An Important Announcement From ASO

THE ISSUE: 

There is currently a brute-force login attack targeted at websites with
WordPress. Due to the nature of the attack, memory consumption on
targeted servers has increased. In some cases this has resulted in
degradation of performance, and unresponsive servers.

WHY?

This is due to a high volume of http requests which can cause some servers to start
swapping memory to disk, and possibly run out of memory. The most impacted servers tend to be those with limited memory resources, including VPS instances, especially those with 1GB of RAM or less.

WHAT ASO IS DOING

Our Ninjas have been hard at work restoring service to managed servers which have been affected by this issue, and have taken proactive steps to reduce the impact of this event.

Thanks for your patience, and please email help [at] asmallorange [dot][com] if you experience any issues.

9 Responses to An Important Announcement From ASO

  1. Kelli Brown says:
    April 11, 2013 at 10:10 am.

    To see if your site is being targeted, there’s a great Activity Monitor plugin.
    http://wordpress.org/extend/plugins/threewp-activity-monitor/
    And if you are being targeted (you’ll see the failed login attempts), use the Limit Login Attempts plugin to prevent brute force attempts from gaining access to your site.
    http://wordpress.org/extend/plugins/limit-login-attempts/

    • Rachel E. says:
      April 11, 2013 at 11:11 am.

      Holy crap — Kelli, I just added the two plugins you suggested, and I’m a little freaked out at how many tries it recorded in the first minute. Thank you so much for posting these.

    • James Pearson says:
      April 13, 2013 at 2:30 pm.

      Hi Kelli,

      I thought I was noticing an increase in unresponsiveness and after installing the plugins you recommended I was shocked to see how many attempts were being made to gain access to the site.

      I’m noticing a big improvement since activating the ‘Limit Login Attempts’ plugin, so thank you very much for the recommendation.

      James.

  2. David Bocardo says:
    April 11, 2013 at 10:44 am.

    Step #1 is usually deleting the original “admin” account, as most of brute-force attacks are targeted at that username… by doing this, you can also make sure you don’t get yourself locked out of your own wordpress site

  3. Marcelo says:
    April 12, 2013 at 12:04 pm.

    Hi there
    Thank you for sharing this information.
    I, like many others really appreciate what you are doing.
    All my websites have been down at different times during the day for the last 2 weeks. I have contacted support but we have not been able to find what’s causing the issue.
    Support asked me to upgrade the memory of my vps from 1gig to 1.5g and I did, but that still is not fixing the issue.
    My sites have very low traffic so I am not sure what to do next.
    Should I order more ram? Should i bump it to 3gigs? Is it possible to add 3gigs to 1 core?
    I need your help, these are all production sites and it is really hard to see this happening.
    Thank you
    M.

    • Jim Moscater says:
      April 12, 2013 at 12:11 pm.

      Marcelo, Thanks for writing. Your best bet would be to inquire with support at help@asmallorange.com, and they can help you work through all of the above issues. Thanks for hosting with us!

      - Jim
      Community Ambassador
      A Small Orange

  4. Marcelo says:
    April 12, 2013 at 12:39 pm.

    Hi Jim
    Thanks for replying.
    I have already inquired a few times but no solution has been provided except add more ram. So I will keep adding ram :-)

    Thanks
    M.

  5. gmailcorreo.webs.com - gmail correo says:
    April 30, 2013 at 8:34 am.

    What a stuff of un-ambiguity and preserveness of valuable knowledge on the topic
    of unexpected emotions.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>