* sorry, I couldn’t help myself.
Yesterday I opened my work inbox first thing to a panicked email from a client (Sutton Community Farm) labelled “URGENT” – their website had gone down (again) with a Resource Limit Reached error. I quickly shot off a reply to let them know that this was usually caused by hitting a resource limit (e.g. server CPU usage) imposed by their host — HostPapa — and then I began investigating.
It only took a few moments to narrow it down to a massive stream of traffic to /wp-login.php which clearly indicated an attempted brute force attack on the WordPress login system. Common, but annoying. Coincidentally at the same time I noticed my own site (this one) was being hit by a similar attack though with less force – enough to slow the site down but not enough to push it beyond allowed resource usage levels like my client.
I e-mailed the client to let them know the cause of their issues so that they could update their support ticket with HostPapa, and a short time later emailed my host (Clook Internet) to notify them of the issue I was having.
Within 4 minutes Clook had not only dealt with my issue but had responded to my support ticket to let me know. Problem solved, top notch service as always.
HostPapa on the other hand, despite having been told exactly what the issue was, took hours to reply before finally suggesting:
Enable Gzip compression form cPanel:
login to Cpanel and then go to Software/Services.Click “Optimize Website”. For the best results,select “Compress the specified MIME types”, ascompressing all of your content can sometimescause problems in your hosting configuration. Makesure all MIME types on your website are compressedto get the most benefits out of the compression
Seriously! GZIP compression, while nifty for optimising page load times by serving compressed versions of files to your browser, is not going to mitigate a massive brute force attack.
I provided my client with an excerpt of the visitor logs so that they could show HostPapa exactly what was going on (because at this point I assumed HostPapa were too incompetent to do this themselves) and set about trying to find a way to attempt to block the traffic myself with the limited tools available through the basic HostPapa shared hosting cpanel. This was not only necessary but urgent – Sutton Farm’s veg box system hinges upon an export generated by the website on a Monday which they could not get to while the website was down.
By early afternoon I was able to curb the effects of the massive traffic load using the deny all directive to throw up an error 403 for all IPs except for my own:
<Files ~ "^wp-login.php">
Order deny,allow
Deny from all
Allow from 82.##.##.##
Satisfy All
</Files>
ErrorDocument 403 "Not acceptable"which allowed me to download the export and get the farm the data they needed to process their customer’s orders for the week.
At 16:53 yesterday, a full working day since the issue was initially noticed, the wp-login.php page was still being absolutely pelted by malicious traffic attempting to brute force a login to WordPress, and HostPapa had still made absolutely no attempt to help sort the issue which not only affected the uptime and stability of Sutton Farm’s site (potentially causing them to lose business) but, as is the very nature of shared hosting, will have affected other users on the server their site is on.
HostPapa finally responded again late last night (far too late to actually achieve anything) pointing out that the site was now back up but we’d probably want to install a WordPress security plugin. Oh, and they suggested optimising the site again.
HostPapa’s response to my client’s urgent enquiry was absolutely terrible. Not only did they take far too long to respond (ironic, given the tagline on their site Real help – from real people – is here when you need it
) to a business critical issue, but had absolutely no solutions to the actual problem even when they were directly informed of the issue and provided with proof of what was happening.
I’ll be migrating my client to an alternative hosting provider this week and in no uncertain terms recommend against using HostPapa’s web hosting services.
09 Oct at 1:34 pm
Hm… so there’s nothing you could do via code settings?
I’m asking because I had the exact same issue a few years ago. My host had e-mailed me frantically that I was hacked … but without any further data. When I asked for more details, they said they didn’t have any, nor could they provide the logs (just deleted). T_T Then again, I’m used to crappy user experience from hosts here…
In the end, I took down the site completely, and looked at the following logs, to figure out what had actually happened. And then installed a WordPress plugin that blocks access from an IP after 3 failed login attempts. No issues since, but I’m not using the site…
Is there anything else I could’ve done? I’m not entirely sure that I can rely on allowing access only from my own IP. :(
09 Oct at 1:41 pm
I couldn’t get in to load a WordPress security plugin (although I generally think they’re unnecessary – for reasons I’ll go into another time) so limiting to just one IP was the best short term solution. I wouldn’t do it long term – but only because I access my sites in so many different locations as it is.
11 Oct at 9:47 am
Wow. That is terrible. :( Good luck with the move, hopefully you will find someone much better!
11 Oct at 11:06 pm
We use a plugin (actually comes installed by default via WPEngine) called Limit Login Attempts, for this very reason.
Blocks the IP – not a be all and end all solution, but it’s an extra step of protection that comes in handy at times.
06 Nov at 8:49 pm
That’s horrible that you did nor have a good experience but. I also disagree. I used to be like you, and rate my hosting company on one experience but having been through many different companies I have realized that one bad ticket or call is not the end of the world. I have used other hosts such as 1and1 godaddy and arvixe and have had more issues with them than I have ever had with hostpapa. Does HostPapa have their issues? Yes do they have great customer service? Yes. Do they have outdated equipment? I think so.
11 Nov at 9:39 am
I’m not rating this hosting company on one bad experience – my client have had numerous issues with their package over the past year – this was just the final nail in the coffin.
Clearly our idea of “great customer service” differs!