Archive for August, 2014

60,000 hits on wp-login

Friday, August 29th, 2014

I got over 60,000 hits overnight on my CThreePO.com domain. Someone was doing a dictionary attack. I have my websites setup to block this on the first attempt. The Robot got 60,000 403 “access denied” error messages but kept on chugging along going through its password dictionary. Idiots!

I have to add these robots to my htaccess file because if I had 60,000 hits to a PHP file my web host would shut me down. When I first started using this host I was getting lots of angry messages from my hosting company about excess CPU time. It turns out that having a deny ip in the htaccess does not count as CPU time. In the beginning Yandex was hitting my sites over 100,000 times a day. I blocked Yandex and then I have been plugging leaks a little at a time ever since. In the beginning about 95% of the hits to my site were robots. Now I am down to about 20%.

I have a real problem with spammers getting a hold of an Amazon AWS instance and running their robots for a few hours. Amazon always catches them quickly, but there are also some good Amazon based apps hitting my site and I don’t want to block them. I have to be very careful with automatic blocks when Amazon is involved. Amazon has to stop giving away free or cheap trials from fraudulent users.

As I block more and more IP addresses, I get fewer malicious hits on my website. This is a bad thing because it makes it harder to test my new routines. I had no good hits on my known exploits routines , all were blocked by the htaccess file so I don’t know if my new modules are correctly blocking hits to exploited plugins. All morning I’ve had only one new IP address, and that was from a Chinese computer doing a login attempt that was caught the first time it hit my site – boring. I never thought that I would say this, but I need more spammers!