Can Unsuccessful Brute Force break a site

imonboss

Supreme Member
Joined
Sep 9, 2015
Messages
1,404
Reaction score
471
Some A*hole is brute forcing my site like crazy since yesterday!
I have taken the proper steps to defend the attack in every way possible!
disabled xml-rpc, enabled blacklisting all the ip and last but not the least enabled cloudflare under attack mode (I am F**king Prepared :p).

But since todays noon, Site is a little glitching. More like when I put the url in the browser and hit enter it immediately give away some of its html structure then goes back to normal.

I tried multiple devices. From iphone to android to firefox, safari etc.
Problem persists!
 
Brute forcing as in trying to crack your login? If your site structure is changing he might be running a tool to try SQL injection. Clean your database and find out how data is written to the DB.
 
Bruteforcing means damn huge number of requests will be coming to your site. If your bandwidth runs out site might get down similarly to a ddos attack
 
Brute forcing as in trying to crack your login? If your site structure is changing he might be running a tool to try SQL injection. Clean your database and find out how data is written to the DB.

Bruteforcing means damn huge number of requests will be coming to your site. If your bandwidth runs out site might get down similarly to a ddos attack

5BDP7ip


This is brute force right? Which step should i take to save the site from this dumb f*ck!
 
5BDP7ip


This is brute force right? Which step should i take to save the site from this dumb f*ck!

That's not a bruteforce, looks more like you got some bots trying to login.
You might be running an old wordpress version or an exploitable plugin.

These "dumb f*ck's" as you call them, search google for urls like urs, running exploitable plugins and try to login/get data.

If it was a bruteforce, you would be seeing 10-20 login attempts per second.
 
login limit.. which help to block the ip after 1 attempt second use login authentication and last thing protect your login page with password.. in hosting we have block pages with password.
 
Brute force attack usually means precisely what's happening with your website. Someone is trying to continuously get access while trying different usernames and passwords.
One of the easiest things to prevent it is to just set up htaccess login to your wp-login.php/wp-admin.

Check this: https://www.ionos.com/community/web...-admin-htaccess-passworddirectory-protection/

Or this: https://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php

No, brute force attacks won't "break" your site, but they can slow down your server/website. We are dealing with hundreds of thousands of such attacks every day, and it's quite simple to block them (most of the time).
 
That's not bruteforce. 16 failed logins in 2 hours is nothing. You can basically completely ignore those. Set some login guard to auto ban after x failed attempts and stop looking at that log :D

And it's not the reason of the site glitching. Maybe the things that you've changed in an attempt to stop them are the cause. :(
 
Some A*hole is brute forcing my site like crazy since yesterday!
I have taken the proper steps to defend the attack in every way possible!
disabled xml-rpc, enabled blacklisting all the ip and last but not the least enabled cloudflare under attack mode (I am F**king Prepared :p).

But since todays noon, Site is a little glitching. More like when I put the url in the browser and hit enter it immediately give away some of its html structure then goes back to normal.

I tried multiple devices. From iphone to android to firefox, safari etc.
Problem persists!
Can these attacks break a site? Yup it can. Your app could reach mysql connection limit and/or apache (or nginx may be, depending on the server) concurrent request limit and become unresponsive.
Still, the problem you mentioned in your OP seems to be something else than that. It seems more like a incorrect response header error/caching error to me than anything else. I could be wrong though.
 
A little Update: I restore the File and Database from couple of days before and the glitching problem is gone.
No more attack after i turned on clouflare under attack mode.
Everything seems to be in order for now.
BTW: A dumb question. My site has been indexed by google 4-5 days ago. could Restoring the site be a problem for my indexation? Google will mind or something?
 
I don't know what cloudflare's under attack mode does, but you do not need that, as you are NOT under attack. What you're getting is not an attack and just a minor inconvenience that should be disregarded.

Restoring the site, unless it's significantly different content should not affect the indexation.
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock