TL;DR
Someone is trying to use a botnet (a network of hacked computers) to guess usernames and passwords on your website. This guide shows you how to quickly block them, strengthen security, and find out if any accounts have been compromised.
Steps to Stop the Botnet
- Check Your Logs: The first step is to see what’s happening. Look at your website’s access logs (where all visits are recorded). You’re looking for patterns of failed login attempts from many different IP addresses in a short period.
- Most web hosting control panels (like cPanel, Plesk) have tools to view these logs.
- If you use WordPress, plugins like Wordfence or Sucuri Security can help analyse the logs for you.
- You might see lots of requests to
/wp-login.php(if using WordPress),/admin, or similar login pages.
- Block Suspicious IPs: Once you’ve identified the attacking IP addresses, block them.
- Using .htaccess (Apache): If your website uses Apache web server, add these lines to your
.htaccessfile in the root directory:Order Deny,Allow Deny from [IP address 1] Deny from [IP address 2] ... Allow from allReplace
[IP address 1]and[IP address 2]with the actual IP addresses you want to block. Be careful when editing .htaccess – a mistake can break your site! - Using Your Hosting Control Panel: Most hosting providers offer tools to block IPs directly through their control panel. This is usually easier and safer than editing .htaccess.
- Firewall (Recommended): A web application firewall (WAF) like Cloudflare or Sucuri can automatically detect and block malicious traffic, including botnet attempts. This is the best long-term solution.
- Using .htaccess (Apache): If your website uses Apache web server, add these lines to your
- Implement Rate Limiting: Limit how many login attempts are allowed from a single IP address within a certain timeframe.
- Using .htaccess (Apache): Add these lines to your
.htaccessfile:LimitRequestBody 0 LimitRequestFields 5 LimitRequestFieldSize 1024 - WordPress Plugins: Plugins like Wordfence or Limit Login Attempts Pro offer rate limiting features.
- Using .htaccess (Apache): Add these lines to your
- Strengthen Passwords: Encourage (or force) users to use strong, unique passwords.
- Password Complexity Rules: Enforce minimum password length, require a mix of uppercase and lowercase letters, numbers, and symbols.
- Two-Factor Authentication (2FA): Enable 2FA for all user accounts. This adds an extra layer of security by requiring a code from a phone app or email in addition to the password.
- Change Default Login URLs (WordPress): Bots often target default login pages like
/wp-login.php.- Use a plugin to change the login URL to something less common.
- Check for Compromised Accounts: Look for any unusual activity in user accounts, such as unexpected posts or changes to account details.
- Review user roles and permissions – make sure users only have the access they need.
- If you suspect an account has been compromised, reset the password immediately.
- Keep Software Updated: Regularly update your website’s core software (WordPress, plugins, themes) and server software.
- Updates often include security patches that fix vulnerabilities bots can exploit.
Further Steps
Consider using a cyber security scanning service to regularly check your website for vulnerabilities.