WordPress.org

Ready to get started?Download WordPress

Forums

DDos Attack and Ajax (3 posts)

  1. William Bowles
    Member
    Posted 11 months ago #

    Since Saturday there has been a massive denial of service attack on my site. Apparently, at least according to my excellent and ever-watchful ISP, the weakness has been plugins that use Ajax. So much so that I've had to deactivate a number of plugins that use Ajax which is a real drag.

    This from my ISP:

    Someone's been using a botnet of some sort to try and brute force the
    password on your wp-login.php url. I've put apache authentication in front of this now and you should be able to get in with the password you use for the /awstats url. Let us know if this creates any problems.

    And then this:

    They are going after this url as well.
    "POST /wp-admin/admin-ajax.php HTTP/1.1"
    I've put the second auth in front of /wp-admin/ as well now.

    And then this:

    To stop the attack from causing trouble, one of the things we blocked was the ajax call mechanism, that allows for interactive calls to the site. If the related post plugins work by making internal http requests to the site, asking for that content, that could well be the cause.

    Am I alone in this?

    Bill

  2. esmi
    Forum Moderator
    Posted 11 months ago #

    No. Many hosts experienced problems due to mass attacks recently.

    I'd suggest reviewing http://wordpress.org/support/topic/brute-force-attacks-and-wordpress and Brute Force Attacks.

  3. William Bowles
    Member
    Posted 11 months ago #

    I've done everything they advise thanks

    b

Reply

You must log in to post.

About this Topic