been changing hosting companies was hoping one of them had a tech that would actually tell me what is going on.

    I guess I'll see if I can hire someone from elance or something. I just figured the people that actually run the hosting companies would know as much as anyone else about this stuff, and I'm already paying them for the hosting.
    {{ DiscussionBoard.errors[10142171].message }}
    • Profile picture of the author wealthy20
      Originally Posted by Tara Garmon View Post

      The trouble is, there are thousands of requests for a file on my server that doesn't exist, leading me to believe it's a deliberate attack. They're trying to reach register.aspx at a rate of dozens of times per minute. It's got to be a bot or something. Plus, HostGator said they blocked requests for that file, but something else started happening right afterward that lead me to believe it was an attack and HostGator never even bothered to respond to let me know what was causing the new issues after they blocked requests to that file.

      The main reason I've been changing hosting companies was hoping one of them had a tech that would actually tell me what is going on.

      I guess I'll see if I can hire someone from elance or something. I just figured the people that actually run the hosting companies would know as much as anyone else about this stuff, and I'm already paying them for the hosting.
      Ah ok, you answered your own question there...didn't notice it till now.

      You probably have a call to some image or file that is generating a 404. It doesn't have to be a whole page that generated 404.

      I used to have a button in the main navigation menu which was generating a 404 due to its name being mispelt, or something trivial like that.

      Since all the pages had the navigation menu, it was generating a 404 for each pageview.

      You probably have something similar.

      However if you're seeing lots of requests for pages like www.yourdomain.com/wp-admin or www.yourdomain.com/administrator, then you're probably being targeted by hackers.
      Signature
      Track any cellphone with just a number
      {{ DiscussionBoard.errors[10142361].message }}
  • Profile picture of the author wealthy20
    Originally Posted by Tara Garmon View Post

    I really don't know where to turn, because my hosting companies have been completely useless with this.

    BACKGROUND:

    A few months ago I won a domain at auction that had very good PR, MOZTrust, domain authority, etc. I paid a considerable amount for it during fairly heavy bidding against a couple of other people. I bought it because this domain is actually in one of the niches I'm most passionate about, and I wanted to make a site in this niche without taking months to build any authority.

    Anyway, after the bidding I put the site up on my HostGator account. A started building the site with WordPress. Before long, I got notified by HostGator that I was using too many resources. What? I've been with them for YEARS and never had a problem.

    Long story short, after contacting support for help a whole bunch of times all they could tell me is I was having excessive requests for register.aspx. They offered me NO help in stopping this, and all my sites were crawling.

    Moved the site to GoDaddy hosting. Same thing started happening. CRAZY slowness. Again, NO help from support whatsoever. They just didn't care to help me figure out how to stop this.

    Moved to NameCheap hosting. SAME THING. Support just said excessive requests for register.aspx. Recommended CloudFlare, which I had set up on both HostGator and GoDaddy, and it didn't help at the free level. Don't know if it would help at the higher levels, because there's no trial and I don't want to be locked into a monthly fee if it isn't even going to stop this particular problem.

    I've been working my butt off to brand this site. I've spent HUNDREDS of dollars on traffic, content, etc. Not to mention hours and hours of work. But I'm afraid if these attacks don't stop, the site will never go anywhere.

    Help!

    I found a hosting company that claims to protect against DDOS attacks, but I don't even know if this is a DDOS and they only charge $15 per year for their highest level plan which claims to be completely unmetered. Seems fishy. And I can't find any reviews for them.

    Any idea on a starter hosting company that is affordable and actually gives a crap about its customers? I mean, support that will help you figure out a problem and offer a solution instead of expecting me to do it all when I'm not a sysadmin?
    Why do you say that Cloudflare doesn't work?

    If you've done it right it takes a day or two for the DNS to propagate to their servers, and if you don't have bulky dynamic pages on your site, you should get the protection needed.

    What cloudflare technology does is, whenever it detects an incoming DDOS it sends that traffic to a captcha page to verify the user visiting is human.
    Signature
    Track any cellphone with just a number
    {{ DiscussionBoard.errors[10142302].message }}
  • Profile picture of the author fantrom
    Before you jump to the next web host make sure to grill them hard on their position when it comes to DDOS and other forms of attacks.

    This way you don't continue jumping from host to host without a solid solution.

    You may also look to an independent IT consultant to better troubleshoot the problem. It may be related to your website and not a DDOS attack as some have pointed out.
    {{ DiscussionBoard.errors[10142332].message }}
  • Profile picture of the author Tara Garmon
    It's register.aspx that is getting all the hits. It happens even with nothing installed on the server, so I don't think it's a site error. As soon as I add the site to my add-on domains, it starts. Constant attempts to reach register.aspx.

    Maybe something the old owner of the domain had installed or something.

    I'll see what I can do with CloudFlare, but the free version is installed right now and I'm still getting constant error messages about having hit max resources.
    {{ DiscussionBoard.errors[10142525].message }}
  • Profile picture of the author Tara Garmon
    I have added hotlink protection and I am still at 30/30 processes being used.

    I am attempting to go through and individually block all of the IP addresses that are trying to access register.aspx, but it's so many it's taking forever.
    {{ DiscussionBoard.errors[10142544].message }}
    • Profile picture of the author san2hnl
      Originally Posted by Tara Garmon View Post

      I have added hotlink protection and I am still at 30/30 processes being used.

      I am attempting to go through and individually block all of the IP addresses that are trying to access register.aspx, but it's so many it's taking forever.
      Manually blacklisting the IP's is a waste of time, as these are likely bots from all over. Save yourself the stress and hire someone from elance or odesk to sort this out for you!
      {{ DiscussionBoard.errors[10142572].message }}
    • Profile picture of the author damoncloudflare
      Originally Posted by Tara Garmon View Post

      I have added hotlink protection and I am still at 30/30 processes being used.

      I am attempting to go through and individually block all of the IP addresses that are trying to access register.aspx, but it's so many it's taking forever.
      Have you tried turning on I'm Under Attack mode in CloudFlare?

      The basic security level in CloudFlare is based on challenging based on IP reputation, as well as the security level you have set, so we won't necessarily challenge requests that aren't showing in our data sources. The Web Application Firewall (on a paid plan) does operate differently because it is looking for attack signatures.
      Signature

      Damon
      CloudFlare Community Evangelist

      Tips for using WordPress with CloudFlare

      {{ DiscussionBoard.errors[10142893].message }}
      • Profile picture of the author Tara Garmon
        Originally Posted by damoncloudflare View Post

        Have you tried turning on I'm Under Attack mode in CloudFlare?

        The basic security level in CloudFlare is based on challenging based on IP reputation, as well as the security level you have set, so we won't necessarily challenge requests that aren't showing in our data sources. The Web Application Firewall (on a paid plan) does operate differently because it is looking for attack signatures.
        I was just coming here to post that I tried the "I'm Under Attack" mode and things have currently stopped. My server is faster, and my processes are at 1-3 of 30 instead of 30/30. Defnitely helping.

        Not sure how visitors are going to react to the 5-second interstitial, and hoping my bounce rate doesn't go up. (It's currently only 8%.) But it's better than the alternative.

        I have noticed that I can't enable Jetpack with this enabled. I tried to disable it just long enough to enable Jetpack, but my site became unusable again so quickly that it was impossible to even try to enable it.

        Also, Facebook can't pull any images from my server when I try to post a link on my fan page. Not sure if it's related or not, but it worked yesterday.
        {{ DiscussionBoard.errors[10142911].message }}
  • Profile picture of the author spazz896
    I don't use Jetpack, it doesn't play well with some of the plugin's I use.

    Keep Playing with Cloudflare, and see if you can get it working.
    Sounds like you are on the right track.

    Another option is to try WordFence.com it's security WordPress plugin, that helped me with some hack attempts, as well there is a paid function to block IP address ranges from certain countries, Russia, China, India, etc which will block probably 90% of the bot attempts you are experiencing.

    With that much volume of bot traffic, you must have a really good domain
    Signature

    My Blog BradleyBurnie.com

    {{ DiscussionBoard.errors[10143203].message }}
    • Profile picture of the author AnniePot
      Originally Posted by spazz896 View Post


      Another option is to try WordFence.com it's security WordPress plugin, that helped me with some hack attempts, as well there is a paid function to block IP address ranges from certain countries, Russia, China, India, etc which will block probably 90% of the bot attempts you are experiencing.
      ^ ^ ^ This definitely!!!

      I swear by Wordfence. I install it on every one of my WP websites as a matter of course, and when I check the reports, I'm amazed by what it's caught. I use the free version and so far, that's provided all the protection I've needed.

      Edit: I forgot to mention that Wordfence will tell you where the attacks are coming from.
      {{ DiscussionBoard.errors[10143772].message }}
  • Profile picture of the author DIABL0
    Can you get the referrer of where the traffic is coming from? Any chance there is just some links on search engine or page somewhere getting clicked?

    If it's an actual attack, I would put the domain on a vps with a dedicated IP and collect the IPs causing the problem and get them blocked at the router.
    Signature
    How to Build LARGE EMAIL LISTS on a Budget and MONETIZE Like a PRO
    Free Proven Blueprint: http://emailmonetize.com/blueprint/
    {{ DiscussionBoard.errors[10143405].message }}
  • Profile picture of the author onegoodman
    I use cloudflare, and they doing a great job against DDOS attack ( my account is paid though ), I am not familiar with the free once capabilities since I had SSL and Paid account was a requirement to turn their service on
    Signature
    {{ DiscussionBoard.errors[10143516].message }}
  • Profile picture of the author Tim Franklin
    Its definitely and probably likely that it is an attack, this is a big problem that many don't even realize is happening, hosting companies are not much help, even managed hosting in my experience are not very interested in helping, (you can ban IP addresses but that is not very effective)

    Definitely begin to look at your server logs, this will help you identify what is happening and let you know where your bad players are coming from.

    (you can use .htaccess to redirect the hits to pages that don't exist)

    There is no magic bullet here at least not just yet, there are a number of security plugins out there but again in my experience they are almost useless, (sorry thats just the way it is)

    You want to stop the attack before it gets to PHP otherwise your going to use up too many resources.

    .htaccess is apache, so it can help but they can hammer apache until it slows down too.

    This is something I have been looking at for five years now and so far there is no 100 percent cure.

    Its just something you have to stay on top of, server logs, .htaccess deny, redirect, monitor ip addresses, the worst thing here is that search engines will degrade your domain name when they see all these bad players hitting your website, definitely remove any adsense ads or they will ban you.
    Signature
    Bitcoin | Crypto | AI software tools and development|
    {{ DiscussionBoard.errors[10143792].message }}
  • Profile picture of the author namehero
    Originally Posted by Tara Garmon View Post

    I really don't know where to turn, because my hosting companies have been completely useless with this.

    BACKGROUND:

    A few months ago I won a domain at auction that had very good PR, MOZTrust, domain authority, etc. I paid a considerable amount for it during fairly heavy bidding against a couple of other people. I bought it because this domain is actually in one of the niches I'm most passionate about, and I wanted to make a site in this niche without taking months to build any authority.

    Anyway, after the bidding I put the site up on my HostGator account. A started building the site with WordPress. Before long, I got notified by HostGator that I was using too many resources. What? I've been with them for YEARS and never had a problem.

    Long story short, after contacting support for help a whole bunch of times all they could tell me is I was having excessive requests for register.aspx. They offered me NO help in stopping this, and all my sites were crawling.

    Moved the site to GoDaddy hosting. Same thing started happening. CRAZY slowness. Again, NO help from support whatsoever. They just didn't care to help me figure out how to stop this.

    Moved to NameCheap hosting. SAME THING. Support just said excessive requests for register.aspx. Recommended CloudFlare, which I had set up on both HostGator and GoDaddy, and it didn't help at the free level. Don't know if it would help at the higher levels, because there's no trial and I don't want to be locked into a monthly fee if it isn't even going to stop this particular problem.

    I've been working my butt off to brand this site. I've spent HUNDREDS of dollars on traffic, content, etc. Not to mention hours and hours of work. But I'm afraid if these attacks don't stop, the site will never go anywhere.

    Help!

    I found a hosting company that claims to protect against DDOS attacks, but I don't even know if this is a DDOS and they only charge $15 per year for their highest level plan which claims to be completely unmetered. Seems fishy. And I can't find any reviews for them.

    Any idea on a starter hosting company that is affordable and actually gives a crap about its customers? I mean, support that will help you figure out a problem and offer a solution instead of expecting me to do it all when I'm not a sysadmin?
    Go with a web host that includes Cloudflare and can enabled a browser integrity check to make sure it's real traffic. Should be a quick 5 minute fix.
    Signature
    Name Hero: Making Hosting Great Again!
    {{ DiscussionBoard.errors[10143948].message }}

Trending Topics