I was thinking this morning over that cup of coffee that I would update what is happening on Windows to Russia and sub-domains. Yesterday was the first full day of smooth running, at least what was presented to the world as visible. It was a relief to my heart condition, I will tell you that. I have not been getting enough sleep and it was showing on me…
I am going to show you a section of a picture that Sveta took as a screen shot. We were hit yesterday by a huge “Brute Force Attack” behind the scenes that lasted for hours. I finally discovered something to shut them down from now on after 5 attempts to force entry and it will block them for an hour, before they can even attempt an entry again. Then I can take their IP’s and enter it into my server and remove them forever from attacking me. I also traced routed these IP’s and followed them to the originating source. It took awhile because they are tricky and use proxies and bounce off other IP’s…
There was 10’s of thousands of attempts by a auto.js that attempted to break into our site through the login.php by brute force. I finally got in its way and diverted it, but who knows how long it would have run if I was not monitoring it? Now my system will stop it automatically…
The IP 85.222.75.110 takes us on a trip to Poland, Germany, the Middle East, Mexico, South America and finally after a few more switches and reroutes it ends up smack in the middle of Washington DC. DC is the end of the line. On its way it changes numbers multiples of time and becomes pretty obscure at times but they always left a path to follow, even though they tried to cover the holes up…
It is not the 30,000 to 40,000 legit hits we get a day that make the site go down. It is the hundreds of thousands of hits behind the scene from attacks that take the site down. Shear volume will do it every time…
The last big attempt several days ago, came out of Houston, Texas and they used a route through China to make it look like someone else was doing the dirty work. They hit us while we were trying to switch to our new server and really messed things up… 🙁
So today I am just enjoying that cup of chicory, *defrosting the refrigerator and writing this article…
Kyle Keeton
Windows to Russia!
PS: Yes we have to defrost out refrigerator. It is about 60 years old and was made before the era of frost free…
PPS: I also have installed what is called VSF Simple Stats. It gives me a real-time look at what is hitting the server at that given second. It can store as much data as I have room for and it will give me a very good look at who and what is messing with the sites. From: you while you read the article, to Google as she spyders the site…