August 21 this year, Ai Pi blog Mani was temporarily not available. More precisely it was blocked almost daily.
I offer all my apologies. I would also like to thank the support of your host for prompt assistance.
The reason for blocking the server for me is very unusual - DDos-attack. I used to be such a misfortune had not yet encountered.
What is it? As I understood from the very kind people DDoS-attack - Distributed Denial of Service (DDoS - Distributed Denial of Service). The meaning of this attack is that the hackers at the same time (and for quite a long time) are turning to the server with a huge number of different ip-addresses. Servers can not handle such a load and locked.
In general, I am told, to protect against DDos-attack is almost impossible, because the server can not determine what ip-requests to weed out.
Attack was made on the file WordPress wp-cron.php, which lies at the root of the blog.
This file is needed to publish posts with grace. For example, you have written a couple of articles that have set the date of publication on the future number and went on leave, and the posts will be published automatically on a schedule. Very convenient.
And so. It turns out that if you do not use the delayed publication, the special appeal of this file (such as http://ваш_блог/wp-cron.php?check=46cbe1674da1d2888104482d6ed4f87f) activates unused scripts on the server, which themselves do not complete and only accumulate in memory consuming more system resources on the server.
However, the script has started to know the hash value after the parameter check. It depends on the number of which is in line
$_GET [ 'check' ] != wp_hash ( '187425' ) ) if ($ _GET ['check']! = wp_hash ('187425 '))
Here also lies a cruel trick. By default, all WordPress is the number 187425! Thus, to organize an attack with any blog engine WordPress is not that hard.
Protect themselves easily - change the number of defaults on any of its other.
On my server was made more than 25 requests per second. How long did the attack do not know, because server "stood up" and statistics are not recorded. After rebooting the server, the attack was repeated again and again ...
Frankly, I would not have guessed that the server is overloaded planned, if not received an e-mail with a justification of the operation (after the disaster recovery server, of course). What were asked to write will not. I can only say that promised to repeat the attack, if not agree with their terms. What exactly they are interested in my blog I do not quite understand. In any case - we'll see.
As far as I know, DDos-attack quite expensive pleasure. Therefore, we can hardly wait for the repeat. And already taken some measures to protect (not just in this article).
I recommend all bloggers to take care of the protection of their projects.