Site5 - Built For Designers & Developers MENU

Site5 Community Forums


Go Back   Site5 Web Hosting Forums > Site5 Official Forums > Emergency Service Notices

Emergency Service Notices Service-impacting information direct from Site5 staff.

Closed Thread
 
Thread Tools Rate Thread Display Modes
  #1  
Old April 9th, 2013, 09:09 PM
Graham McMillan's Avatar
Graham McMillan Graham McMillan is offline
Chief Technology Officer
 
Join Date: Mar 2007
Posts: 1,448
Widespread Attack Against Wordpress and Joomla Installations

Hi everyone,

Over the past few days we have begun noticing several specific attack profiles against Wordpress installations. This has been happening Internet wide from talking to other hosts and from general posts in public forums showing the same traffic. Due to the distributed nature of this attack, it is causing significant performance problems on some of our servers as dozens of Wordpress sites are being attacked on the same server, at the same time.

We are using several different methods to block this traffic, both hardware firewalls and many different software tweaks to our web server configuration. A combination of these modifications have been successful in mitigating the attacks.
__________________
Graham McMillan
Chief Technology Officer
Site5.com
  #2  
Old April 10th, 2013, 06:17 PM
Graham McMillan's Avatar
Graham McMillan Graham McMillan is offline
Chief Technology Officer
 
Join Date: Mar 2007
Posts: 1,448
We have updated our security ruleset to better mitigate this attack. Our shared and reseller servers are now protected and all customer VPS will be getting this update over the next few hours. You may experience a quick Apache restart while this update is applied to your VPS.

If you encounter a "500 internal server error" while trying to access your Wordpress login page, please contact support so that we can take a closer look as you may be triggering our rules in error.

We apologize for the downtime you have experienced over these past few days as a result of these attacks. We are already working on some better long-term solutions to protect us from these attacks and similar ones in the future. The attackers changed their type of attacks quite often which resulted in a near constant state of evolution as our team blocked the new attacks and adjusted our defenses further.
__________________
Graham McMillan
Chief Technology Officer
Site5.com

Last edited by Ben Welch-Bolen; April 10th, 2013 at 07:04 PM.
  #3  
Old April 11th, 2013, 09:59 PM
Ben Welch-Bolen's Avatar
Ben Welch-Bolen Ben Welch-Bolen is offline
Site5 CEO
 
Join Date: Oct 2008
Posts: 2,867
Hi everyone,

The attacks continued today but they have not affected us as heavily as previously. We rolled out a series of new defensive rules and related changes to counter the changing attack patterns. We will keep a a close watch on how things develop and are working on some further improvements as well. The team is working very hard to protect your websites .

These are the worst attacks I've seen in the last five years, and from talking to our contacts at other hosting companies they are saying the same. We are very sorry for the disruption this has caused in the last few days, and we thank you for your continued patience while we fight these.

We will have a further update in around 12 hours,
Thanks, Ben
__________________
Ben Welch-bolen
Site5 CEO
bwb@site5.com

Last edited by Ben Welch-Bolen; April 11th, 2013 at 10:02 PM.
  #4  
Old April 15th, 2013, 04:25 AM
Ben Welch-Bolen's Avatar
Ben Welch-Bolen Ben Welch-Bolen is offline
Site5 CEO
 
Join Date: Oct 2008
Posts: 2,867
I apologize for missing the update 12 hours later, we had a miscommunication internally.

If you are having any issues logging into WordPress please let our support team know. We still have a few protections up but for 99.9% of our customers this should cause no disruption, we will review later today and scale those back once we do a full review as well.

In the mean time support can fix that on a case by case basis as well,
Thanks, Ben
__________________
Ben Welch-bolen
Site5 CEO
bwb@site5.com
  #5  
Old April 25th, 2013, 10:03 AM
Graham McMillan's Avatar
Graham McMillan Graham McMillan is offline
Chief Technology Officer
 
Join Date: Mar 2007
Posts: 1,448
Earlier today this attack started to pick up again, but the characteristics have changed in some circumstances. We are working on mitigating this attack using several different systems and we are seeing positive results. This attack affects too many servers to list at this point.

You may experience slow access to your website during this time. If your website is loading but you are unable to login to your Wordpress site, please contact support.
__________________
Graham McMillan
Chief Technology Officer
Site5.com
  #6  
Old April 25th, 2013, 12:42 PM
Graham McMillan's Avatar
Graham McMillan Graham McMillan is offline
Chief Technology Officer
 
Join Date: Mar 2007
Posts: 1,448
We are noticing that Joomla sites are among many of the sites being attacked across our server fleet. We will be adding more countermeasures to mitigate these attacks.

Please remember to contact support if you are unable to login to your Wordpress or Joomla admin/user panel if the rest of your site is working properly.
__________________
Graham McMillan
Chief Technology Officer
Site5.com
  #7  
Old May 13th, 2013, 02:47 PM
Graham McMillan's Avatar
Graham McMillan Graham McMillan is offline
Chief Technology Officer
 
Join Date: Mar 2007
Posts: 1,448
We have noticed an increase in similar attacks across our fleet today. We will be deploying various countermeasures to mitigate these attacks as we see them. You may notice slightly slower performance when accessing your website or using other services on your account while these attacks are ongoing.
__________________
Graham McMillan
Chief Technology Officer
Site5.com
  #8  
Old May 15th, 2013, 09:50 AM
Graham McMillan's Avatar
Graham McMillan Graham McMillan is offline
Chief Technology Officer
 
Join Date: Mar 2007
Posts: 1,448
We are seeing a very large increase in attack traffic targeting Wordpress login pages. You may notice slow response times on your websites and account. These attacks are affecting dozens of our servers, so there are too many to list here and the attacks surge in strength regularly.
__________________
Graham McMillan
Chief Technology Officer
Site5.com
Closed Thread

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Forum Jump


All times are GMT -5. The time now is 04:20 PM.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.