Hello,
So this morning my site was either completely unresponsive, throwing database errors, or showing 502 errors.
After contacting live support, who recommended I upgrade my hosting, and that 40 plugins and woocommerce needed more resources – I insisted that the site was fine (it’s on a gold plan), and after complaining we found that the site was under attack from two user-agents: “Mozilla/5.0 (compatible; Seekport Crawler; http://seekport.com/)” and “Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)” the foremost consistingly hitting the homepage and admin, with 7,715 hits on /wp-admin/admin-post.php – the UAs and IPs responsible are banned now, but I have no idea if the attackers would be able to return again at somepoint?
Now, apparently the reason why this attack was allowed was because the seekport bot is not considered malicious? And so is not on the blocklist followed by defender? After being told this I asked why defender wouldn’t monitor UA requests/hits… Apparently it does but for some reason this one user agent was able to attack the site regardless?
So I’m not sure if there’s some new vulnerability? I’ve not seen just one bot be able to take down a site before… Though another one of my sites have recieved a distrubuted denial of service attack from many bots.
If anyone is able to give me any information on how this happened, if I can prevent it from happening again or even if defender can be updated to prevent this type of attack?
Thanks!
