Tag Archives: DDoS

In Gold We Trust Under Attack

Since a couple of months there have been several cyber attacks on this website. Often I have trouble reaching the server to write and publish articles, WordPress (the software I use that manages my site) is very slow and all sorts of errors appear; drafts are deleted and certain functions in the software stop working. Drives me nuts. That’s from the inside. From the outside, for all you readers, my website has been offline for many hours, in certain areas of the world sometimes many days. I can remember one weekend I had to repeatedly call my webhost to ask what was happening because nobody around the world could get access. They told me the particular server that hosts my site was under a DDoS attack (directed at my website). Only after some tuning and rebooting they could get it back online again. I’m totally no expert in this field so I was tempted to think it was just bad luck and the problem would solve itself in time. However, the problem continued without any apparent technical reason. Even after some tips of my readers like using Cloudflare, the problem persisted.

This website doesn’t get millions of visitors a day so the account I initially had was relatively light. But as the problem persisted my webhost suggested to switch to a private server, called a Cloudbox VPS server, to have better protection against the attacks. So I called my friend who helps me with the technical side of my blog and asked if this was a wise thing to do. “Sure”, he said. And so we did. My buddy started installing my Cloudbox yesterday, in preparation of migrating to the new server, today he wrote me this email:

Your site hasn’t even been migrated but the new server is already under severe attacks. It appears to be coming out of the US and China.  

These are top ranked burglars (note, this server isn’t even hosting anything yet):

#1.  20809 attempts

Schermafbeelding 2014-03-20 om 21.36.48

#2. 226 attempts

Schermafbeelding 2014-03-20 om 21.37.11

#3. 107 attempts

Schermafbeelding 2014-03-20 om 21.37.55

This is called a Brute Force Attack. Basically they try to login on the server by trying all possible usernames and often used passwords. This happened before there was a designated firewall on your server. There was one standard firewall activated, I now added a firewall to block certain IP addresses. It seems to help. Keep you posted.

These are your top ten fans. 6 Chinese, 2 Americans and one from Indonesia (the last is me). Especially this guy from Miami seems to like you very much, reaching out to you 20809 times in a couple of hours.

 Schermafbeelding 2014-03-20 om 21.51.44

Is this normal? Again, I’m totally not an expert on this, but there seems to be a pattern here.

In Gold We Trust