My site has continued to receive attacks from the login bots I mentioned in my last post so have been getting emails about the system locking them out. A couple of days ago the emails stopped so I thought they finally gave up (or ran out of usable IP addresses). Yesterday I received an email from Google saying its bot couldn’t get to my robots.txt file. I found I couldn’t get to any part of my site and just got an error message. By checking the errror logs, I found the problem was that the .htaccess file was corrupted, or at least misconfigured. I have never manually edited that before so I had to figure out how it was supposed to look so I could fix it. I looked at an old backup of the file and got an idea what it was supposed to look like. I was able to fix it after that. I can only guess that one of the WordPress addons I have was the cause of the corruption. Hopefully it won’t happen again.
Of course now that the site is back up, the login bots are back too. There’s only so many IP addresses they can use so the attackers should run out eventually. My logs do show quite a few 403 “Forbidden Access” messages too which means they’re still trying those bots I already blocked. Oh well, let them waste their time.