Website mallware attacks
-
I keep getting attacks to my website every time that are being blocked by OSE firewall
Is there any way to stop this?
I am affraid because they actually manage enter my website on the past, and i dont know if they can enter on the future or if having all the pluggins and wordpress updated. I am safe enough, and i am not sure if there is any type of virus on my computer Macbook as those attacked pages were recently updated from my computer.
Is there any malware scan for Mac
Thanl you
== Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 11:48:18 FROM IP: http://whois.domaintools.com/75.126.24.81 URI: [http://www.propdental.es/](http://www.propdental.es/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A
== Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 10:13:17 FROM IP: http://whois.domaintools.com/107.21.150.82 URI: [http://www.propdental.es/blanqueamiento-dental/](http://www.propdental.es/blanqueamiento-dental/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A
``` == Attack Details == TYPE: Found Malicious User Agent DETECTED ATTACK VALUE: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 ACTION: Blocked LOGTIME: 2013-02-25 03:13:52 FROM IP: http://whois.domaintools.com/119.245.226.74 URI: [http://www.propdental.es/sonrisas/los-martinez/](http://www.propdental.es/sonrisas/los-martinez/) METHOD: HEAD USERAGENT: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 REFERRER: N/A ``` ```
-
I have sucuri pluggin payed suscription. I will reactivated again. My web host is not 6 dolars. But is a shared one of 400 dolars. Actually they are good and thanks to them i could find the files on the server. What i cannot find is where is the gate. And if is there something on my computer or website Because the attacks starts and are directed to new created content pages. And less to old ones
-
Site checked it ok http://sitecheck.sucuri.net/results/www.propdental.com/
-
Sucuri is not a firewall. As explained before end up there it is a malware removal tool. And it alert you to issues with your site and will tell you when you need to update things to prevent malware attacks. Only disable plug-ins that you do not trust. As long as Plug-in is trusted and is updated and it is especially Sucuri hardening plug-in or one makes it will help your website in this case you really didn't give them a chance to do anything. If you use secure I correctly keep the plug-in on and have a paid subscription with them they will Clean up the mess that the attack causes. However if you do not have a subscription with them all they do is tell you what's wrong with your site that she may go to their website and put a new URL and it will show you what's wrong with your website. I think they're great company and I've worked with a lot of security people and hosts look at fire host and Send them a message asking what you can do about DOS attack protection. They will tell you it's not going to help just unless you actually have a real firewall with that you're on your host Sucuri is not a firewall they don't claim to be a firewall that used in conjunction with a strong web host / firewall you can get a better host or your can get cloudflare's $200 DOS protection package and that will help you in the future. I would Strumness just a better web host. I think anyone posting WordPress on a shared server that is a generic shared server is out of their mind and you're going to keep dealing with problems like this and that's what you get six dollars a month. I don't mean to sound rude at all I'm just telling you I know exactly what it is like to Expect your very inexpensive web host to take care of a huge problem for web hosts. If you truly want protection change house or add a real firewall. I hope that Bienenfeld sincerely, Thomas
-
I have used sucuri on this web www.propdental.com with no good results. They manage to enter the site and upload lots of malware. I just manage to stop them with the OSE firewall.
Thanks for the information. I did not know that i had a problem. I was just afraid.
Can you find out if there also a problem on propdental.com
I had sucuri pluggin instaled, but i disable all pluggins when the attack appened has i didn´t know were they were coming from.
The damage still running on previous site was google indexed lots of my pages on the spam url they they were redirected
-
Paul,
very well said and very well explained. Your post is the one to blame new DOS attack not to blame because they brought the attack on them but the one that should clean it up
you are their customer. Remember there's a reason why malware is so popular and this is it I know Zippy kid spent a couple hundred grand on their firewall that cannot be said for many other shared hosting companies. Page.ly gives you a very good idea of what is going on every day with to a web host with this link
the nice thing about firehost.com company that page.ly is built on is they are HIPPA certified that means they can keep medical data about patients on their servers. That's a huge deal.
I know I've been hosting on all the managed WordPress host's and they've all done fantastic jobs have never been hacked but that doesn't mean I never could be.
Zippy kid recently was DOS attack and their firewall went up to 85%. They thought they might have to null route the IP addresses being attacked. that would hurt their clients on the IP though having no inbound traffic so they did something unique simply because the control the DynECT DNS changed the IP making four less the 20 people with 3 min down time this was an a enormous attack that I'm talking about.
they did what the best host's do stay prepared for the worst and be ready when it happens. Because it will happen no one never goes down no one is immune to attack you can only make a smart decision to go with web hosting companies that actually take security seriously. Go Daddy at $3.50 a month does not care about your security.
Good job explaining a DOS attack Paul.
-
To add to what Daniel has said...
DoS and DDoS attacks are not malware or viruses trying to infect your website. The are Denial of Service or Distributed Denial of Service attacks, which are essentially attempts to crash your website by flooding it with so many requests for pages that the webserver overloads and crashes, or at least slows down so much that the site becomes unusable.
Sometimes these are maliciously aimed at a particular website to do the business harm, sometimes they are aimed at a host or server in general.
There's not much you can about them except protect against them with smart firewalls as you are doing. It's in your host's best interest to help you with this, as the attack can hurt other users on the server if it's a shared server.
Trying to track the source of the attacks is pretty much pointless because the computers doing the attacking usually belong to unsuspecting users who's machines have been infected with malware that is doing the attacking unbeknownst to them. (That's the kind of infection you want antivurus/antimalware on your own computer for - to make sure your computer hasn't been corrupted to be used as one of the "bots" attacking other people's websites.)
There are a number of additional steps you can take to protect your WordPress install from hacking (a solid, tested, consistent backup strategy is critical), but this issue isn't a hack attempt, as I've stated,. It's an attempt to flood your site with so many worthless visits that it can't keep up. So no amount of customizing WordPress will protect from this kind of attack. It has to be done at the server and network level.
Hope that makes sense?
Paul
-
I would use sucuri
They are the beat if you want to not worry about DDOS I would use Page.ly to host my site
ZippyKid.com has a great firewall as well so dose websynthesis.com & WPengine.com
I know FireHost.com is about the best there is and Page.ly uses them
http://sitecheck.sucuri.net/results/www.propdental.es/
You still have a problem
Wordpress internal path: /usr/home/propdental.es/web/wp-content/themes/propdental/index.phpWordpress internal path: /usr/home/propdental.es/web/wp-content/themes/propdental/index.php
-
Hi,
Using WordPress I would recommend WordFence. If the DDOS attack is simply an attempt to overload your server with bogus requests there is not a huge amount that can be done as it act sin a similar manner to gaining a lot of traffic from say a marketing exercise.
But if the DDOS is attempting to hack into your site, there are a number of preventative measures that the plugin does to ensure it is not an easy task.
Firstly ensure all your plugins are up to date along with the WordPress build. Disable any plugins that you are not 100% sure of.
Upon installation of the WordFence plugin, I would highly recommend going to options -> Login Security Options and changing
Lock out after how many login failures & Lock out after how many forgot password attempts TO 5 attempts max
AND
Amount of time a user is locked out TO 2hrs minimum
Also by adding your email at the top of the options you will be alerted when anything occurs on your site (including legitimate logins) so that you can make informed decisions.
Oh, and unless you are actually serving the site up from you Mac OR are concerned that the attacks you have experienced are coming from your machine (with a DDOS, I would find it unlikely), Malware software will not be helpful in this scenario.
Dan
-
Hi there,
Try Sophos Anti-Virus for Mac Home Edition.
This is one of the most reputable malware scanner for Mac.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
We've just completed a company video. Should we post it everywhere at once, or stagger on various channels (YouTube, website, LinkedIn, Facebook...)
Hopefully we'll get a lot of traffic from our new corporate video. If we post it everywhere at once, will we get a spike in our analytics, and if so, will it be seen by Google as an anomaly, or even suspicious. If we spread out the distribution over several channels over a little time, should we get a longer bump. In either instance, we may consider a sharing schedule to promote it over time.
White Hat / Black Hat SEO | | SteveMauldin0 -
Multiple E-commerce website
Following is a scenario where we plan to have a single database and different sites pulling product information from this. There will be a primary site with all the products listed and then there will be other category based website with the same products. All transactions will happen on respective website. The common factor will be products and its information. Our question is should we have different item numbers for the same product listed on two websites or they can be the same.?
White Hat / Black Hat SEO | | promodirect
e.g.
Website A: Product - Blue Shoes and item number '123'
Product page url will be: websitea.com/blueshoes-123.html Website B: Product - Blue Shoes and item number '123' or should the item# should be unique e.g. 'B123'
Product page url will be: websiteb.com/blueshoes-123.html
or
If item number is unique the product page url will be: websiteb.com/blueshoes-B123.html Please advise what is the best way forward.0 -
Website not moving?
We run a printing website www.fastprint.co.uk and have built a few decent tools such as http://www.fastprint.co.uk/adobe-shortcut-mapper/ and decent infographics such as http://www.fastprint.co.uk/blog/the-art-of-mixing-typefaces.html and had a fair few decent links from website over the course of the last 1 1/2 but we do not seem to be moving very far? If you take our site on sem rush (a decent percentage of our site traffic is through the above tools or decent blog posts so the number would be lower for E-commerce) http://www.semrush.com/uk/info/fastprint.co.uk+(by+organic)?sort=volume_desc in comparison to a few others http://www.semrush.com/uk/info/banana-print.co.uk+(by+organic)] http://www.semrush.com/uk/info/brunelone.com+(by+organic) Especially this site http://www.semrush.com/uk/info/instantprint.co.uk+(by+organic) I just don't get what we are doing wrong?
White Hat / Black Hat SEO | | BobAnderson0 -
How do you check if a website has a link network (From the same C Class)
Hello Mozzers, I'm conducting a link audit and I see a red flag for one of my guest blogs i did in 2012. let's say the IP of the website was 62.658.62.9 Little did I know that the blogging website is a link network with the same content on each IP via it's specific C class: 62.658.62.9 62.658.62.10 62.658.62.11 ETC... How does one find a website to blog on and check to see if they have a blog network or better yet, see if there is a similar distinction of duplicate sites based on its C-class?
White Hat / Black Hat SEO | | Shawn1240 -
Would it be a good idea to duplicate a website?
Hello, here is the situation: let's say we have a website www.company1.com which is 1 of 3 main online stores catering to a specific market. In an attempt to capture a larger market share, we are considering opening a second website, say www.company2.com. Both these websites have a different URL, but offer the same products for sale to the same clientele. With this second website, the theory is instead of operating 1 of 3 stores, we now operate 2 of 4. We see 2 ways of doing this: we launch www.company2.com as a copy of www.company1.com. we launch www.company2.com as a completely different website. The problem I see with either of these approaches is duplicate content. I think the duplicate content issue would be even more or a problem with the first approach where the entire site is mostly a duplicate. With the second approach, I think the duplicate content issue can be worked around by having completely different product pages and overall website structure. Do you think either of these approaches could result in penalties by the search engines? Furthermore, we all know that higher ranking/increased traffic can be achieved though high quality unique content, social media presence, on-going link-building and so on. Now assuming we have a fixed amount of manpower to provide for these tasks; do you think we have better odds of increasing our overall traffic by sharing the manpower on 2 websites, or putting it all behind a single one? Thanks for your help!
White Hat / Black Hat SEO | | yacpro130 -
Website "A Record" in DNS - Geotargetting
Hi, Our online shop is hosted with a French IP address. It is available in English and Spanish. I have noticed, as to be expected, that we get quite a few french visitors, probably related to our IP address Google must think its geo related. We don't want to particularly target any specific country, but more so english and spanish speakers. Can you have various A records around the world to help with this? Any suggestions or things I could look into?? thanks
White Hat / Black Hat SEO | | bjs20100 -
Domain Structure For A Network of Websites
To achieve this we need to set up a new architecture of domains and sub-websites to effectively build this network. We want to make sure we follow the right protocols for setting up the domain structures to achieve good SEO for the primary domain and local websites. Today we have our core website at www.doctorsvisioncenter.com which will ultimately will become dvceyecarenetwork.com. That website will serve as the core web presence that can be custom branded for hundreds. For example, today you can go to www.doctorsvisioncenter.com/pinehurst. Note when you start there, you can click around and it is still branded for Pinehurst or spectrum eye care. So the burning question(s). - if I am an independent doc at www.newyorkeye.com, I could do domain forwarding but Google does not index forwarded domains so that is out. I could do a 301 permanent redirect to my page www.doctorsvisioncenter.com/newyorkeye. I could then put a rule in the HT Access file that says if newyorkeye.com redirect to www.doctorsvisioncenter/newyorkeye and then have the domain show up as www.newyorkeye.com. Another way to do that is we point the newyorkeye DNS to doctorsvisioncenter.com rather than a 301 redirect with the same basic rule in the HT Access file. That means that, theoretically, every sub page would show up, for example, as www.newyorkeye.com/contact-lens-center which is actually www.doctorsvisioncenter.com/contact-lens-center. It also means, theoretically, that it will be seen as an individual domain but pointing to all the same content under that individual domain just like potentially hundreds of others. The goal is we build once, manage once and benefit many. If we do something like the above which will mean that each domain will essentially be a separate domain, but, will google see it that way or as duplicative content? While it is easy to answer "yes" it would be duplicative, it is not necessarily the case if the content is on separate domains. Is this a good way to proceed, or does anyone have another recommendation for us?
White Hat / Black Hat SEO | | JessTopps0 -
Pages higher than my website in Google have fewer links and a lower page authority
Hi there I've been optimising my website pureinkcreative.com based on advice from SEOMoz and at first this was working as in a few weeks the site had gone from nowhere to the top of page three in Google for our main search term 'copywriting'. Today though I've just checked and the website is now near the bottom of page four and competitors I've never heard of are above my site in the rankings. I checked them out on Open Site Explorer and many of these 'newbies' have less links (on average about 200 less links) and a poorer page authority. My page authority is 42/100 and the newly higher ranking websites are between 20 and 38. One of these pages which is ranking higher than my website only has internal links and every link has the anchor text of 'copywriting' which I've learnt is a bad idea. I'm determined to do whiter than white hat SEO but if competitors are ranking higher than my site because of 'gimmicks' like these, is it worth it? I add around two blog posts a week of approx 600 - 1000 words of well researched, original and useful content with a mix of keywords (copywriting, copywriter, copywriters) and some long tail keywords and guest blog around 2 - 3 times a month. I've been working on a link building campaign through guest blogging and comment marketing (only adding relevant, worthwhile comments) and have added around 15 links a week this way. Could this be why the website has dropped in the rankings? Any advice would be much appreciated. Thanks very much. Andrew
White Hat / Black Hat SEO | | andrewstewpot0