Forums

WordPress › Support » Miscellaneous

Need help in stopping Mod Security issues (attacks?). Please help if you can. (6 posts)

  1. slobizman
    Member
    Posted 1 year ago #

    My dedicated server went down three times in two days. We are trying to narrow down the problem, and I have this info from the web host:

    our statistics graphs show that you have a horrendous spike in memory usage that coincides with each of your downtimes. What the exact cause of this memory spike may be, we have yet to determine. However, there seems to be some evidence of many ModSecurity errors around the times of said memory usage spikes and outages.

    And then:

    As far as I can tell, the issue is certainly related to the ModSecurity issues, resulting from the following file, listed below:

    /wp-comments-post.php

    I can attempt to do some experimenting with whitelisting and see if that produces any results.

    We did not have high traffic at the time on the server.

    My first thought is that I am getting attacked either by spammers or enemies (it's a partisan political site, with enemies).

    What would be a good defense against this?

    Would it help if I went from anyone can comment to Registered Users Only can comment? I hate to do that, but I also hate my server going down.

  2. Samuel B
    moderator
    Posted 1 year ago #

    try this plugin 1st
    http://wordpress.org/extend/plugins/bad-behavior/

  3. slobizman
    Member
    Posted 1 year ago #

    I had that running already.

  4. Samuel B
    moderator
    Posted 1 year ago #

    hmmm...that works great on the spam 'bots and I doubt human spammers could be prolific enough
    are you getting any spam comments in the akismet queue?

  5. slobizman
    Member
    Posted 1 year ago #

    Yes, I get some spam in askimet.

    Hey, speaking of Bad Behavior, one of my daily readers/commenters is blocked. He has the IP address of 64.209.31.130. You can see here it is a high risk IP.

    http://www.trustedsource.org/query/64.209.31.130

    Someone else said they could not get on ether and I have not yet checked that out. I have a feeling that this is going to be something that happens often. Someone is on an IP that's not trusted, but the person commenting actually is okay? What do you do in these cases? Whitelist them all, or say goodbye to them?

    I switched from Strict to Normal setting and it did not help.

  6. Samuel B
    moderator
    Posted 1 year ago #

    I whitelist them and then see how much spam abuse I receive. Most ip's that are banned seem to be fine to me.
    I also use this, so that might stop a lot
    http://wordpress.org/extend/plugins/cookies-for-comments/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags