Bot attack
-
DarkReaper
- Posts: 2
- Joined: Sat Feb 15, 2020 5:35 pm
- Os: CentOS 7x
- Web: apache
Bot attack
Hello, I am not sure if you are aware of it, but lately there is a big bot attack on various wordpress, phpbb, joomla, etc. websites. This bot attack works this way:
Bunch of users are created with random names and emails and it repeats. This is one of them and it was already reported multiple times [email protected] The emails always have same usernames so this email is for example always connected with username ihxeavohe
When taking the address of these emails, you can get to this website http://sdgmaipop.com/ where there is a href saying Powered by VESTA and it links to this website.
There are more accounts with more emails. They are all reported on https://cleantalk.org/ and each email always use same username on all websites.
Every email address corespond to same looking website and it all says Powered by VESTA
The website title is also Comming Soon so if this is some kind of advert on VESTA, please stop. If it's not your job then any help would be great because it repeats every single hour and all of the attacked websites has to delete these bot accounts by hand
Also there is one of the reported emails just to prove that it is happening on multiple websites https://cleantalk.org/blacklists/ikodza ... maipop.com
Bunch of users are created with random names and emails and it repeats. This is one of them and it was already reported multiple times [email protected] The emails always have same usernames so this email is for example always connected with username ihxeavohe
When taking the address of these emails, you can get to this website http://sdgmaipop.com/ where there is a href saying Powered by VESTA and it links to this website.
There are more accounts with more emails. They are all reported on https://cleantalk.org/ and each email always use same username on all websites.
Every email address corespond to same looking website and it all says Powered by VESTA
The website title is also Comming Soon so if this is some kind of advert on VESTA, please stop. If it's not your job then any help would be great because it repeats every single hour and all of the attacked websites has to delete these bot accounts by hand
Also there is one of the reported emails just to prove that it is happening on multiple websites https://cleantalk.org/blacklists/ikodza ... maipop.com
Re: Bot attack
Hi,
This domain/server does not belong to us.
We don't have any access to this domain. You should contact with the owner of this domain, or ISP where this domain is located.
Our team develops hosting control panel for servers, It means that our software installed on this server, nothing more
This domain/server does not belong to us.
We don't have any access to this domain. You should contact with the owner of this domain, or ISP where this domain is located.
Our team develops hosting control panel for servers, It means that our software installed on this server, nothing more
-
adamjedgar
- Posts: 43
- Joined: Tue Apr 18, 2017 7:55 am
Re: Bot attack
I would also like to add, in fairness to vestacp, this control panel has nothing to do with hackers.
In regards to your wordpress site, have you ever heard of Wordfence security?
Might i suggest you learn to harden your wordpress installations so they dont get hacked so easily by brute force attacks. Its not rocket science how to do this!
In regards to your wordpress site, have you ever heard of Wordfence security?
Might i suggest you learn to harden your wordpress installations so they dont get hacked so easily by brute force attacks. Its not rocket science how to do this!
Re: Bot attack
The most effective way, would be on-site recaptcha to protect the forms.
However, I would also recommend that you inspect server logs to see if it's specific user-agents the ones submitting forms/user registrations. If that's the case, check this bad bot blocking how-to.
However, I would also recommend that you inspect server logs to see if it's specific user-agents the ones submitting forms/user registrations. If that's the case, check this bad bot blocking how-to.