brute force login?

[ŽivaAkcija]

Hi recently i notice high I/O on my VPS and when happens connection to my both domain is broke, i am not find anything on my graphs / connection and so on, so suddenly this start for 4-5 minutes and everything goes fine then start again after while, it is someone try hack it, spam it or brute force login, i contact my host to they not find nothing.

Xenforo 1.5.8

Server setup

 

[ManagerJosh]

How much mail traffic is being sent?

 

[WSWD]

How are you coming to the conclusion that it's a brute force attempt as opposed to something else? Are you running a firewall or such to eliminate those attempts?

 

[ŽivaAkcija]

How much mail traffic is being sent?

i dont use this option!

How are you coming to the conclusion that it's a brute force attempt as opposed to something else?

Attempt of hacking, spam, or brute force login there is no any other reason for high I/O on my VPS, and i ask host to increase limit for it, they do it and for now no problems!

 

[TPerry]

Attempt of hacking, spam, or brute force login there is no any other reason for high I/O on my VPS, and i ask host to increase limit for it, they do it and for now no problems!

Wrong.. simple WordPress Pingback attack would run you out of resources fairly quickly if it was very heavy and you haven't made allowances for it.

 

[ŽivaAkcija]

WordPress Pingback attack

i dont know what is it, also not using wordpress, for me this is look like some child play, becouse attack is active 4-5 minutes and stops, my host increase limit for I/O and like i said so works!no attacks for now!

 

[TPerry]

i dont know what is it, also not using wordpress, for me this is look like some child play, becouse attack is active 4-5 minutes and stops, my host increase limit for I/O and like i said so works!no attacks for now!

You don't have to be using WordPress to be a victim of it's attack vector. They use existing WordPress sites to attack your site.

 

[ŽivaAkcija]

hmm maybe is 404 error related to my .htaccess file

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
<IfModule mime_module>
  AddType application/x-httpd-ea-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>
<ifModule mod_expires.c>
     ExpiresActive On
     ############################################
     ## Add default Expires header
     ## http://developer.yahoo.com/performance/rules.html#expires
     <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
     ExpiresDefault "access plus 1 year"
     </FilesMatch>
     </ifModule>