95% Less Bad Traffic with Enhanced Brute-force Prevention
We have been talking about brute-force attacks in the past, but the truth is that many of our clients don’t even realize how real and how common the threat of these attacks is for anyone with a website. Based on our experience of hosting millions domains, we fully understand the destructive potential of brute-force and we have set defence mechanisms to prevent and mitigate such attempts directed at the websites we host. For years our AI brute-force prevention system has been successfully blocking millions of attacks every day. Now, we are happy to announce that the system got even better – by constantly learning from thousands of brute-force attempts per day and adding new functionality for traffic validation, it now filters 95% more of the bad queries!
Advanced AI system that recognizes & blocks brute-force attempts
Analyzing traffic behaviour and recognising patterns is the core feature that makes our AI brute-force prevention system so effective. When a behaviour that matches a certain pattern associated with brute-force is detected (like too many unsuccessful login attempts from an unrecognized location for example), the suspicious source is immediately challenged with a CAPTCHA page that only a real human can pass. This effectively stops brute-force attempts, adds up to the system knowledge and enables legitimate users who have accidentally mimicked a suspicious behaviour to reach the requested location by completing the captcha. The beauty of this constantly evolving system is that it gets better with every brute-force attempt it stops, it keeps sites under attack safe and it ultimately protects the other websites hosted on our servers by blocking bad traffic before it even targets them.
NEW: Traffic validation that minimizes the number of brute-force attacks
We have recently upgraded our system to become even more powerful. We are now able to more efficiently block the great majority of malicious non-human bots – e.g. incoming brute-force attacks or data hunting agents which aim to profile your site and later hack you through future software exploits. That significantly boosted the system success rate and reduced bad visits by roughly 95%.
The best example to illustrate how the system works is with the XML-RPC, a file in the root directory of every WordPress installation. Many (WordPress) hosts block its usage because it’s known to be insecure and blocking it is the easiest way to avoid XML-RPC-related hacks. However, XML-RPC also has many legitimate use cases for communicating with external systems and software. That is the reason we don’t aim at stopping XML-RPC – we want to empower our clients to use the tools and services they need to get the best of their websites. Instead of blocking it, we have looked for ways to harden its security and significantly decrease the potential for brute-force attacks. After our latest AI brute-force prevention system upgrade, we now validate all traffic coming through XML-RPC to stop all recognized malicious visits and eventually reduce the overall hits reaching the clients’ sites through XML-RPC by 99%. This means that we successfully filter potential brute-force sources before an attack is even attempted.
Less resource consumption, lower carbon footprint
The impact of this upgrade to our AI bruteforce prevention system is enormous. Not only are we further minimizing the chances for our sites to get brute-forced and potentially hacked, but we significantly reduce resource consumption (like CPU and RAM) generated by traffic coming from bots and brute-force attempts. Lower resource consumption effectively means more resources available for your legitimate visitors and a lower carbon footprint of your site.
Preventing brute-force attempts is just one of the many ways we constantly protect the websites we host, along with our Smart Web Application Firewall, DDoS protection, 24/7 server monitoring and many more. We believe that security is one of the foundations for any successful website, and we continuously develop new prevention and mitigation solutions, improve existing ones and keep adding new security features to our hosting, so you can have the peace of mind that your website is in good hands and focus on what’s important – your business.