Website mallware attacks
-
I keep getting attacks to my website every time that are being blocked by OSE firewall
Is there any way to stop this?
I am affraid because they actually manage enter my website on the past, and i dont know if they can enter on the future or if having all the pluggins and wordpress updated. I am safe enough, and i am not sure if there is any type of virus on my computer Macbook as those attacked pages were recently updated from my computer.
Is there any malware scan for Mac
Thanl you
== Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 11:48:18 FROM IP: http://whois.domaintools.com/75.126.24.81 URI: [http://www.propdental.es/](http://www.propdental.es/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A
== Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 10:13:17 FROM IP: http://whois.domaintools.com/107.21.150.82 URI: [http://www.propdental.es/blanqueamiento-dental/](http://www.propdental.es/blanqueamiento-dental/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A
``` == Attack Details == TYPE: Found Malicious User Agent DETECTED ATTACK VALUE: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 ACTION: Blocked LOGTIME: 2013-02-25 03:13:52 FROM IP: http://whois.domaintools.com/119.245.226.74 URI: [http://www.propdental.es/sonrisas/los-martinez/](http://www.propdental.es/sonrisas/los-martinez/) METHOD: HEAD USERAGENT: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 REFERRER: N/A ``` ```
-
I have sucuri pluggin payed suscription. I will reactivated again. My web host is not 6 dolars. But is a shared one of 400 dolars. Actually they are good and thanks to them i could find the files on the server. What i cannot find is where is the gate. And if is there something on my computer or website Because the attacks starts and are directed to new created content pages. And less to old ones
-
Site checked it ok http://sitecheck.sucuri.net/results/www.propdental.com/
-
Sucuri is not a firewall. As explained before end up there it is a malware removal tool. And it alert you to issues with your site and will tell you when you need to update things to prevent malware attacks. Only disable plug-ins that you do not trust. As long as Plug-in is trusted and is updated and it is especially Sucuri hardening plug-in or one makes it will help your website in this case you really didn't give them a chance to do anything. If you use secure I correctly keep the plug-in on and have a paid subscription with them they will Clean up the mess that the attack causes. However if you do not have a subscription with them all they do is tell you what's wrong with your site that she may go to their website and put a new URL and it will show you what's wrong with your website. I think they're great company and I've worked with a lot of security people and hosts look at fire host and Send them a message asking what you can do about DOS attack protection. They will tell you it's not going to help just unless you actually have a real firewall with that you're on your host Sucuri is not a firewall they don't claim to be a firewall that used in conjunction with a strong web host / firewall you can get a better host or your can get cloudflare's $200 DOS protection package and that will help you in the future. I would Strumness just a better web host. I think anyone posting WordPress on a shared server that is a generic shared server is out of their mind and you're going to keep dealing with problems like this and that's what you get six dollars a month. I don't mean to sound rude at all I'm just telling you I know exactly what it is like to Expect your very inexpensive web host to take care of a huge problem for web hosts. If you truly want protection change house or add a real firewall. I hope that Bienenfeld sincerely, Thomas
-
I have used sucuri on this web www.propdental.com with no good results. They manage to enter the site and upload lots of malware. I just manage to stop them with the OSE firewall.
Thanks for the information. I did not know that i had a problem. I was just afraid.
Can you find out if there also a problem on propdental.com
I had sucuri pluggin instaled, but i disable all pluggins when the attack appened has i didn´t know were they were coming from.
The damage still running on previous site was google indexed lots of my pages on the spam url they they were redirected
-
Paul,
very well said and very well explained. Your post is the one to blame new DOS attack not to blame because they brought the attack on them but the one that should clean it up
you are their customer. Remember there's a reason why malware is so popular and this is it I know Zippy kid spent a couple hundred grand on their firewall that cannot be said for many other shared hosting companies. Page.ly gives you a very good idea of what is going on every day with to a web host with this link
the nice thing about firehost.com company that page.ly is built on is they are HIPPA certified that means they can keep medical data about patients on their servers. That's a huge deal.
I know I've been hosting on all the managed WordPress host's and they've all done fantastic jobs have never been hacked but that doesn't mean I never could be.
Zippy kid recently was DOS attack and their firewall went up to 85%. They thought they might have to null route the IP addresses being attacked. that would hurt their clients on the IP though having no inbound traffic so they did something unique simply because the control the DynECT DNS changed the IP making four less the 20 people with 3 min down time this was an a enormous attack that I'm talking about.
they did what the best host's do stay prepared for the worst and be ready when it happens. Because it will happen no one never goes down no one is immune to attack you can only make a smart decision to go with web hosting companies that actually take security seriously. Go Daddy at $3.50 a month does not care about your security.
Good job explaining a DOS attack Paul.
-
To add to what Daniel has said...
DoS and DDoS attacks are not malware or viruses trying to infect your website. The are Denial of Service or Distributed Denial of Service attacks, which are essentially attempts to crash your website by flooding it with so many requests for pages that the webserver overloads and crashes, or at least slows down so much that the site becomes unusable.
Sometimes these are maliciously aimed at a particular website to do the business harm, sometimes they are aimed at a host or server in general.
There's not much you can about them except protect against them with smart firewalls as you are doing. It's in your host's best interest to help you with this, as the attack can hurt other users on the server if it's a shared server.
Trying to track the source of the attacks is pretty much pointless because the computers doing the attacking usually belong to unsuspecting users who's machines have been infected with malware that is doing the attacking unbeknownst to them. (That's the kind of infection you want antivurus/antimalware on your own computer for - to make sure your computer hasn't been corrupted to be used as one of the "bots" attacking other people's websites.)
There are a number of additional steps you can take to protect your WordPress install from hacking (a solid, tested, consistent backup strategy is critical), but this issue isn't a hack attempt, as I've stated,. It's an attempt to flood your site with so many worthless visits that it can't keep up. So no amount of customizing WordPress will protect from this kind of attack. It has to be done at the server and network level.
Hope that makes sense?
Paul
-
I would use sucuri
They are the beat if you want to not worry about DDOS I would use Page.ly to host my site
ZippyKid.com has a great firewall as well so dose websynthesis.com & WPengine.com
I know FireHost.com is about the best there is and Page.ly uses them
http://sitecheck.sucuri.net/results/www.propdental.es/
You still have a problem
Wordpress internal path: /usr/home/propdental.es/web/wp-content/themes/propdental/index.phpWordpress internal path: /usr/home/propdental.es/web/wp-content/themes/propdental/index.php
-
Hi,
Using WordPress I would recommend WordFence. If the DDOS attack is simply an attempt to overload your server with bogus requests there is not a huge amount that can be done as it act sin a similar manner to gaining a lot of traffic from say a marketing exercise.
But if the DDOS is attempting to hack into your site, there are a number of preventative measures that the plugin does to ensure it is not an easy task.
Firstly ensure all your plugins are up to date along with the WordPress build. Disable any plugins that you are not 100% sure of.
Upon installation of the WordFence plugin, I would highly recommend going to options -> Login Security Options and changing
Lock out after how many login failures & Lock out after how many forgot password attempts TO 5 attempts max
AND
Amount of time a user is locked out TO 2hrs minimum
Also by adding your email at the top of the options you will be alerted when anything occurs on your site (including legitimate logins) so that you can make informed decisions.
Oh, and unless you are actually serving the site up from you Mac OR are concerned that the attacks you have experienced are coming from your machine (with a DDOS, I would find it unlikely), Malware software will not be helpful in this scenario.
Dan
-
Hi there,
Try Sophos Anti-Virus for Mac Home Edition.
This is one of the most reputable malware scanner for Mac.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Inbound links to internal search with pharma spam anchor text. Negative seo attack
Suddenly in October I had a spike on inbound links from forums and spams sites. Each one had setup hundreds of links. The links goes to WordPress internal search. Example: mysite.com/es/?s=⚄
White Hat / Black Hat SEO | | Arlinaite470 -
Chrome79 shows warning on our domain "Did you mean...?" another website
On Chrome79 a large scary warning is shown to users on our site: "Did you mean this other domain? This site's domain looks similar to X domain. Attackers sometimes mimic sites by making small, hard-to-see changes to the domain." Screenshot: https://imgur.com/a/NOGEyLM Our online business is reputable, no black hat SEO practices, has been established since the early 2000s, with a relatively high DA. We don't have any warnings / manual actions in Google Search Console so I can't request a review there. I've reported it several weeks ago to Google's Incorrect Phishing Warning but the warning continues to display. I reported using: google.com/safebrowsing/report_error/ Does the Moz community have any suggestions on how to fix this or general thoughts? Thanks! NOGEyLM
White Hat / Black Hat SEO | | sb10300 -
Scraping Website and Using Our Clients Info
One of our clients on Moz has noticed that another website has been scraping their website and pulling lots of their content without permission. We would like to notify Google about this company but are not sure if that is the right remedy to correct the problem. They appear in search results on Google using the client's name so they seem to be use page titles etc with the client's name in them. Several of the SERP links link to their own website but it pulls in our client's web page. Was hoping anyone could perhaps provide some additional options on how to attack this problem?
White Hat / Black Hat SEO | | InTouchMK0 -
Malicious bot attack?
Several of our websites have experienced a major direct load traffic spike in the last 30 days - roughly 40K new visitors for each site. The bots are emulating IE9 and appear to be hitting our home page and bouncing 100% of the time. The traffic is double our usual volume, or more. Our bounce rates, conversion rate, page views, etc have suffered accordingly. The volume hasn't affected site performance, yet. Since the traffic is direct load, I can't see this being a negative SEO attack. Plus, our search visibility for everything but our brands is abysmal - there aren't any real rankings to tank. Our engineers are saying that the IP addresses are diverse, and they aren't seeing any pattern. I also checked GA for traffic locations, and we aren't seeing anything unusual from overseas.It appears that the attack is US based. Has anyone seen this before?
White Hat / Black Hat SEO | | AMHC0 -
How to deal with link echoes of former hacked websites?
Hi all, I'd know which is the best way to deal with link echoes of former hacked websites that Webmaster tool reports. to clarify: when you download the backlink report from Webmaster tool you'll have a list of backlinks discovered, but if you follow one of those links you will see that on that page there is no link to your website. the source code is also clean, no hidden links or other dodgy technique. Since that the topic is usually miles away from my industry I have to assume at some point that site has been hacked by a spammer who placed that backlink. In this case what should I do? Ignore it, disavow the domain or what? Moreover, which is the best procedure when you have to face a site which points a lot of backlinks from only its sub-domains? For example: this dodgy spammy website : http://px949z32.com/ is apparently a desert, but when you do site:http://px949z32.com/ you'll discover 55,200 results! Would be it be enough to just disavow the root domain http://px949z32.com/?
White Hat / Black Hat SEO | | madcow78
As I don't want to wait too long before taking any action, my plan is to disavow all those domains without any mercy, although I can't find a current backlink in one of their pages. I will do this, as at the minute my concern is they will be hacked again and I have to face the same issue again and again Thanks to all, P.0 -
Competitor is interlinking between his websites
I have a competitor who ranks in the first page for all his keywords and i found out in open site explorer that he has been interlinking between websites and it is obvious because he owns the same domain but different countries. for example, www.example.id (indonesia) www.example.my (malaysia) www.example.sg (singapore) (asian countries domain) my question here is this even consider "white hat"? I read one of the blog post from moz and here is the quote "#7 - Uniqueness of Source + Target The engines have a number of ways to judge and predict ownership and relationships between websites. These can include (but are certainly not limited to): A large number of shared, reciprocated links
White Hat / Black Hat SEO | | andzon
Domain registration data
Shared hosting IP address or IP address C-blocks
Public acquisition/relationship information
Publicized marketing agreements that can be machine-read and interpreted If the engines determine that a pre-existing relationship of some kind could inhibit the "editorial" quality of a link passing between two sites, they may choose to discount or even ignore these. Anecdotal evidence that links shared between "networks" of websites pass little value (particularly the classic SEO strategy of "sitewide" links) is one point many in the organic search field point to on this topic." will interlinking between your sites will be ignored by google in the future? is this a time bomb method or it is fine doing so? Because as far as concern my competitor is actually ranking on the first page for quite some time.1 -
Competitor website, how come they get away with it?
Hi we have been looking at competitors websites do see how we can improve, this website jumped out at me straight away as spammy gateway pages where 3 words was the only difference on all of the pages. Why does google give them so much weight still and rank them so highly? I thought this is what G was trying to avoid? Am I missing something here in terms of great SEO opportunity? A checked for noindex or canonical and I cannot see any. Love to hear some feedback. Cheers
White Hat / Black Hat SEO | | PottyScotty0 -
Dentist office website has foreign country backlinks. Scrap it or Move On
Another SEO person who was working my potential dental customer website managed to hookup over 147 backlinks to various bogus weather sites, watch sites, chinese sites etc. The dentist owns the URL which is "dentist" plus his zipcode. Is it worth continuing SEO on this site or should I scrap the URL? I am worried that Google may take action on this site sometime in the future and all the work I will do will be lost. He does have another website, because SEO's keeps trying to sell dentists microsites... This site isn't too bad but he doesn't own the URL but the url is a combination of the two doctors names and isn't easy to remember... and we would have to spend time trying to gain control of the URL. Suggestions?
White Hat / Black Hat SEO | | Czubmeister0