How our new anti-bot AI prevents millions of brute-force attacks

For the last few days we have been gradually launching a new AI-based bot prevention system on our servers developed by our own DevOps specialists. We are already seeing amazing results from the operation of the system. Each hour it blocks between 500 000 and 2 million brute-force attempts across all our servers. Thus, we have prevented an unknown number of potential unauthorized logins, but what is even more important -- we have managed to save an enormous amount of server resources that can now be used for a meaningful and legitimate activity by our users.

Why are bots a problem?

Malicious traffic is an enormous problem that probably affects every single website that is online. This traffic is usually created by bots trying to gain access to your site by brute-forcing its login. The bots perform multiple login attempts using different combinations of usernames and passwords. Actually, if you have a strong password, the chance of a successful bot login is minimal. However, this activity is still a serious problem. In their login attempts the bots use huge amount of server resources. For a personal blog, for example, it can exceed multiple times the legitimate traffic created by the real human visitors. Even if bot activity is not in big volumes resulting in denial of service, it can still make your hosting more costly by causing you to go over your account resources. The reason for that is that the account has to handle not only your legitimate visitors traffic, but unwanted bot traffic as well.

How does our system work?

Artificial Intelligence analyzes data from multiple servers

The main difficulty with fighting the bot activity is that bots are very clever and elusive. Bot attacks use different IPs and user agents, and often the data from attempts aimed at a single site login, or even a single server, is not good enough to determine a brute-forcing bot. We have had brute-force prevention system on each of our servers for a long time, but the new AI is much more efficient as it is able to collect and analyze simultaneously the data from all our servers. Based on the results of the analysis it can also automatically apply actions to stop unwanted bots. There are numerous indicators that our AI monitors in order to detect malicious behaviour patterns and block bad traffic. Some of them are:

  • Failed login attempts in the majority of popular web applications - WordPress, Drupal, Joomla, Magento, etc.
  • Number of simultaneous connections to different URLs
  • Different request types and known DDoS vulnerabilities in applications
  • Dynamic list of bad user agents thatโ€™s constantly being updated

We have introduced challenge captcha page

Once our system flags a certain IP address or user agent as malicious, itโ€™s been immediately blocked and challenged with a Captcha page. The system is learning continuously how to minimize false positives. If a human visitor reaches the captcha page and solves it, the address/agent related with this solution is whitelisted. In case the captcha page persists (e.g. you see it more than once for 24 hours), please contact our support.

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

145 Comments

  1. Reply May 4, 2017 / 08:26 David JacksonSiteGround Team

    Hi, this is great and one of the reasons I'm glad I use SiteGround!

    Can I just ask, Is the new anti-bot AI now in use on your Cloud VPS servers? I have had brute-force attempt problems on one of my joomla site in the past and it would be great if this prevented it.

    Tanks
    Dave

    • Reply May 4, 2017 / 08:29 Hristo PandjarovSiteGround Team

      We don't monitor only WordPress but Joomla, Drupal, Magento and more failed login attempts so you should see a fall in the brute-force attempts towards your website.

      • May 4, 2017 / 10:02 Andy ConnellSiteGround Team

        The question was wether the AI Bot is running in your Cloud VPS too or just shared servers?
        I'd be interested to know the answer to that too.

      • May 4, 2017 / 10:05 Hristo PandjarovSiteGround Team

        Yes, all our customers are protected including those on Cloud accounts ๐Ÿ™‚

    • Reply May 13, 2017 / 05:57 Todd ChaneySiteGround Team

      Security plugins such as iThemes security do some some blocking in this area also and your customer service team has been recommending a lots of htaccess blocks specifically the 6G parameters. Are you recommending that some of these can be relaxed now since this makes for an very full and maybe overly redundant HTA access file?

      Keep up the Good work SiteGround!

      • May 15, 2017 / 04:46 Angelina MichevaSiteGround Team

        Hi Todd,

        You can relax the rules and make changes to them if yะพu see fit. Yet, please be advised that if something is already implemented in your website and works well, you donโ€™t have to remove it. The iThemes and 6G firewall rules should not create issues with the AIโ€™s functionality.

    • Reply May 20, 2017 / 15:17 PatrickSiteGround Team

      Hi Hristo,

      My question regards SSL and AW Stats. I'm hoping you can point me to documentation and if not, that someone on your team will write an article on it.

      My concern is that when a WordPress site is SSL (https://), AW Stats still tracks http://. As a consequence, there are two reports: one http:// and one https://

      In addition, AW Stats shows many hits for http://, and the two reports don't match. This is very concerning and makes it impossible to know for sure which numbers are accurate.

      To be clear, even if the main WordPress URLs are https://, and even if I activate 'HTTPS Enforce' in Let's Encrypt SSL, AW stats shows two robust reports that don't match.

      So how can I get a single, accurate report for SSL sites?

      And where can I find documentation as to the solution?

      Thank you very much.

      Patrick

      • May 22, 2017 / 00:37 Hristo PandjarovSiteGround Team

        I am afrad that this is the way AW Stats work and we can't really change it much. When you force HTTPS you still get hits on the HTTP versions but they are redirected to the encrypted URL. Basically, if you've forwarded everything to HTTPS, you should ignore the non-encrypted info in AW Stats since that's redirects only and look only into the SSL stats.

  2. Reply May 4, 2017 / 08:36 David JacksonSiteGround Team

    ...thanks Hristo.

  3. Reply May 4, 2017 / 10:49 bobSiteGround Team

    Hi it's a good idea, just wonder if you guys thought of creating a whitelist in cpanel. Sometimes I have problems with your servers when I ftp many files to the server. Just wondered if there is a feature that could whitelist my IP when doing website developer work etc. and using a ftp client.

    • Reply May 4, 2017 / 11:54 Hristo PandjarovSiteGround Team

      Thanks for the suggestion! We will have in mind when we consider the upcoming features we plan to add ๐Ÿ™‚

  4. Reply May 4, 2017 / 13:30 ChrisSiteGround Team

    Excellent!

    Does this mean I no longer need to use a brute-force-protection plugin for my WordPress site?

    • Reply May 4, 2017 / 23:50 Hristo PandjarovSiteGround Team

      If you have something implemented, you should keep it but our extra layer of protection should be filtering most of that traffic before it even reaches it ๐Ÿ™‚

      • May 8, 2017 / 18:09 ChrisSiteGround Team

        Excellent. Thank you!

  5. Reply May 4, 2017 / 15:00 colinSiteGround Team

    Good job, guys. Keep up the fine work, I appreciate it ๐Ÿ˜€

  6. Reply May 4, 2017 / 20:13 CraigSiteGround Team

    This is terrific news! I have a couple sites that have 1,000's of posts and these bots are terrible. I've been using WordFence to try and throttle them, but blocking them at the outer layers before it hits my site is great!

    Thanks!

  7. Reply May 5, 2017 / 07:29 RishiSiteGround Team

    Wonderful job, SiteGround team! One of the many reasons I will continue to be a customer. ๐Ÿ™‚

  8. Reply May 5, 2017 / 07:54 Alan L. JanteSiteGround Team

    I am moving my web sites from GoDaddy to SiteGround for this very reason. SiteGround takes web security seriously. Keep up the great work.

  9. Reply May 5, 2017 / 09:54 Brian ProwsSiteGround Team

    How does the SiteGround challenge page work in conjunction with CloudFlare's?

    • Reply May 9, 2017 / 00:05 Hristo PandjarovSiteGround Team

      If you have CloudFlare enabled, its page will show before ours if triggered.

  10. Reply May 5, 2017 / 15:21 SzabeszSiteGround Team

    Recently I was blocked from my site (cPanel/GoGeek) and I had to ask SiteGround Support to whitelist my IP. I do not know if it happened before the AI system had been turned on or after that, but it was really annoying and it took me a while to realize that I had been blocked.

    It was definitely a false positive and writing support tickets is a lot of time wasted, so it would be great to be able to manage the blockings so that we can see who is turned down. After all false positives will always happen and this currently do not know what is going on behind the scenes.

    • Reply May 7, 2017 / 00:31 Hristo PandjarovSiteGround Team

      The system will not block you directly but will show you a challenging CAPTCHA page so even in false-positive case you will know exactly what happened and will be able to solve it immediatelly. However, now after hundreds of millions of hits blocked, we have only a couple of false-positive cases, so you really shouldn't worry about being blocked out of your site.

  11. Reply May 5, 2017 / 17:03 RerevisionistSiteGround Team

    I noticed a rise in 444 errors, in the last week or two, and inferred you were implementing some sort of filtering system. Looks good to me.

  12. Reply May 6, 2017 / 00:49 Jens KirkSiteGround Team

    Very good news ๐Ÿ™‚

    Our clients are using CloudFlare Plus which has their own DNS / site firewall. Will these clients still benefit from the new server firewall? Having 2 firewall?

    Will your firewall be the first firewall and the firewall at CloudFlare will be the second one?

    • Reply May 9, 2017 / 00:06 Hristo PandjarovSiteGround Team

      The CloudFlare firewall would be the first line of defence. Our rules will kick in once the request reaches the server so yes, your customers will benefit from having two defence mechanisms working together.

  13. Reply May 9, 2017 / 12:06 CraigSiteGround Team

    I love what you guys do. Much MUCH better and caring than the host I used to use. Worth the extra price!

  14. Reply May 10, 2017 / 07:50 EndaSiteGround Team

    This sounds great. Thanks!

  15. Reply May 10, 2017 / 09:31 HelenSiteGround Team

    This is fantastic news! Thank you for doing this.

  16. Reply May 10, 2017 / 09:32 Ian MacdonaldSiteGround Team

    Sounds like an excellent idea.

    You can also change the admin URL on most CMS, and it should be a security must-do.

    From my understanding, most 'bots try to determine what CMS is in-use from clues on the frontpage, then go to the default admin page and start bruteforcing the login form they expect to find there. The custom admin URL puts a dead stop to that, with the robot landing on the 404 page instead. (Or if you like you can put-up a dummy admin page which leads the robot to waste hours for nothing.. ๐Ÿ˜‰

    Our file-based Mara CMS allows you to append a custom parameter to any page URL, which puts you into admin mode and loads the login interface. Works similarly to a custom admin URL, advantage is you can do this on any site page.

    • Reply May 11, 2017 / 21:31 Mark LawSiteGround Team

      I use "WPS Hide Login URL" for all my clients WordPress sites. Each client then has a unique login URL instead of the default /wp-login.php

      It also prevents /wp-admin/ from redirecting to the login URL.

      I assume like you that a brute force attack can't begin until it knows the URL to submit the login to, but I could be wrong...

  17. Reply May 10, 2017 / 09:43 SteveSiteGround Team

    This is great news! I have been struggling with going over account executions limits for months due to bots just hitting the home page thousands of times a day. Implementing some aggressive solutions killed my Moodle implementation, so I have been manually excluding bots in robots.txt (which only some follow) and recently with a .htaccess script to specifically block named bots. I am really happy to be a SiteGround customer today!

  18. Reply May 10, 2017 / 10:24 joanne pinatelSiteGround Team

    I was wondering what was going on. I have quite a few Joomla sites with Brute Force Stop installed and I usually get literally hundreds of failed login attempts each week. In the last few days, I've noticed a marked drop in attacks. I thought the bots were getting lazy!

    Great work guys! Siteground is the best host out there!

    • Reply May 10, 2017 / 21:49 Nancy HildebrandtSiteGround Team

      I also noticed a sudden decrease in blocked attacks in reports from the security plugins installed on my sites and couldn't figure out if all the attackers were all on holiday or what. This is great news!

  19. Reply May 10, 2017 / 10:30 Ivica DelicSiteGround Team

    One of the above visitors wrote:
    "SiteGround takes web security seriously. Keep up the great work."

    I couldn't agree more, but not only the security - speed as well, support, etc.
    In short: SG take care of the whole hosting package to be on the highest level... and they constantly improve what is needed. ๐Ÿ™‚

    Bravo Hristo & The Team!

    • Reply May 10, 2017 / 10:56 Hristo PandjarovSiteGround Team

      Thanks Ivica, really appreciate the kind words!

  20. Reply May 10, 2017 / 10:31 Mike WilliquetteSiteGround Team

    Thank you very much! I appreciate SiteGround's work to add benefits to our accounts that really are a help to us!!

  21. Reply May 10, 2017 / 10:37 Rich…SiteGround Team

    A little too late, you have been sending me resource overage messages for months now and has been the reason I terminated one of my accounts with you. It was out of my control all along and yet you keep taking down my site for these resource overages. Good thing this was a site that saw little or no traffic and didn't really effect the actual sites operation. Glad you did something proactive and might be a good thing for the other sites I maintain with you but it was a little too late to keep me from abandoning your service for one site. Maybe I'll reconsider pulling all the sites I have with you.

    • Reply May 10, 2017 / 11:00 Hristo PandjarovSiteGround Team

      That's one of the main reasons we spend a lot of development effort to create this system. It took us months do build it but the results are amazing. I am sure that you won't regret keeping your site with us!

  22. Reply May 10, 2017 / 10:54 RonSiteGround Team

    Does this mean I don't need to include the bot-blocking code in htaccess?

    • Reply May 10, 2017 / 12:23 Hristo PandjarovSiteGround Team

      I would say you can stop using that, you should be protected by our system much better.

    • Reply May 13, 2017 / 23:14 Kelvin Chege W.SiteGround Team

      What's that code friend?
      I could use some of that protection too ๐Ÿ™‚

  23. Reply May 10, 2017 / 11:30 MohikaaniSiteGround Team

    Great news, thanks!

  24. Reply May 10, 2017 / 11:55 Kimball RexfordSiteGround Team

    "Web Hosting Services Crafted with Care?" Check!
    So glad I switched.

  25. Reply May 10, 2017 / 13:20 GregSiteGround Team

    Do we have to do anything to enable this on our cloud or it's for all customers by default?

    • Reply May 11, 2017 / 00:21 Hristo PandjarovSiteGround Team

      No, it works out of the box protecting all our customers ๐Ÿ™‚

  26. Reply May 10, 2017 / 13:32 Seyfu TasewSiteGround Team

    Thank you very much! I appreciate SiteGround's .

  27. Reply May 10, 2017 / 13:32 Seyfu TasewSiteGround Team

    Thank you very much! I appreciate SiteGround's

  28. Reply May 10, 2017 / 16:56 eve lurieSiteGround Team

    Would this reject bots trying to use the Constant Contact Newsletter signup form on a client's site? I have not been able to get a captcha that works with this Constant Contact form.

    • Reply May 11, 2017 / 00:31 Hristo PandjarovSiteGround Team

      So far we do not monitor for bots trying to exploit plugins/extensions but that's on the roadmap for future improvements.

    • Reply May 13, 2017 / 23:17 Kelvin Chege W.SiteGround Team

      Google recaptcha by Bestsoft i think could help with that, and you can use catchall version too. Check it out at WordPress

  29. Reply May 10, 2017 / 17:02 NyssaSiteGround Team

    What with Cloudflare, then Siteground, then Wordfence, then my own codes in the .htaccess file, bots don't stand a chance! ๐Ÿ˜€

    • Reply May 11, 2017 / 00:22 Hristo PandjarovSiteGround Team

      I would remove anti-bot measures from .htaccess because they are ineffective but the file content is loaded on each hit ๐Ÿ™‚

      • May 11, 2017 / 06:57 Kenny MooreSiteGround Team

        I am using the SiteGround version of Jeff Starr's 6G Firewall in htaccess. Are you recommending removing the 6G Firewall, or just a piece of it (if so, which piece?), or is 6G separate from bot blocking and I should leave it in place?

      • May 11, 2017 / 07:16 Hristo PandjarovSiteGround Team

        As far as I can see that firewall tries to match common hack attempts. That's already being handled by our WAF. It's up to you weather to leave it or not but I think most of the rules are already in place on a server leve.

      • May 11, 2017 / 21:01 Kenny MooreSiteGround Team

        Thank you Hristo. Your quick response and thoughtful advice are much appreciated. I ran some speed tests with and without 6G, did not detect a difference, so I will leave it in place for now.

      • May 11, 2017 / 23:31 Hristo PandjarovSiteGround Team

        If the effect on performance is minimal/none, keeping it is a good idea, another layer of security doesn't hurt.

  30. Reply May 10, 2017 / 17:06 LynSiteGround Team

    Just another reason this is the best hosting company I have ever used! Excellent service!

  31. Reply May 10, 2017 / 17:38 Howard KelleySiteGround Team

    I have already seen and felt the positive results of your anti-bot warfare...it is a noticeable difference. Through your efforts such as this that I am always comfortable in recommending SiteGround and pleased to renew my annual accounts. You have become a standard by which ALL other hosting system should be measured.

  32. Reply May 10, 2017 / 18:02 David HubbardSiteGround Team

    Good stuff!

  33. Reply May 10, 2017 / 18:27 PDISiteGround Team

    I'm really glad that we switched to SiteGround.

    Best support!!!

    Thank you!!!

  34. Reply May 10, 2017 / 19:32 WolfgangSiteGround Team

    I dont wanna ruin the party, but its about time they take responsibility. Me and maybe many others had serious issues in the last months. Even after clarifying the issue several times I got blamed "your site is too successful" by support, though it was clear the traffic was produced by bots. I explained siteground that i see it as THEIR responsibility to keep these bots from "knocking on my door". I explained them that i am not gonna upgrade and pay more for my account for a small website because of issues that i have no control over. Well ... support told me that i can block the bots myself. I would have to sit every day and add thousands of IPs to the blacklist in cPanel. Seriously? Looks like there were more complaints so they added this new feature. Thx for taking responsibility Siteground.

    • Reply May 11, 2017 / 02:34 Hristo PandjarovSiteGround Team

      Hello Wolfgang, you are right that the rise in the cases like yours, where sites receive enormous traffic from bots and reach their resource limits, has triggered the decision to invest in the creation of the new anti-bot system. We want to thank all customers like you, who have been among the first affected from this growing issue for the patience and for helping us become better in dealing with it.

  35. Reply May 10, 2017 / 19:51 Oran KangasSiteGround Team

    This seems to be a great idea. The only potential downside is load speed. So will this new system slow Google's view of load time?

    • Reply May 11, 2017 / 00:22 Hristo PandjarovSiteGround Team

      No, it will not affect your loading speeds in any way. The Google Bot will never be challenged with a captcha page by our system ๐Ÿ™‚

  36. Reply May 10, 2017 / 20:13 RidestokeSiteGround Team

    Regarding this captcha page and false positives. That is one of the reasons you have to be mindful of your security level with cloudflare. Too high and you can generate false captchas which is annoying for the user going to your site. How is this solution different?

    Do we have the option to turn that off since we are already using another solution to prevent brute force attacks?

    • Reply May 11, 2017 / 00:29 Hristo PandjarovSiteGround Team

      There isn't an option to turn this off. The system works globally and protects all our servers and customers. So far, after hundreds of millions of blocked hits we have just 2-3 cases (all very particular in nature) reporting false positives. So you really shouldn't worry about that. Our system is way more precise and configured to work as safe as possible so no human being should ever see the captcha.

  37. Reply May 10, 2017 / 22:00 ArneSiteGround Team

    If you want I can give you a list of thousands of ip addresses that my Akeeba install has blocked and blacklisted for both brute force and uploadsheild attacks over the last year.

    Literally thousands - most from Russia

    • Reply May 11, 2017 / 00:27 Hristo PandjarovSiteGround Team

      The great thing about our system is that it updates its blocking database dynamically. Bots change IPs, user-agents, behaviour pattern and simply blocking huge list of IPs doesn't do the trick. However, you should see a decrease in the number of IPs and intrusions blocked by Akeeba as many users already report because they don't even reach it ๐Ÿ™‚

  38. Reply May 11, 2017 / 00:39 BrianSiteGround Team

    Your introduction of an AI based anti-bot system to protect against login attacks to the CMS sounds excellent. Thank you for investing in this upgrade.

    Regarding another route into user accounts - the CPanel login page. As this page is so easy to access by anyone are there any plans to protect this page better, for example two factor authentication? It would seem sensible to protect all login routes in a similar fashion to those for the CMS itself.

    • Reply May 11, 2017 / 00:48 Hristo PandjarovSiteGround Team

      Thanks for the suggestion, that's something we've been thinking about too!

      • May 11, 2017 / 01:18 BrianSiteGround Team

        If Siteground could work out a way(s) of doing this on the CPanel login page that would be a huge improvement. I am sure there must be many unauthorised attempts to access user accounts via this route but, certainly on shared servers, owners are probably going to be unaware of these.

      • May 11, 2017 / 01:58 Hristo PandjarovSiteGround Team

        Thanks for reporting that!

  39. Reply May 11, 2017 / 00:40 John SpyrakosSiteGround Team

    Great news !!! Last months I experienced twice, brute force attacks and it seems that your AI antibot approach is the best approach to defend.

    Keep up the good work.

  40. Reply May 11, 2017 / 01:20 NishantSiteGround Team

    Great feature! I have currently password protected the wp-admin folder on my WordPress install. Would it be advisable to keep it password protected or remove that protection?

    • Reply May 11, 2017 / 01:57 Hristo PandjarovSiteGround Team

      Keep it password protected! Although we would stop the majority of bots, other attacks may still be possible and password protecting your admin login URL is a great security measure!

      • May 11, 2017 / 02:26 NishantSiteGround Team

        Thanks for the reply Hristo! Is it possible to only password protect the admin login URL (wp-login) instead of the entire directory(wp-admin)?

      • May 11, 2017 / 02:35 Hristo PandjarovSiteGround Team

        Yes, take a look at this article: https://www.siteground.com/kb/how_to_password_protect_a_single_file/

  41. Reply May 11, 2017 / 01:37 Fabio SchenoneSiteGround Team

    Super !!
    There is a page or something that keep track of the action on a cPanel level ? some kind of report like Akismet ?

    • Reply May 11, 2017 / 01:57 Hristo PandjarovSiteGround Team

      Not yet but we're thinking of a page that shows the number of blocked hits.

  42. Reply May 11, 2017 / 02:14 Kristof GheyssensSiteGround Team

    Our VPS at SiteGround does not come cheap, but with excellent support and now this AI anti-bot protection. It is worth every euro!

  43. Reply May 11, 2017 / 03:12 GomyitguySiteGround Team

    Coincident I found your blog...relay it's informative...Thanks, #Hristo

  44. Reply May 11, 2017 / 03:38 LoriSiteGround Team

    This is awesome! I am so happy to have you on my team at keeping my site up and running.

  45. Reply May 11, 2017 / 03:54 stevenSiteGround Team

    Way to go SiteGround! Keep up the great work!

  46. Reply May 11, 2017 / 04:30 Frank KSiteGround Team

    Fantastic service!

    However, I generally don't use WordPress nor Joomla, which are too bloated for my taste.

    Does this protection include regular Brute Force login attempts through htpasswd and htaccess too?

    • Reply May 11, 2017 / 05:20 Hristo PandjarovSiteGround Team

      Not at this time but we constantly add new mechanisms and criteria to catch malicious behaviour so thanks for the suggestion!

      • May 11, 2017 / 06:19 Frank KSiteGround Team

        Thank you for your answer Hristo!

  47. Reply May 11, 2017 / 06:45 ReginSiteGround Team

    Thanks! Hope this feature does a great job. I have been seeing hundreds of login attempts on my website by bots:
    - each attempt Happens every 2 - 5 seconds
    - tries so many different types of username combinations
    - Have been tracking a lot of the IPs to Ukraine and similar areas.

    I haven't seen any attacks within the last week, hope the new AI is able to fend every one of those bots!

    Cheers!

  48. Reply May 11, 2017 / 07:14 Robin KieferSiteGround Team

    We received a lot of spam posts on our wordpress blog - will these measures help reduce these?

    • Reply May 11, 2017 / 23:32 Hristo PandjarovSiteGround Team

      So far we monitor mostly login attempts and not spam comment submissions. However, that's something we've been thinking about. Unfortunatelly, without a plugin on every site like Akismet for example, it would be difficult to detect and get the information about spam comments.

  49. Reply May 11, 2017 / 07:27 PavelSiteGround Team

    Hi Hristo, does the captcha page require understanding English? Can you show it?

    • Reply May 11, 2017 / 23:36 Hristo PandjarovSiteGround Team

      Well, it is in English but people nowadays are so used to captchas that even if someone doesn't know the language, I think they will be fine. However, we wanted to make sure it's accessible for visually-impaired people.
      Captcha

  50. Reply May 11, 2017 / 07:38 arfan ahmadSiteGround Team

    Already i have activated login security from jetpack by wordpress plugin who prevents from malicious login attempts and stops bruteforce attacks. So far so jetpack has blocked roundabout 6000 malicious logins from my wordpress site.
    Now! can i uninstall that plugin?

    • Reply May 11, 2017 / 23:39 Hristo PandjarovSiteGround Team

      I would recommend that you monitor the number of attacks blocked by JetPack. If that's the only feature (it's a meta plugin) you're using it for and you notice it doesn't block IPs anymore, you can consider disabling it.

  51. Reply May 11, 2017 / 08:34 SheilaSiteGround Team

    Hristo, off-topic but how do you pronounce your name?

  52. Reply May 11, 2017 / 08:41 AbiSiteGround Team

    This works a treat. I worked on a site recent on godaddy and they had constant persistent attacks many targeting the correct username presumably scraped from author info. Compare this to a site I've just moved to your hosting and they have had hardly any. Keep up the good work!

  53. Reply May 11, 2017 / 08:52 Larry LevensonSiteGround Team

    Love it! thanks for the update about this.

    After suffering through resource overage messages for 2 months, your techs and I finally wrestled my WPMU sites under control -- but that whole process was SO annoying and stressful! Sound likes this new AI system will really help protect against future attacks.

    Thank you!!

  54. Reply May 11, 2017 / 08:53 Mark BarnesSiteGround Team

    Does this feature change the address of visitors (perhaps to the IP address of a proxy?). I had wp-login.php blocked for all but one IP address, but now that IP address is getting blocked. I've had to remove the rule to log in.

    • Reply May 11, 2017 / 23:42 Hristo PandjarovSiteGround Team

      No, it doesn't interfere with request IPs, that's probably your ISP changing IPs.

  55. Reply May 11, 2017 / 09:04 Vic HardySiteGround Team

    Wow, great job guys. This is very good news. I've just opened a SG account and am in the process of moving my 35+ sites from Bluehost to SG, mostly because of load times. My SG shared account is faster than my BH VPS. I don't generally add the protection plugins like Sucuri or Wordfence because I'm a plugin minimalist and never felt I needed them, but I do have Sucuri on one site and it gets hammered every day so I assume they all do.

    So anything you can do to stop these cretins at the outer level is appreciated. Well done.

  56. Reply May 11, 2017 / 09:52 Riley WrightSiteGround Team

    Very proactive of you! Thanks!

  57. Reply May 11, 2017 / 10:21 ChandimaSiteGround Team

    Thank you very much. I'm really appreciate you. I had nice WordPress site but 6 months a go it was compromised on Hostgator server. At that time I had a little idea that siteground can do something better solution for CMS. Now I'm happy about my change from Hostgator to Siteground. Hope you can do much more and thank you once again.

  58. Reply May 11, 2017 / 11:39 MassimoSiteGround Team

    When did the new service start?
    I just noticed on the logs a large attack on one of my Drupal sites on May 5th - almost 600 requests in a few minutes, IP from China
    Thanks

    • Reply May 11, 2017 / 23:52 Hristo PandjarovSiteGround Team

      At the beginning of the month. Note, however, that we may not detect all bot traffic so more targeted attack could have slipped through. However, we are constantly improving the product and add more and more rules and patterns to detect bad bots so hopefully, the next attack would be filtered.

  59. Reply May 11, 2017 / 11:50 Jann martinSiteGround Team

    Is there an additional charge for this?

    • Reply May 11, 2017 / 23:45 Hristo PandjarovSiteGround Team

      No, it's free and already working on all our servers ๐Ÿ™‚

  60. Reply May 11, 2017 / 13:36 Peter La FondSiteGround Team

    The only thing better than BBQ is.... WordPress on SiteGround!

  61. Reply May 11, 2017 / 15:17 Josรจ ScafarelliSiteGround Team

    Sorry i don't understand... this new security upgrade is alrady running on all our WP sites or do we have to do something to implement it?
    Thanks!

    • Reply May 11, 2017 / 23:53 Hristo PandjarovSiteGround Team

      It's already working and no action is required from you ๐Ÿ™‚

      • May 16, 2017 / 10:22 Josรจ ScafarelliSiteGround Team

        THAT's AWESOME!!!!!

  62. Reply May 11, 2017 / 16:02 Corl DeLunaSiteGround Team

    Hi Hristo,

    For WordPress I use the Wordfence security plugin. Each month they report the top attacking IP addresses they come encounter, for example https://www.wordfence.com/blog/2017/04/march-2017-wordpress-attack-report/ You'll see links to their other reports as well there. I started collecting and adding them to the end of the https://www.siteground.com/kb/prevent-malicious-bots-visiting-website/ .htaccess file each month like:
    Deny from 107.150.37.26
    Deny from 146.0.74.150
    Deny from 160.202.162.19
    ...

    I was going to ask support if there was a Find and Replace tool I could use in the cPanel to make this faster. But, then I noticed you saying to other readers that this might be mostly covered by the SiteGround WAF. Is this true? And I won't have to collect and add them to the .htaccess files anymore?

    Does the WAF protect static websites as well?

    P.S. As for cPanel security and anything I can use it with, I use https://www.grc.com/passwords.htm to generate near un-hackable passwords. Test them here https://howsecureismypassword.net/ I can't comprehend what 61 quattuortrigintillion years means, but I figure it'll cover me for more than a couple of years.

    I wish the MySQL Database Wizard accepted more password characters than it does. Please add this to your road map as well.

    Best Regards,
    Corl DeLuna

    • Reply May 12, 2017 / 00:00 Hristo PandjarovSiteGround Team

      Well, we don't just throw IPs in a block list but detect and block them dynanimcally for different period of time on all our networks. If those IPs have hit our servers, most probably they have been blocked. Once we detect bad bot behaviour, we block it per server basis. This means that although we rely on number of web apps to detect failed login attempts, once detected, bots are blocked for everyone.

      • May 12, 2017 / 12:37 Corl DeLunaSiteGround Team

        So, the .htaccess script at https://www.siteground.com/kb/prevent-malicious-bots-visiting-website/ is now no longer needed?

        While i'd still use the Wordfence plugin, now I don't need to add Wordfence's top attacking IP's like described above?

        And SG's new WAF will protect all sites both static or dynamic just as well or even better than if I continued with the two .htaccess steps above?

      • May 15, 2017 / 07:12 Angelina MichevaSiteGround Team

        Hi Corl,
        The 6G Firewall and the Wordfenceโ€™s top attacking IPโ€™s are good mechanisms for blocking unwanted traffic on your website. You can leave them active as it will not interfere with the AIโ€™s mechanism, and will still add to the security on your website.
        Our AI will collect and analyze the data from all our servers. Meaning, even if your website is hit by bots that the AI has previously detected on a completely different machine, the same bots will not affect your website as they will immediately be challenged based on the data that has been already analysed.

      • September 13, 2017 / 17:27 Liz SchneiderSiteGround Team

        I've moved several sites to Siteground in the past week each time I try to add the Wordfence Optimized Firewall (their WAF), it doesn't do anything. Is there another way to do this or is it not needed because of Siteground WAF?

      • September 14, 2017 / 03:46 Angelina MichevaSiteGround Team

        Hi Liz,

        Great to hear you have chosen our services for your websites. Please note that our anti-bot AI system operates on server level and aims to prevent brute-force login attempts. Its biggest advantage is that it monitors and analyzes simultaneously the data from all our servers. As a result it is able to detect more efficiently different patterns and malicious behaviour used from bad bots and to block automatically such traffic.

        The operation of our Anti-bot AI should not affect the use of WordFence WAF on your account. We checked in our system on your case and it appears WordFence WAF is not configured properly. You can follow this guide: https://docs.wordfence.com/en/Web_Application_Firewall_Setup, which includes instructions on how to set it up with SiteGround. If you still experience a problem implementing it, please submit a ticket so our techs can check the issue. In this way they will be able to test things on our end, and make sure we are looking at the correct website where you see the problem.

  63. Reply May 11, 2017 / 16:28 MarxSiteGround Team

    How can I enable the challenge captcha page?

    • Reply May 11, 2017 / 23:45 Hristo PandjarovSiteGround Team

      It's already enabled and working for all our customers ๐Ÿ™‚ Hopefully, you will never see the captcha page itself.

      • May 13, 2017 / 18:01 MarxSiteGround Team

        Thanks for the clarification ๐Ÿ™‚

  64. Reply May 11, 2017 / 18:44 Doug IsonSiteGround Team

    Sweet what hosting plan is this available on? How do we get it?

    • Reply May 11, 2017 / 23:29 Hristo PandjarovSiteGround Team

      It's available on all hosting plan and already works to protect your site. No further action is needed from our users ๐Ÿ™‚

  65. Reply May 12, 2017 / 10:12 Jennifer HoffmanSiteGround Team

    Great products and services, wonderful, available, helpful support -- that is what I have received with Siteground after switching from Hostgator where I experienced heavy site down times and long waits for support, sometimes more than an hour. And Siteground goes the extra miles by using their love of technology and really smart people to create customer solutions that solve big problems, like DNS attacks which I have experienced, without changing their service fees. I love siteground, a big thank you from a grateful user.

  66. Reply May 13, 2017 / 21:55 JohnSiteGround Team

    This is indeed a good news!

    So just a question, which comes first in action: Anti-Bot filter then C.Flare? before it reaches siteground clients?

    • Reply May 15, 2017 / 04:32 Angelina MichevaSiteGround Team

      Hi John,
      CloudFlare offers an excellent Web Application Firewall. Should you choose to activate it, requests sent to websites using the CND through SiteGround will first pass through CloudFlareโ€™s WAF and will be filtered there.
      Our AI will activate as soon as the request reaches our server. This could be beneficial for your website, as it will be protected by two difference systems.

  67. Reply May 14, 2017 / 20:14 Jacquie TreagusSiteGround Team

    Hello,
    This unfortunately is not working for me. I am getting spam user registrations. I installed a security plugin and the spam user registrations stopped but then it locked me out the next time I accessed the admin panel. I got help from SG to unblock me and I removed the plugin but now I am getting the spam user registrations again. This isn't my main site but another site I have added to SG (under the same account) - would this have anything to do with it? Do I need to install a security plugin and if so which one would you recommend?

    • Reply May 16, 2017 / 07:50 Angelina MichevaSiteGround Team

      Hi Jacquie,
      We would like to clarify that the system is focused on brute-force attacks and blocking bad bots targeting logins. At this time it does not monitor spam user registrations. For this reason it will not be effective towards preventing them. We can recommend you enhance the security of your registration page in order to eliminate them.

  68. Reply May 15, 2017 / 10:49 John MurielSiteGround Team

    I've seen a steady decline in amount of emails with failed or blocked bot login attempts... which has been great :).

    What I'm recently seeing is an abnormal surge in the number of daily subscribers to my newsletter. Many have suspicious looking email addresses with anonymous countries.

    John

  69. Reply May 16, 2017 / 09:38 IanSiteGround Team

    Great stuff, will keep an eye on the logs to see if we see the reduction!

    Thanks been looking for server level answer to this problem - you solved it.

  70. Reply May 28, 2017 / 13:26 Jaswinder KaurSiteGround Team

    I use SiteGround and quite happy with all new technology.

    Thanks.

  71. Reply June 19, 2017 / 09:29 MosheSiteGround Team

    Is this Anti-Bot still working??

    It seems the last few days the Failed Brute-Force attempts on our Magento download folder started again.

    Thanks

    • Reply June 20, 2017 / 01:01 Hristo PandjarovSiteGround Team

      Yes, it's working, could you open a ticket in your Help Desk with more info about this so we can investigate and update our system if necessary?

  72. Reply August 29, 2017 / 09:38 GregSiteGround Team

    Yeah its soooo good, that I cannot open my websites, also no matter how many times I write down correct captcha it doesn't allow me to go further - tried all possible browser. Changed IP - nothing works ๐Ÿ™

    • Reply August 29, 2017 / 09:53 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk, my colleagues will look into it and see what went wrong with your Captcha answers and IP blocking.

  73. Reply September 3, 2017 / 06:41 Eric GSiteGround Team

    Seems to be blocking the Tor browser.
    Entering the Captcha doesn't always work. Failed four times in a row for me.

    • Reply September 5, 2017 / 01:11 Hristo PandjarovSiteGround Team

      With Tor browser, pretty much every request comes from a different IP. It's widely used for malicous traffic and different hacking attacks. Tor exit nodes are not endless and it's normal that most of them are blocked. Please, use a regular browser in order to avoid such issues.

  74. Reply September 28, 2017 / 22:00 Gary SonnenbergSiteGround Team

    Thanks for this. I've encountered it twice recently when trying to access my own sites. It would be nice if, after I've done the captcha, it didn't show me another challenge page but took me to my site instead.

    • Reply September 29, 2017 / 00:26 Hristo PandjarovSiteGround Team

      You must have switched IPs. If you solved the captcha you should not have seen it again that soon.

  75. Reply October 8, 2017 / 03:59 AngelaSiteGround Team

    How can we turn this off for some domains ? Or whitelist IP's from this feature ? The sites we manage were getting hacked quite often ( hacker bots preying on plugin/theme vulnerabilities etc ) and so we now use a cloud based firewall in front of siteground (so providing us with an extra layer of hacker defence) . This gives us the luxury of not having to update themes , plugins , WordPress constantly and yet still stay clean from infections. Of course we update in the end but as we have the firewall covering our backs we can do it in our own time to fit our business schedule. This setup has stopped all the hacking completely and has been working great for months but now since you added this failed login IP tracking all the valid users of the sites are constantly getting catcha pages from siteground ( as the siteground feature is checking the firewall ips instead of the visiors ips). This is of course very annoying to valid users and puts them off ftom using the sites. We were not facing any issues with brute logins before so you can imagine that now with all visitors incorrectly get captchas ftom siteground is really off putting . Can we turn it off or whitelist ips for some domains?

    • Reply October 9, 2017 / 00:32 Hristo PandjarovSiteGround Team

      You can request from our support team to disable it for your account. Please, post a ticket in your Help Desk about this.

  76. Reply October 13, 2017 / 01:45 Andy RenalsSiteGround Team

    Hi Hristo,

    I'm using Gravityscan which is now failing to obtain a connection to my site. When I do a manual scan I'm told that my scan results may be incomplete or inaccurate due to security software (SiteGround Anti-Bot) used by this site. Is there a work around? Andy

    • Reply October 16, 2017 / 00:51 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk, our support team will help you out with that.

  77. Reply October 14, 2017 / 09:01 KevinSiteGround Team

    How can I whitelist the Gravityscan bot?
    They are telling me that the SiteGround Anti-Bot is blocking requests.

    • Reply October 16, 2017 / 00:49 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk and our support team will help you out.

  78. Reply October 20, 2017 / 06:10 Andy RenalsSiteGround Team

    The response from the support team is that on a shared server there are two options. Option 1 disable Anti-Bot on my domain and sub domains entrusting things to Gravityscan. Option 2 we have to assume is to rely on Anti-Bot and disable GravityScan since it can't be white-listed.

    • Reply October 23, 2017 / 23:20 Hristo PandjarovSiteGround Team

      We've worked with the Gravity scan team to make it work without our Anti-Bot system to block it. Everything should be working fine now on your end ๐Ÿ™‚

Reply

* (Required)