Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: WP Brute Force Attacks Continue

[bsa_pro_ad_space id=2]
#834186
gokken
Member

@clara.affactive 252878 wrote:

Hi,

this really sucks… isnt there any way to try to block the attacks from the hosting provider side? Maybe they can increase the security for your site specifically and add some firewall rules?

+

Hi Clara,

Yep it sucks big time!

I have security in place which blocks IP’s. However, with bot nets they cycle through literally 10,000’s of thousands of IP’s in different C-classes. Hence blocking an IP or even an entire IP block range is useless. Not to mention, blocking out legitimate visitors.

This time the attack (seems) to have originated from a single IP. But, that could have been a hacked PC, an open proxy or a hacked server, which is then used in hacking attempts.

I have updated to using min 17 character p/w’s with upper/lower case, numbers and special characters. I’ve also hardened both VPS’s, including the firewall.

I doubt if anyone could gain brute force entry. But, the BIG issue is getting hammered like this by a number of persistent multiple attacks. It’s like a mini DDOS attack. While it doesn’t take down the box, it does cause major performance issues while it lasts.

The only other option I can think of (which wont cost me an arm and leg), is to use something like CloudFlare.com, though I’ve heard good and bad things about this service. Right now, I’m not really sure what to do. Kinda stuck between a rock and a hard place.