A few weeks ago our website suddenly started getting massive amounts of traffic from Russia and China. Happiness was our first reaction on seeing our content being read in two countries where we do not promote our content heavily. Soon happiness turned into worry when our Google analytics showed us that all these visitors were directly coming to our login page. Why will anyone come directly to our admin page we asked ourselves. We monitored the analytics area for a couple of hours but only to realize that we were under an attack by bots. A quick google research for terms like “massive traffic on login page” and “getting too many hits from China” revealed that we weren’t the first ones to experience this. To make sure that our users do not face downtime, we quickly took a few steps:
- Blocked IPs: We identified the IPs from where the attacks were coming and added the following code in our .htaccess file to block those IPs:
order allow,deny deny from 127.0.0.1 deny from 127.0.0.2 deny from 127.0.0.3 allow from all
- Changed Passwords: We did not know if the hackers were trying to hack us or already had. To be on the safer side, our entire team’s account passwords were changed.
- Complete Backup: We mirrored our entire website with databases to avoid data loss after this was over.
We felt a bit relieved after doing all of the above and decided to check analytics again. On checking the analytics now we were only more frightened to see that now there were more bots on our website than the last time. It was time to get some professional help. A fellow blogger friend recommended us ASTRA firewall. On having a quick glance at their website we contacted them. Within five minutes we got a reply from their incident response team. Looked like they already understood this attack and told us that they could take it from there.
Within a few hours our site was not getting any malicious traffic and we felt at peace. We were told by Astra’s incident response team that someone was trying to inject malware into our website. Also, trying to find exploitable vulnerabilities in plugins. The good thing now was that we were able to see all this happening in real time on Astra’s dashboard and take action whenever required. Astra’s team also installed their plugin “Astra Firewall” on our website which we must say has an amazing dashboard and keeps us on top of Yaabot’s security status all the time.