The DDoS and the Damage Done

With this notification we would like to inform you that our in-house Website Performance Monitoring System (WPMS) has signaled that your account constantly uses a large amount of the server’s CPU resources. These excessive requests consume an abnormally high amount of CPU resources and endanger the overall performance of the server. Your account consume more then 55703.75 CPU seconds and 102195.00 CPU executions for the last 24 hours. (…) Unfortunately, your website’s server resource usage is not suitable for this server and that is why we will no longer be able to host it there.

This is the message that waited for me in my inbox when I woke up last Thursday morning (grammar errors and typos included). A quick visit to confirmed my panic: The site was down, replaced by a 503 error. Logging into my site admin panel I discovered the hosting provider had locked down my site banning access to any incoming visitors. And for good reason. A quick inspection of the resource logs showed something dramatic had happened during the night. Here are screenshots of the weekly stats and the execution log for the preceding 24 hours:

Weekly stats graph showing dramatic increase in activity
Weekly stats graph showing dramatic increase in activity
Executions log graph showing dramatic jumps in activity
Execution log shows extreme variance in activity caused by the server dropping in and out of service

Thus began what would become a 16 hour battle with arrogant and ignorant tech support “specialists”.

Video Tutorials WordPress

Video tutorial: How to remove the admin account in WordPress

In response to my post about brute force attacks against the admin username in WordPress yesterday many users have contacted me asking how to remove the admin user from their installations. In this video I demonstrate how to remove the user completely and attribute all its posts with a new administrator account.

Step by Step

  1. Log in as admin
  2. Change email address
  3. Create new administrator account
  4. Log out and log in as new administrator
  5. Delete admin account
  6. Associate all admin account posts with new administrator

Feel free to share it far and wide.