Dear customer,

we are pleased to give you excellent news:


We have managed to mitigate numerous types of attacks and we thank all the customers who have updated themes and plugins, we know that it is boring and repetitive, unfortunately some have really left situations that have led to a temporary degradation (in some time slots) of the performance of our servers.

We want to make you aware that from now on we will limit the SQL queries that can be made on any web space, to avoid DOS attacks, for this reason if you encounter a problem on your website where wordpress requires a new installation, this does not mean that your website has been compromised, this does not mean that your website has been compromised, it means that the number of queries available for your web space is exhausted and therefore it is likely that you are undergoing a DOS attack, here is the solution for your mitigation:

How can you remedy this problem?

Here this is the solution:

  1. Enter the cPanel in the metrics section you will find various tools that allow you to check which IPs have accessed, you also have a tool that shows you the errors, always in metrics> errors, which allow you which IPs are responsible for DOS or of accesses not allowed. With AWSTATS you can also check which IPs are offensive according to the type of file that is targeted or the resource that is most requested and you can verify every single IP (check if malicious) by checking from this website:
  2. https://www.abuseipdb.com
  3. If you notice that the IP has never undergone any reports or they are reports for failed accesses (therefore "false positives") you can ignore them, if instead there are numerous reports and they are considered "serious" ...
  4. enter them in cPanel> File manager> in the manager settings make sure you also show hidden files> enter public_html from the root of your account> edit the ".htaccess" file and insert the following:
    <Request all>
        Request everything granted
        It does not require IP 203.0.113.0
    </ Request All>
  5. make sure that the code above remains "isolated" from other words, otherwise you risk that your website will no longer work!

N.B .: In this way you can defend yourself from abusers of resources, if they have targeted your website.

N.B.: In questo modo vi potete difendere da abusatori delle risorse, qualora abbiano preso di mira il vostro sito web

There is also the possibility that you have loaded / forgotten old php scripts, which could without your knowledge generate loops or even poorly written or outdated php scripts (which therefore may contain even serious vulnerabilities) and which in fact can be "caught. targeted "by malicious people who therefore exhaust the number of queries you have available for your web space. It is therefore essential to check the following:

    if you have a CMS (ex: wordpress, joomla, drupal, magento, prestashop, etc ...) check that you do not have plugins, themes or in general old codes that you are no longer using, then proceed to delete them
    Often the problems can also derive from javascript scripts which are also vulnerable (even here it is advisable to remedy)
    There may be other cases that an expert webmaster will surely be able to help, it is also possible to request support from 4host, we are happy to be at your disposal to help you solve this kind of problem.

 

Question: But doesn't 4host.ch naturally protect me from this kind of attack?

Answer: No, unfortunately there are traffic attacks that seem legitimate, but which in reality aim to consume the resources made available by 4host to the customer and which can degrade the performance of the server.

For this reason we ask the customer for an additional check as otherwise after a number of exaggerated requests for server protection, parts of the activities on the customer's website will be blocked and the remedy is to block offensive IPs as described in a few paragraphs above. .

Question: What should I do if I see a wordpress installation prompt on my website?

Answer: It is not necessary to reinstall wordpress, it is instead necessary to investigate through the tools in cpanel> metrics, which ip caused an excessive number of requests and thus block the offensive ip

Question: What do I do if the IP matches my location?

Answer: You have to wait a few minutes (usually it is a maximum of 20/30 minutes) and after this time the site resumes its functions regularly. If possible, report the inconvenience to us by writing to support@4host.ch

Question: But how long does it take for the site to work again?

Answer: The site automatically returns to work, it is not necessary that you make any changes to your files or your database, usually it is a matter of a few minutes.

Thank you very much for your attention and I thank all the webmasters who regularly contribute to the proper functioning of their web space and for their regular updating.



Monday, November 22, 2021

« Back