05-18-2019, 06:51 AM | #1 |
Lieutenant Colonel
951
Rep 1,644
Posts |
Calling IT help - website!
I have a website. I'm pretty good with IT stuff, but websites are a bit out of my comfort zone.
Have a small business Wordpress based website. Last night got an email from the hosting company saying bandwidth was up massively. OK. Logged in this morning and sure enough looks like we've been hacked by some Japanese spam thing. They've managed to create a few 'posts' and put a link in on a few pages. Deleted those, checked all the files, proceeded to update Wordpress to the latest version, updated all plugins. Hey presto! Thought I'd sorted it. However i'm still getting attacks on 404. A certain IP is trying to access thousands of pages that don't exist on the site, creating 404 errors. I've tried blocking the IP but it just changes the IP and carries on. I thought the server/hosting company would just automatically block the IP on so many 404 errors from a certain IP but doesn't seem to be the cast. I've suspended the website for now. I've gone through the site with a fine tooth comb but can't find anything out of the norm. But is there anything else I can do? or is it just a simple cast of an external attack that I cannot stop and needs to be blocked at the hosting end. Great way to ruin a Saturday! |
05-18-2019, 07:20 AM | #2 |
Lieutenant
839
Rep 440
Posts
Drives: 2013 335i xDrive
Join Date: Nov 2018
Location: jackson tn
|
Is this just one ip at a time?
__________________
I'm not completely useless, I can be used as a bad example.
|
Appreciate
0
|
05-18-2019, 07:23 AM | #3 |
Lieutenant Colonel
951
Rep 1,644
Posts |
|
Appreciate
0
|
05-18-2019, 07:27 AM | #4 |
Lieutenant
839
Rep 440
Posts
Drives: 2013 335i xDrive
Join Date: Nov 2018
Location: jackson tn
|
pm'd you
__________________
I'm not completely useless, I can be used as a bad example.
|
Appreciate
0
|
05-18-2019, 08:57 AM | #5 |
Brigadier General
2472
Rep 4,653
Posts |
Not sure who hosts if for you but would have thought any decent CDN/WAF would pick this up and block.
__________________
Steve Roberts UK
F82 M4 I'm running the 2024 London Marathon for the British Forces Foundation - https://www.justgiving.com/fundraising/sr5/ |
Appreciate
0
|
05-18-2019, 09:02 AM | #6 |
Lieutenant Colonel
951
Rep 1,644
Posts |
So after a bit more head scratching and investigating it seems as that it's Google and Bing Bots trying to Crawl URLS that don't existing. This must have been down to the hack and them corrupting the Sitemap file.
The issue is I can't get them to stop. Robots file is on disallow, yet they still continue! You'd of thought the hosting would have just automatically blocked them when they are trying to access so many URLs that are returning a 404 error. So i'm hoping they'll eventually stop! I've re uploaded a new sitemap to Google Analytics so i'm hoping that might ease the issue a bit. |
Appreciate
0
|
05-18-2019, 09:04 AM | #7 |
Brigadier General
2472
Rep 4,653
Posts |
Speak to your hosting company and see what they can activate WAF wise?
__________________
Steve Roberts UK
F82 M4 I'm running the 2024 London Marathon for the British Forces Foundation - https://www.justgiving.com/fundraising/sr5/ |
Appreciate
0
|
05-18-2019, 09:06 AM | #8 |
Lieutenant Colonel
951
Rep 1,644
Posts |
|
Appreciate
0
|
05-18-2019, 09:08 AM | #9 |
Brigadier General
2472
Rep 4,653
Posts |
Who's it with?
__________________
Steve Roberts UK
F82 M4 I'm running the 2024 London Marathon for the British Forces Foundation - https://www.justgiving.com/fundraising/sr5/ |
Appreciate
0
|
05-18-2019, 09:10 AM | #10 |
Lieutenant Colonel
951
Rep 1,644
Posts |
Some cheap indy that i've been with for years. I don't really expect much of a quick response, but they're usually pretty helpful when they do respond.
|
Appreciate
0
|
05-18-2019, 09:14 AM | #11 |
Brigadier General
2472
Rep 4,653
Posts |
We use DreamHost for our Wordpress sites - dirt cheap and very good.
__________________
Steve Roberts UK
F82 M4 I'm running the 2024 London Marathon for the British Forces Foundation - https://www.justgiving.com/fundraising/sr5/ |
Appreciate
1
EvilDrPorkChop950.50 |
05-18-2019, 09:16 AM | #12 |
Lieutenant Colonel
951
Rep 1,644
Posts |
|
Appreciate
0
|
05-19-2019, 03:39 AM | #13 |
First Lieutenant
86
Rep 381
Posts |
There is only one way to 100% deal with this and that’s to go back to a well known good state, this could possibly be a complete rebuild. You then need to check for vulnerabilities within the software version/code you are using before going live again. If you don’t you could find yourself back in the same state again.
|
Appreciate
1
EvilDrPorkChop950.50 |
05-19-2019, 03:46 AM | #14 | |
Lieutenant Colonel
951
Rep 1,644
Posts |
Quote:
My issue is google is just crawling random urls on my site that are just return 404 errors. Pages that don't exist but it's loading the 404 page. So it's just using shed loads of bandwidth. 0.5gb over night. I've also put in the robots file to disallow crawling yet it still continues |
|
Appreciate
0
|
Post Reply |
Bookmarks |
|
|