My site has continued to receive attacks from the login bots I mentioned in my last post so have been getting emails about the system locking them out. A couple of days ago the emails stopped so I thought they finally gave up (or ran out of usable IP addresses). Yesterday I received an email from Google saying its bot couldn’t get to my robots.txt file. I found I couldn’t get to any part of my site and just got an error message. By checking the errror logs, I found the problem was that the .htaccess file was corrupted, or at least misconfigured. I have never manually edited that before so I had to figure out how it was supposed to look so I could fix it. I looked at an old backup of the file and got an idea what it was supposed to look like. I was able to fix it after that. I can only guess that one of the WordPress addons I have was the cause of the corruption. Hopefully it won’t happen again.
Of course now that the site is back up, the login bots are back too. There’s only so many IP addresses they can use so the attackers should run out eventually. My logs do show quite a few 403 “Forbidden Access” messages too which means they’re still trying those bots I already blocked. Oh well, let them waste their time.
The original reason I installed Better WP Security was to help prevent brute force attacks on the login screen. Thankfully it does much more. You can block an IP address for a length of time after a certain number of failed attempts. You can also permanently ban an IP after a number of lockouts (or you can do it manually).
That has worked for a long while but over the last three or so days I’ve experienced a new kind of attack. I believe it’s a bot attack. Rather than have each bot try a large number of times, they seem to only try enough to stay under the threshold of being locked out. They then try again a few hours later and keep repeating the process. The number of IPs that have recently tried to log in is fairly large. It’s too coordinated to be anything but someone controlling bots. I randomly checked some IPs and found many were from Russia and other parts of Europe.
I found out about the attack because three IPs tripped the lockout. By the time I looked at my logs, there were five pages of recent failed login attempts and only three lockouts. Needless to say, my threshold was probably too high even though I lowered it from the default setting. In looking at the logs, I found numerous IPs that have tried to log in numerous times so I manually added them to the blocked IPs list and lowered the threshold even further.
Keeping this website gives me interesting insights into the various things people come up with to attack or spam sites. It’s really quite a learning experience.
I’ve been running into memory shortage issues lately on my MacBook Pro. It comes with 4 GB which was sufficient but lately I find myself having too many tabs open in Chrome and when I have it running along with Firefox and one or two other programs, I start to hit the limit. This was especially true when I was running Ubuntu Linux in VirtualBox.
I decided to upgrade the memory. After checking prices, I decided to get 16 GB (2 x 8 GB) from Crucial. It cost $76 for the set and arrived in about a week. 16 GB is overkill but for the price, I figured maxing the RAM was the way to go to help future-proof the computer as much as I can.
The screws on the bottom of the MacBook Pro are really small. One in particular was quite stubborn but I did manage to get it out. After removing the screws, I just had to pop the two 2 x 2 GB sticks out and insert the new “Mac compatible” memory from Crucial. I made sure to get 1600 MHz DDR3 just like what the system had to begin with.
I should now have more RAM than I’ll ever need. My next upgrade sometime in the future might be an SSD drive to speed up the system even more.