* sorry, I couldn’t help myself.
Yesterday I opened my work inbox first thing to a panicked email from a client (Sutton Community Farm) labelled “URGENT” – their website had gone down (again) with a Resource Limit Reached error. I quickly shot off a reply to let them know that this was usually caused by hitting a resource limit (e.g. server CPU usage) imposed by their host — HostPapa — and then I began investigating.
It only took a few moments to narrow it down to a massive stream of traffic to /wp-login.php which clearly indicated an attempted brute force attack on the WordPress login system. Common, but annoying. Coincidentally at the same time I noticed my own site (this one) was being hit by a similar attack though with less force – enough to slow the site down but not enough to push it beyond allowed resource usage levels like my client.
I e-mailed the client to let them know the cause of their issues so that they could update their support ticket with HostPapa, and a short time later emailed my host (Clook Internet) to notify them of the issue I was having.
Within 4 minutes Clook had not only dealt with my issue but had responded to my support ticket to let me know. Problem solved, top notch service as always.
HostPapa on the other hand, despite having been told exactly what the issue was, took hours to reply before finally suggesting:
Enable Gzip compression form cPanel:
login to Cpanel and then go to Software/Services.Click “Optimize Website”. For the best results,select “Compress the specified MIME types”, ascompressing all of your content can sometimescause problems in your hosting configuration. Makesure all MIME types on your website are compressedto get the most benefits out of the compression
Seriously! GZIP compression, while nifty for optimising page load times by serving compressed versions of files to your browser, is not going to mitigate a massive brute force attack.
I provided my client with an excerpt of the visitor logs so that they could show HostPapa exactly what was going on (because at this point I assumed HostPapa were too incompetent to do this themselves) and set about trying to find a way to attempt to block the traffic myself with the limited tools available through the basic HostPapa shared hosting cpanel. This was not only necessary but urgent – Sutton Farm’s veg box system hinges upon an export generated by the website on a Monday which they could not get to while the website was down.
By early afternoon I was able to curb the effects of the massive traffic load using the deny all directive to throw up an error 403 for all IPs except for my own:
<Files ~ "^wp-login.php"> Order deny,allow Deny from all Allow from 82.##.##.## Satisfy All </Files> ErrorDocument 403 "Not acceptable"
which allowed me to download the export and get the farm the data they needed to process their customer’s orders for the week.
At 16:53 yesterday, a full working day since the issue was initially noticed, the wp-login.php page was still being absolutely pelted by malicious traffic attempting to brute force a login to WordPress, and HostPapa had still made absolutely no attempt to help sort the issue which not only affected the uptime and stability of Sutton Farm’s site (potentially causing them to lose business) but, as is the very nature of shared hosting, will have affected other users on the server their site is on.
HostPapa finally responded again late last night (far too late to actually achieve anything) pointing out that the site was now back up but we’d probably want to install a WordPress security plugin. Oh, and they suggested optimising the site again.
HostPapa’s response to my client’s urgent enquiry was absolutely terrible. Not only did they take far too long to respond (ironic, given the tagline on their site
Real help – from real people – is here when you need it) to a business critical issue, but had absolutely no solutions to the actual problem even when they were directly informed of the issue and provided with proof of what was happening.
I’ll be migrating my client to an alternative hosting provider this week and in no uncertain terms recommend against using HostPapa’s web hosting services.