Page 2 of 2

Re: Site issues

Posted: Thu Apr 25, 2013 11:38 am
by JediTricks
I have more information on the outage, and thought we were done with it, but this morning we had 3 more outages so I've written to the host (and am exploring alternate hosting choices should the need arise) to clarify if those downtimes were more of the same.

We have enough information to suggest that the problems we've been having are due to a global assault on ALL uses of the software I've got for our News, of all things. Someone has created a botnet that's trying to brute-force its way into the admin on all Wordpress sites, which randomly includes our own. I've taken several steps to rebuff those attacks, although I believe other reporters are locked out of using the news for now because of that. Once I hear back from the host confirming some things, I'm going to turn forums Search and User Registration back on with some additional safety systems in place on them from bot attacks.

Thanks for your patience.

-JT

Re: Site issues, New user reg is temp offline

Posted: Thu Apr 25, 2013 12:04 pm
by andersonh1
I've got a Wordpress blog I haven't updated in some time, or even visited. I'd better take a look at that just in case.

Re: Site issues, New user reg is temp offline

Posted: Sun Apr 28, 2013 7:22 pm
by JediTricks
andersonh1 wrote:I've got a Wordpress blog I haven't updated in some time, or even visited. I'd better take a look at that just in case.
Definitely, I spent all yesterday patching wordpress sites on my business server as well.

Here are the resources I was given, hopefully they'll help you out:
http://codex.wordpress.org/Brute_Force_Attacks
http://codex.wordpress.org/Brute_Force_ ... dmin_by_IP
http://blog.sucuri.net/2013/04/the-word ... eline.html

The "Limit Login Attempts" plugin says it hasn't been tested for the current WP build, but it works great, one of my sites using it has already banned several bots and kept the server from crashing without me having to do anything at all.

Re: Site issues, New user reg is temp offline

Posted: Sun Apr 28, 2013 7:28 pm
by JediTricks
Ok, I've put in more countermeasures which means I'm bringing guest search and New User Registration back online. The new countermeasures should limit attacks and spammers at the same time.

Please let me know if there are any unusual situations, problems, issues, any of that sort of thing encountered in using the forums.