In Bollocks by All This Running AroundLeave a Comment

Bloody hell. I woke up with a start at about 6.30am yesterday. This was caused by the rapid introduction of my wife’s elbow into my ribcage, followed by her hissing “turn your bloody phone off, it’s going mad”. It was on silent and not set to vibrate, so I didn’t turn it off. I didn’t even check it. I just turned it face down on the bedside table and went back to sleep. In hindsight, that was probably a mistake.

By the time I got up, there were around 2000 emails in my inbox, with roughly the same amount in a queue waiting to join the party. Every single email had the same subject line: ‘User locked out from logging in’. I’ve been lucky really. I use something called Wordfence to keep this site secure, and clearly it’s doing the job. By 10am, there had been over 10,000 attempts to log into the site, none of them successful. (Yay for randomly generated 16 character passwords!) Once I’d managed to stop drowning in a sea of alert emails, I put the site into maintenance mode. This immediately stopped the attack. I left it for a few hours. Came back, turned off maintenance mode, viewed the live traffic view on Wordfence… And watched as we were immediately bombarded again.

And that’s pretty much where we’re up to now. I put the site back into maintenance mode and left it overnight, but as soon as I took it off this morning, it started again. So, it looks like the update I was planning on doing at some indeterminate point in the future is going to be happening quite soon. I think the cause of the attack is more than likely down to the fact that I’m using what has become a pretty ancient theme – certainly there have been no updates for a long time. So it’s likely that there’s a weakness there.

So the site will be down for a bit, hopefully no more than a few days. I’m still going well with the Freeletics, don’t worry about that! But I need to get on top of this and am very busy with actual proper work as well, so please be patient!

I’m not using the old email address for this site either, but if you want to contact me then it’s probably best to reach me on Twitter for now – look for a bloody idiot by the name of @TonmeisterJones.