Sites Being Overwhelmed By Hackers.... Anyone Else Having the Same Problem?

by brettb
7 replies
Happy New Year Everyone

But on a less happy note... is anyone having huge problems with hackers targeting their sites? I've had these two things happen lately:

1. My phpBB forum was so overwhelmed with hacking attempts that Hostgator took down my entire account due to the amount of bandwidth being used. My friend has similar problems, and spam is ruining his successful forum.

2. I run a membership site (custom built) and I've noticed thousands of automated login attempts. My guess they're running bots against lists of credentials in the hope that they find a combination that works on my site (this is why you MUST NOT reuse passwords for different sites!). Again, this probably explains why I keep going over my GoDaddy resource limits.

The problem is that these bots are taking bandwidth from legit users.

Fortunately as a coder I can write something to outwit them, but that still takes CPU resources. Is there any way of blocking bots at the server or firewall issue? Bear in mind I'm on shared hosting plans on GoDaddy/Hostgator.

BTW hackers appear to be Russian .
#hackers #overwhelmed #problem #sites
  • Profile picture of the author Adrian Taropa
    Hi, I'm new here but I would suggest a proxy such as cloudflare. That proxy would filter out the bots so that your servers don't have to do the lifting. It works at a DNS level so none of your resources get used up.
    {{ DiscussionBoard.errors[10968437].message }}
  • Profile picture of the author brettb
    Yeah, thanks for that - I actually came to the same conclusion so I'm trying it out.
    ÖŽ FindABlog: Find blogs to comment on, guest posting opportunities and more ÖŽ

    {{ DiscussionBoard.errors[10968993].message }}
  • Profile picture of the author aarthielumalai
    Adrian's cloudflare idea sounds great. But, if Russians ips are the problem, why don't you just block the country from your membership?

    I don't like blocking, especially since I come from a country that usually gets accused of these kind of things, but if the situation is so bad that your hosting account was taken from you, maybe blocking countries is the best way to go?

    I'll be launching my membership site in a few weeks as well, and I've been wondering about these issues. I've already been prey to hacking/hacking attempts on my blogs/websites. Looks like it gets worse with a membership site.
    {{ DiscussionBoard.errors[10969030].message }}
    • Profile picture of the author Nail Yener
      To reduce the load on the login forms, you might try the following:

      Do not make the login form available/visible by default, and display it programmatically (via JS), on a certain event (click of a button etc.). Simple bots will not be able to emulate the required action, so automated attempts will not work. I don't know if a totally bulletproof method exists but you can find some interesting ideas on the following discussions:

      Preventing bot form submission - Stack Overflow
      How to prevent robots from automatically filling up a form? - Stack Overflow

      Originally Posted by aarthielumalai View Post

      maybe blocking countries is the best way to go?
      Blocking a whole country is not a good solution.

      1) Blocking IPs or countries usually will only delay such hacking attempts, but never truly solve it. I don't think hackers continue to use the same IPs for long.

      2) Blocking a country IP block is not an easy task unless you have access to everchanging IP blocks information on a momentary basis. Usually not worth unless you have big budgets for such level of blocking and monitoring. No IP block supplier can provide 100% accuracy, hence it defeats the purpose in general, unless you are a big site and you really need to deliver/block content on a country level.

      3) By blocking a whole country, you will also have blocked many legit users. Let's say you have 3 hackers coming from a certain country but have hundreds of users from the same country. Why sacrifice hundreds for the three?
      {{ DiscussionBoard.errors[10969142].message }}
  • Profile picture of the author stevenha
    Hi brettb
    as others mentioned here, if you have the cache, use incapsula. if not, use cloudflare.
    also, you can install WAF on your site, which is a must have these days.
    block IP ranges in .htaccess personally I dont recommend since it can slow your site. but you can do it temporarily.
    {{ DiscussionBoard.errors[10969136].message }}
  • Profile picture of the author brettb
    OK guys I've put CloudFlare on but I'm not sure how effective it's been.

    In my experience the worst hacking problems occur if you use off the shelf software, and the more popular it is the bigger problems you'll have.

    Forums seem the worst, which is a shame as they seem to rank really well in Google.

    Best thing for identifying spammers/hackers is to use a service like StopForumSpam. I use their API and it's been wonderful for blocking registrations from scammers. MaxMind's GEO IP database is also pretty good, and I have blocked quite a few countries already as I got fed up with the number of jerks signing up from those countries (which shall remain nameless!!!).
    ÖŽ FindABlog: Find blogs to comment on, guest posting opportunities and more ÖŽ

    {{ DiscussionBoard.errors[10972404].message }}
    • Profile picture of the author Adrian Taropa
      Hi @brettb,

      Cloudflare works as a proxy and hides your real IP address. Their public DNS always shows another IP which can help stop new attacks, but hackers that already know your IP can fully bypass it.

      Here is what you can do:
      1. Look through the DNS tab on your cloudflare account, and make sure you don't have any A records, like FTP that point to your server without going through cloudflare. If you were using that for uploads, use the IP address of the server with your FTP client instead.
      2. Change the IP address of your forum. Won't affect your rankings, but it will make sure to deter some attacks.
      3. Visit the security tab on Cloudflare and don't be afraid to raise the security to high for a while.

      In essence, make sure there is nothing giving away your server IP address.

      Some spam will still go through, but most bots will be blocked.

      If your target audience is from a specific country, you can also look at analytics and see what countries the hackers are from, and you can set it up to challenge all traffic from that country. If your forum isn't relevant to those countries you should be ok.
      {{ DiscussionBoard.errors[10972593].message }}

Trending Topics