Last two weeks DaytradingBias.com experienced multiple incidents of database issues causing the site not reachable at times and also database corruptions. Due to the fact that we were doing major updates to the site, we thought it was probably related to the changes we made. I was forced to restore the site to a backup copy and ended up losing several days of posts and updates. Everything looked normal for a day and then the problem resurfaced again. With help from the hosting company and several experts, we finally realized that DaytradingBias was attacked by a swamp of robots.
It was really our fault – when we’ve decided to update the site about a month ago we found that we need to disable the security plug-in in order to install various new functions into the website. We disabled the security plug-in but then totally forgotten about it because nothing bad happened and we were just very happy with the faster and improved backend. Little did we know the site was being probed on its weaknesses already.
The attack was brutal. Based on the logs, there were like a thousand login attempts per minute at the peak of the attack. Although the site was not hacked, thanks to the basic measures we took originally to protect the site without the security plug-in, but the site was so overwhelmed by the amount of traffic hitting it that it crashed several times. We have no idea back then it was an attack.
I learned something out of this experience. First, the wordpress platform turned out to be one of the most targeted platform by hackers. Second, the hackers are way more sophisticated than last time DaytradingBias was attacked years ago.
It was really luck that DaytradingBias was not compromised this time. Hopefully the security measures we now put on is enough to stop similar attacks from affecting normal operation.
For now, my team can finally take a break. Right on Easter Friday too.