On Wednesday I noticed, as did my brother, that this blog was taking a long while to load up but I was also aware that my hosting provider was going to be doing maintenance on the server at some point in the near future so I thought I’d wait and see if that made a difference. Thursday I received an email from the provider wanting feedback so I checked the loading speed, slow, and went onto the site for some support. I reported that it was slow to load and we had a discussion about whether the maintenance would make any difference.
At the same time I decided to log into the back end of the site. When I tried to access the login page I was denied access and had an error message saying that the login was under a heavy brute force attack. I reported this to the support agent and they offered to help me get in another way. As I was a bit busy I declined, reasoning that I could get in later. I checked a bit later and the login page came up, although I didn’t log in at the time. I worked on a blog post and when I went to upload it, my access to the login page was denied again.
A heavy brute force attack is when a botnet will try to guess your password with repeated attempts, trying simple passwords first then more combinations. With the increasing power of computers, this sort of thing is easier to set up and let loose.
I did some research and found that this was common problem and that there were things you could do, adding plugins and so on. As I had been following some online training, I had added some security as a plugin. I have been adding plugins as I have discovered them and decided that they would be useful.
After that I tried to get in at irregular intervals throughout the evening. As I wasn’t in a hurry to post I eventually decided to leave it until Friday. If the worst comes to the worst, it wouldn’t be too much of a nause to start again and reload everything.
Friday morning, and I am in the backend eventually. I will have a check through to see if anything has changed. After a good lookthrough on the backend and in my hosting, nothing appears to have changed or been added on. If you do notice anything strange though, let me know.
I had a problem getting on to my hosting. I had set up a two factor authentification (2fa) and when I went to log on this morning I didn’t get the text. I contacted support and they disabled the text 2fa for me on both accounts (as I realised that I had the same problem on my business account). I got into the hosting and checked through that.
Later on I wanted to check the balance on a credit card and the 2fa text for that didn’t arrive. Sensing a pattern, I called and texted myself from my business phone, the call went straight to voicemail. I didn’t receive my text and I didn’t receive the voicemail text. I got straight on to my mobile service provider support and they advised taking the SIM card out and putting it back in, a variation on the “switch it off and switch it back on again” solution. After doing that I realised that people used to pay me to work out problems like that. I’m getting out of practice sorting out tech problems.
Is there a moral to this story? Firstly, make sure your security is strong, use sensible passwords and other forms of locking down your accounts. Secondly, for me, put brain in gear before calling support.