On 5 October 2014 I noticed that my website is loading slower than usual, I logged into Control Panel and saw a high server load over last 10 hours, and in visitor logs I saw that some IP is accessing wp-login.php page hundred times per minute, causing high server load (as seen in the following screenshot) and “508 Resource Limit is Reached” error to innocent people.
Hacking is a sport for some idiots, what they do is using an automatic program writing common used passwords until guess my login password, then what they usually intend to do is to add a propaganda message, or replace my index.php with their own index.php that looks like THIS, to show to the world that they exists and that sites can be vulnerable.
But having a password with a mix of letters and numbers, and a low-power server limited to 600 hits (page loads) per 5 minutes, hacking attempt FAILED. All what the idiot did was to make my website loading slower and occasional “508 Resource limit is reached”. Number of visitors was max 5% lower than average for that day of week. As soon I logged into Control Panel and saw them, I banned the attacking IP and restored website back to normal. Hacker IPs: 18.104.22.168 located in United Kingdom and 22.214.171.124 located in Turkey.
The attack repeated next month (this time attack started during my daytime so I noticed and banned IP in less than 1 hour, compared with 10 hour case of first hacking attempt.), but it repeated 3 more times until end of 2014, and again in 2015, from various IPs around the globe. Most likely is the same hacker using various servers.
FUCK THE HACKERS!
What these no-lifers have against my little website?