Attack of the Clones

In recent months, we have encountered a powerful botnet that is brute-forcing (trying to guess) logins and passwords to the admin panels of Wordpress, Joomla and DLE. Requests come from different IP addresses, from different countries around the world, approximately 20-50 requests per second. All this activity threatens to hack our clients’ websites and creates (has already created) a significant load on the server. We started monitoring: the system analyzes client access logs for attempts to guess passwords for the files wp-login.php (Wordpress admin panel), administrator/index.php (Jumla admin panel) and /admin.php (DLE admin panel) and blocks IP addresses from which a large number of authorization attempts come. Currently, about 2,700 attacking IP addresses have been collected. Access to blacklisted IP addresses is limited only to the above admin panel files. Nothing in the world is perfect: sometimes the system can block access to real site owners, because they also often access their admin panels. If this happens, please write to technical support indicating your IP address, we will add your IP to the white list. We continue to work to improve our service and security. Stay tuned for more news.