Brief denial of service on web04 server on January 15, 2014 (resolved)

Posted January 15th, 2014 in System Status. Tags: , .

At approximately 9:30 PM Pacific time, all of our servers began to experience a large “distributed denial of service” (DDoS) attack via attempts to login to blogs using the standard WordPress wp-login.php script. This attack was very broad: it attacked thousands of sites across all of our servers, and it came from a huge number of IP addresses.

Processing these requests caused the overall load on all servers to increase. On “web04” the increase was enough to cause the server to start returning “503” errors for Web page requests.

Our servers already have a set of rules to protect against attacks on wp-login.php, but the rules were not quite sufficient to block tonight’s attack. We added a new rule to match tonight’s attack, and it fixed the problem.

We apologize for the time that the “web04” server returned 503 errors. As you can see by reviewing our blog posts we try to be very proactive to protect our customers’ WordPress sites, and hope that the new security rule will prevent future attacks with the same characteristics.

  1. Recent Posts

    1. PHP versions 8.2.17 and 8.3.4
    2. President’s Day 2024 holiday hours
    3. PHP versions 8.1.27 and 8.2.15
    4. Martin Luther King, Jr. Day 2024 holiday hours
    5. New Year’s 2024 Holiday Hours
    6. Christmas 2023 Holiday Hours
    7. Brief scheduled maintenance December 16-17, 2023
    8. Thanksgiving 2023 Holiday Hours
    9. PHP versions 8.1.25 and 8.2.12
    10. PHP versions 8.1.24 and 8.2.11

  2. Categories

  3. Tags

    all servers email holiday hours linux mailman maintenance mod_security mysql network php phpmyadmin security server updates spam ssl status updates webmail wordpress zapp

  4. Feeds