Downtimes… again

DDoS-attackGah! Everytime I think I have something figured out, on why the site keeps going down, I get proven wrong. If it happened consistently, wouldn't be a big deal, could narrow it down. But that doesn't seem to be the problem. I was told it might be addons, so I disabled most of them, still crashed. Re-enabled them...

... and then I installed a Security addon. It gave me a ton of suggestions to improve the security of the site, and I have followed most of them... but I haven't been able to stop what seemed to be Distributed Denial of Service (DDOS) attacks nor attempts to get into the admin area.

Last night, we had 73 attempts to login onto the admin area. We also had over 700 attacks to get into the site using a variable string attack. While none of these were successful, it did manage to bring the site down for a few hours. We are attempting a workaround for these attacks, and if successful, should stop some of the shutdowns.

 

Thank you for your continued patience in this issue, while we deal with the attacks.

http://www.subharanjan.in/how-to-reduce-404-errors-created-by-liker-profile_url/

++liker.profile_URL++

http://bit51.com/software/better-wp-security/

[edit] We are still getting the attacks (4:40am PST).  Due to this, we have enabled some more drastic measures in part to deal with some 404 errors. If you get a 404 error, and you try to refresh the page more then once, you will be locked out of the site for 60 minutes. If you continue to attempt to get to any page, which does not exist even after the lockout, you will be auto-banned. 

So... if you are a VIP member and are banned, contact us via Facebook, and we will release it (we will need your IP). Same goes for any other lockout.

Leave a Reply

Your email address will not be published. Required fields are marked *

s2Member®