Website mallware attacks
-
I keep getting attacks to my website every time that are being blocked by OSE firewall
Is there any way to stop this?
I am affraid because they actually manage enter my website on the past, and i dont know if they can enter on the future or if having all the pluggins and wordpress updated. I am safe enough, and i am not sure if there is any type of virus on my computer Macbook as those attacked pages were recently updated from my computer.
Is there any malware scan for Mac
Thanl you
== Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 11:48:18 FROM IP: http://whois.domaintools.com/75.126.24.81 URI: [http://www.propdental.es/](http://www.propdental.es/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A
== Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 10:13:17 FROM IP: http://whois.domaintools.com/107.21.150.82 URI: [http://www.propdental.es/blanqueamiento-dental/](http://www.propdental.es/blanqueamiento-dental/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A
``` == Attack Details == TYPE: Found Malicious User Agent DETECTED ATTACK VALUE: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 ACTION: Blocked LOGTIME: 2013-02-25 03:13:52 FROM IP: http://whois.domaintools.com/119.245.226.74 URI: [http://www.propdental.es/sonrisas/los-martinez/](http://www.propdental.es/sonrisas/los-martinez/) METHOD: HEAD USERAGENT: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 REFERRER: N/A ``` ```
-
I have sucuri pluggin payed suscription. I will reactivated again. My web host is not 6 dolars. But is a shared one of 400 dolars. Actually they are good and thanks to them i could find the files on the server. What i cannot find is where is the gate. And if is there something on my computer or website Because the attacks starts and are directed to new created content pages. And less to old ones
-
Site checked it ok http://sitecheck.sucuri.net/results/www.propdental.com/
-
Sucuri is not a firewall. As explained before end up there it is a malware removal tool. And it alert you to issues with your site and will tell you when you need to update things to prevent malware attacks. Only disable plug-ins that you do not trust. As long as Plug-in is trusted and is updated and it is especially Sucuri hardening plug-in or one makes it will help your website in this case you really didn't give them a chance to do anything. If you use secure I correctly keep the plug-in on and have a paid subscription with them they will Clean up the mess that the attack causes. However if you do not have a subscription with them all they do is tell you what's wrong with your site that she may go to their website and put a new URL and it will show you what's wrong with your website. I think they're great company and I've worked with a lot of security people and hosts look at fire host and Send them a message asking what you can do about DOS attack protection. They will tell you it's not going to help just unless you actually have a real firewall with that you're on your host Sucuri is not a firewall they don't claim to be a firewall that used in conjunction with a strong web host / firewall you can get a better host or your can get cloudflare's $200 DOS protection package and that will help you in the future. I would Strumness just a better web host. I think anyone posting WordPress on a shared server that is a generic shared server is out of their mind and you're going to keep dealing with problems like this and that's what you get six dollars a month. I don't mean to sound rude at all I'm just telling you I know exactly what it is like to Expect your very inexpensive web host to take care of a huge problem for web hosts. If you truly want protection change house or add a real firewall. I hope that Bienenfeld sincerely, Thomas
-
I have used sucuri on this web www.propdental.com with no good results. They manage to enter the site and upload lots of malware. I just manage to stop them with the OSE firewall.
Thanks for the information. I did not know that i had a problem. I was just afraid.
Can you find out if there also a problem on propdental.com
I had sucuri pluggin instaled, but i disable all pluggins when the attack appened has i didn´t know were they were coming from.
The damage still running on previous site was google indexed lots of my pages on the spam url they they were redirected
-
Paul,
very well said and very well explained. Your post is the one to blame new DOS attack not to blame because they brought the attack on them but the one that should clean it up
you are their customer. Remember there's a reason why malware is so popular and this is it I know Zippy kid spent a couple hundred grand on their firewall that cannot be said for many other shared hosting companies. Page.ly gives you a very good idea of what is going on every day with to a web host with this link
the nice thing about firehost.com company that page.ly is built on is they are HIPPA certified that means they can keep medical data about patients on their servers. That's a huge deal.
I know I've been hosting on all the managed WordPress host's and they've all done fantastic jobs have never been hacked but that doesn't mean I never could be.
Zippy kid recently was DOS attack and their firewall went up to 85%. They thought they might have to null route the IP addresses being attacked. that would hurt their clients on the IP though having no inbound traffic so they did something unique simply because the control the DynECT DNS changed the IP making four less the 20 people with 3 min down time this was an a enormous attack that I'm talking about.
they did what the best host's do stay prepared for the worst and be ready when it happens. Because it will happen no one never goes down no one is immune to attack you can only make a smart decision to go with web hosting companies that actually take security seriously. Go Daddy at $3.50 a month does not care about your security.
Good job explaining a DOS attack Paul.
-
To add to what Daniel has said...
DoS and DDoS attacks are not malware or viruses trying to infect your website. The are Denial of Service or Distributed Denial of Service attacks, which are essentially attempts to crash your website by flooding it with so many requests for pages that the webserver overloads and crashes, or at least slows down so much that the site becomes unusable.
Sometimes these are maliciously aimed at a particular website to do the business harm, sometimes they are aimed at a host or server in general.
There's not much you can about them except protect against them with smart firewalls as you are doing. It's in your host's best interest to help you with this, as the attack can hurt other users on the server if it's a shared server.
Trying to track the source of the attacks is pretty much pointless because the computers doing the attacking usually belong to unsuspecting users who's machines have been infected with malware that is doing the attacking unbeknownst to them. (That's the kind of infection you want antivurus/antimalware on your own computer for - to make sure your computer hasn't been corrupted to be used as one of the "bots" attacking other people's websites.)
There are a number of additional steps you can take to protect your WordPress install from hacking (a solid, tested, consistent backup strategy is critical), but this issue isn't a hack attempt, as I've stated,. It's an attempt to flood your site with so many worthless visits that it can't keep up. So no amount of customizing WordPress will protect from this kind of attack. It has to be done at the server and network level.
Hope that makes sense?
Paul
-
I would use sucuri
They are the beat if you want to not worry about DDOS I would use Page.ly to host my site
ZippyKid.com has a great firewall as well so dose websynthesis.com & WPengine.com
I know FireHost.com is about the best there is and Page.ly uses them
http://sitecheck.sucuri.net/results/www.propdental.es/
You still have a problem
Wordpress internal path: /usr/home/propdental.es/web/wp-content/themes/propdental/index.phpWordpress internal path: /usr/home/propdental.es/web/wp-content/themes/propdental/index.php
-
Hi,
Using WordPress I would recommend WordFence. If the DDOS attack is simply an attempt to overload your server with bogus requests there is not a huge amount that can be done as it act sin a similar manner to gaining a lot of traffic from say a marketing exercise.
But if the DDOS is attempting to hack into your site, there are a number of preventative measures that the plugin does to ensure it is not an easy task.
Firstly ensure all your plugins are up to date along with the WordPress build. Disable any plugins that you are not 100% sure of.
Upon installation of the WordFence plugin, I would highly recommend going to options -> Login Security Options and changing
Lock out after how many login failures & Lock out after how many forgot password attempts TO 5 attempts max
AND
Amount of time a user is locked out TO 2hrs minimum
Also by adding your email at the top of the options you will be alerted when anything occurs on your site (including legitimate logins) so that you can make informed decisions.
Oh, and unless you are actually serving the site up from you Mac OR are concerned that the attacks you have experienced are coming from your machine (with a DDOS, I would find it unlikely), Malware software will not be helpful in this scenario.
Dan
-
Hi there,
Try Sophos Anti-Virus for Mac Home Edition.
This is one of the most reputable malware scanner for Mac.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Do content copycats (plagiarism) hurt original website rankings?
Hi all, Found some websites stolen our content and using the same sentences in their website pages. Does this content hurt our website rankings? Their DA is low, still we are worried about the damage about this plagiarism. Thanks
White Hat / Black Hat SEO | | vtmoz0 -
Help finding website content scraping
Hi, I need a tool to help me review sites that are plagiarising / directly copying content from my site. But tools that I'm aware, such as Copyscape, appear to work with individual URLs and not a root domain. That's great if you have a particular post or page you want to check. But in this case, some sites are scraping 1000s of product pages. So I need to submit the root domain rather than an individual URL. In some cases, other sites are being listed in SERPs above or even instead of our site for product search terms. But so far I have stumbled across this, rather than proactively researched offending sites. So I want to insert my root domain & then for the tool to review all my internal site pages before providing information on other domains where an individual page has a certain amount of duplicated copy. Working in the same way as Moz crawls the site for internal duplicate pages - I need a list of duplicate content by domain & URL, externally that I can then contact the offending sites to request they remove the content and send to Google as evidence, if they don't. Any help would be gratefully appreciated. Terry
White Hat / Black Hat SEO | | MFCommunications0 -
Black Seo --> Attack
Hello there, Happy new year for everyone, and good luck this year. I have a real problem here, I saw in MOZ link history that somehow the "Total Linking Root Domains" is growing from a medium of 30 - 40 to 240 - 340 links and keep it growing. I guess somebody make me good joke, cause i did not buy any link :)) even cn, brasil, jp links, my store is from Romania. How I can block these links I think google will make me bad instead. What should i do? Thank you so much. With respect,
White Hat / Black Hat SEO | | Shanaki
Andrei 0tYg1wB.png0 -
Should You Link Back from Client's Website?
We had a discussion in the office today, about if it can help or hurt you to link back to your site from one that you optimize, host, or manage. A few ideas that were mentioned: HURT:
White Hat / Black Hat SEO | | David-Kley
1. The website is not directly related to your niche, therefore Google will treat it as a link exchange or spammy link.
2. Links back to you are often not surrounded by related text about your services, and looks out of place to users and Search Engines. HELP:
1. On good (higher PR, reputable domain) domains, a link back can add authority, even if the site is not directly related to your services.
2. Allows high ranking sites to show users who the provider is, potentially creating a new client, and a followed incoming link on anchor text you can choose. So, what do you think? Test results would be appreciated, as we are trying to get real data. Benefits and cons if you have an opinion.2 -
Website that lost ranking and now starting to recovery
Hello guys,
White Hat / Black Hat SEO | | WayneRooney
About a month ago we got in the webmaster tool a message that saying that we have unnatural links to the website.
We got drop from 200 keys that was in page 1-2 to pages 5-8.
We check our links and notice that someone links more then 1000 links to our site. We apply for reconsideration request plus we send the file with the links to Google to ask to remove. Yesterday we got message from Google that say : Manual spam action revoked.
We check today the ranking and we saw that from 3 keys that was in the first page, now we are with 24 in the first page. Very good improvement but still very far from the 130 keys that was in the first page a month ago. I wanted to ask, what can we expect ?
Are we gonna get the lost ranking now ?
Is this happen overnight ?Maybe the big change will be in the next penguin update ? Bottom Line, what is the chance to get back the ranking as we had before ?
This is the most important thing right now... Thank you0 -
Need help please with website ranking problem!
I am currently struggling with our site www.discountbannerprinting.co.uk to rank our PVC banners page http://www.discountbannerprinting.co.uk/banners/vinyl-pvc-banners.html On the UK search I have the following positions. hfe-signs.co.uk/banners.php
White Hat / Black Hat SEO | | BobAnderson
signfirm.com/banners.html
bigvaluebanners.co.uk/PVC_Banners_High_Quality_Cheap_Outdoor_PVC_Mesh_Full_Colour_Banner/
bannerprintingandroid.co.uk/pvc-banners/
printedbannersandsigns.co.uk/
your-print.co.uk/pvc-banners-special.html
bannerbuzz.co.uk/pvc-banners
bannerbuzz.co.uk/
auraprint.co.uk/products/banners/
vinylprinting.co.uk/pvc_banners.html
banners.co.uk/CustomBanners-BlankBanners.htm
use - http://www.discountbannerprinting.co.uk/banners/vinyl-pvc-banners.html I can't decide if it is url structure of the site, to many links on the left hand nav diluting power, keywords, etc but it does not look right that we are so far down, at least 2 of the pages above us have no content at all and some have no links or social either. Any help would be appreciated.0 -
Footer Link in International Parent Company Websites Causing Penalty?
Still waiting to look at the analytics for the timeframe, but we do know that the top keyword dropped on or about April 23, 2012 from the #1 ranking in Google - something they had held for years, and traffic dropped over 15% that month and further slips since. Just looked at Google Webmaster Tools and see over 2.3MM backlinks from "sister" compainies from their footers. One has over 700,000, the rest about 50,000 on average and all going to the home page, and all using the same anchor text, which is both a branded keyword, as well as a generic keyword, the same one they ranked #1 for. They are all "nofollows" but we are trying to confirm if the nofollow was before or after they got hit, but regardless, Google has found them. To also add, most of sites are from their international sites, so .de, .pl, .es, .nl and other Eurpean country extensions. Of course based on this, I would assume the footer links and timing, was result of the Penguin update and spam. The one issue, is that the other US "sister" companies listed in the same footer, did not see a drop, in fact some had increase traffic. And one of them has the same issue with the brand name, where it is both a brand name and a generic keyword. The only note that I will make about any of the other domains is that they do not drive the traffic this one used to. There is at least a 100,000+ visitor difference among the main site, and this additional sister sites also listed in the footer. I think I'm on the right track with the footer links, even though the other sites that have the same footer links do not seem to be suffering as much, but wanted to see if anyone else had a different opinion or theory. Thanks!
White Hat / Black Hat SEO | | LeverSEO
Jen Davis0 -
Is it negative to put a backlink into the footer's website of our clients ?
Hello there ! Everything is in the subject of this post but here is the context : we are a web agency and we, among others, build websites for our clients (most of them are shops). Until now, we put a link in their footer, like "developped by MyWebShop". But we don't know if it is bad or not. With only one website we can have like hundred of backlinks at once, but is it good for SEO or not ? Will Google penalize us thinking that is blackhat practices ? Is it better to put our link in the "legal notices" or "disclaimer" part of the websites ? What is the best practice for a lasting SEO ? I hope you understand my question, Thnak you in advance !
White Hat / Black Hat SEO | | mywebshop0