Connecting back to this site

  • Resolved GPWeM

    (@ligend)


    3 years, 5 months ago

    Good afternoon.

    For the past few days I have been receiving over 800 attacks daily on all sites hosted on SiteGround.

    WordFence works well, however, I have noticed that the broken link detector and the SEO tool have detected several 503 errors on the site.

    From Diagnostics> Connectivity, I notice the following error:

    wp_remote_post () test back to this server failed! Response was: 503 Service Unavailable
    This additional info may help you diagnose the issue. The response headers we received were:

    ———-
    HTTP / 1.1 503 Service Temporarily Unavailable
    Server: nginx
    Dates: Sun, 26 Sep 2021 12:57:06 GMT
    Content-Type: text / html; charset = UTF-8
    Transfer-Encoding: chunked
    Connection: close
    Strict-Transport-Security: max-age = 31536000
    Permissions-Policy: geolocation = (), midi = (), sync-xhr = (), microphone = (), camera = (), magnetometer = (), gyroscope = (), fullscreen = (self), payment = ( )
    Pragma: no-cache
    Cache-Control: no-cache, must-revalidate, private
    Expires: Sat, 26 Jul 1997 05:00:00 GMT
    Status: 503 Service Temporarily Unavailable
    Retry-After: 3600
    X-Httpd-Modphp: 1
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Referrer-Policy: same-origin
    X-XSS-Protection: 1; mode = block
    Host-Header: 8441280b0c35cbc1147f8ba998a563a7
    X-Proxy-Cache-Info: DT: 1
    ———-

    I don’t use CloudFlare. What could have happened since everything worked before?
    Did these attacks compromise the firewall by generating this error?
    How can I fix it by keeping the sites safe?

    Thanks,

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @ligend, thanks for your detailed message so I can start taking a look.

    I think it’d be best if you could provide me with your full diagnostics report to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,

    Peter.

    Thread Starter GPWeM

    (@ligend)

    Hello,
    I sent the report yesterday.

    In any case, these days I am experiencing an average of over 800 attacks. I don’t know if it depends on this but yesterday, in fact, I found this problem.

    I fixed it temporarily, whitelisting the server / hosting IP.

    It remains to be seen why everything worked before without this fix?
    Why did this problem occur?
    Is everything okay now?

    Thanks.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @ligend,

    I have never received the diagnostics report for your site, and we track our spam folders etc. for presence of your username “ligend” in subject lines of mails sent our way.

    I have however looked further into your original issue without this and it’s not uncommon for 503 to be used in rate limiting or temporary blocking. NGINX mentions using 503 as a response code for DDoS: https://www.nginx.com/blog/rate-limiting-nginx/. The server is stating it temporarily cannot handle the request, which is consistent with trying to block 800+ visits as you describe in your original message. In short, I think this is a normal response.

    The next natural question might be along the lines of why this was happening in the first place but again it’s not necessarily for good reason or based on your search engine searchability etc. Here is a blog post explaining why hackers are interested in your site:

    https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/

    We generally recommend where possible to keep secure hard-to-guess passwords stored in a password manager along with enabling 2FA and reCAPTCHA for the best protection against malicious actors trying to gain access to your site’s admin area.

    Thanks again,

    Peter.

    Thread Starter GPWeM

    (@ligend)

    Hello and thanks for the reply.

    I confirm that I had sent the report and I do not know why it did not arrive there.

    Either way, your explanation was thorough and, I believe, gave an answer to the problem.

    As for your suggestions, they are all active and present activities. As a service provider, I care a lot about security, for this I use Wordfence and some manual hacks.

    For this I have also written a themed article.

    https://bridweb.it/sicurezza-wordpress-ecco-la-checklist-quasi-definitiva/

    In any case, thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Connecting back to this site’ is closed to new replies.