How Our New Anti-Bot AI Prevents Millions of Brute-Force Attacks
For the last few days, we have been gradually launching a new AI-based bot prevention system on our servers developed by our own DevOps specialists. We are already seeing amazing results from the operation of the system. Each hour it blocks between 500 000 and 2 million brute-force attempts across all our servers. Thus, we have prevented an unknown number of potential unauthorized logins, but what is even more important — we have managed to save an enormous amount of server resources that can now be used for a meaningful and legitimate activity by our users.
Why are bots a problem?
Malicious traffic is an enormous problem that probably affects every single website that is online. This traffic is usually created by bots trying to gain access to your site by brute-forcing its login. The bots perform multiple login attempts using different combinations of usernames and passwords. Actually, if you have a strong password, the chance of a successful bot login is minimal. However, this activity is still a serious problem. In their login attempts, the bots use huge amount of server resources. For a personal blog, for example, it can exceed multiple times the legitimate traffic created by the real human visitors. Even if bot activity is not in big volumes resulting in a denial of service, it can still make your hosting more costly by causing you to go over your account resources. The reason for that is that the account has to handle not only your legitimate visitor’s traffic, but unwanted bot traffic as well.
How does our system work?
Artificial Intelligence analyzes data from multiple servers
The main difficulty with fighting the bot activity is that bots are very clever and elusive. Bot attacks use different IPs and user agents, and often the data from attempts aimed at a single site login, or even a single server, is not good enough to determine a brute-forcing bot. We have had brute-force prevention system on each of our servers for a long time, but the new AI is much more efficient as it is able to collect and analyze simultaneously the data from all our servers. Based on the results of the analysis it can also automatically apply actions to stop unwanted bots. There are numerous indicators that our AI monitors in order to detect malicious behaviour patterns and block bad traffic. Some of them are:
- Failed login attempts in the majority of popular web applications – WordPress, Drupal, Joomla, Magento, etc.
- Number of simultaneous connections to different URLs
- Different request types and known DDoS vulnerabilities in applications
- Dynamic list of bad user agents that’s constantly being updated
We have introduced challenge captcha page
Once our system flags a certain IP address or user agent as malicious, it’s been immediately blocked and challenged with a Captcha page. The system is learning continuously how to minimize false positives. If a human visitor reaches the captcha page and solves it, the address/agent related to this solution is whitelisted. In case the captcha page persists (e.g. you see it more than once for 24 hours), please contact our support.
Comments ( 210 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
David Jackson
Hi, this is great and one of the reasons I'm glad I use SiteGround! Can I just ask, Is the new anti-bot AI now in use on your Cloud VPS servers? I have had brute-force attempt problems on one of my joomla site in the past and it would be great if this prevented it. Tanks Dave
Hristo Pandjarov Siteground Team
We don't monitor only WordPress but Joomla, Drupal, Magento and more failed login attempts so you should see a fall in the brute-force attempts towards your website.
Andy Connell
The question was wether the AI Bot is running in your Cloud VPS too or just shared servers? I'd be interested to know the answer to that too.
Hristo Pandjarov Siteground Team
Yes, all our customers are protected including those on Cloud accounts :)
Todd Chaney
Security plugins such as iThemes security do some some blocking in this area also and your customer service team has been recommending a lots of htaccess blocks specifically the 6G parameters. Are you recommending that some of these can be relaxed now since this makes for an very full and maybe overly redundant HTA access file? Keep up the Good work SiteGround!
Angelina Micheva
Hi Todd, You can relax the rules and make changes to them if yоu see fit. Yet, please be advised that if something is already implemented in your website and works well, you don’t have to remove it. The iThemes and 6G firewall rules should not create issues with the AI’s functionality.
Patrick
Hi Hristo, My question regards SSL and AW Stats. I'm hoping you can point me to documentation and if not, that someone on your team will write an article on it. My concern is that when a Wordpress site is SSL (https://), AW Stats still tracks http://. As a consequence, there are two reports: one http:// and one https:// In addition, AW Stats shows many hits for http://, and the two reports don't match. This is very concerning and makes it impossible to know for sure which numbers are accurate. To be clear, even if the main Wordpress URLs are https://, and even if I activate 'HTTPS Enforce' in Let's Encrypt SSL, AW stats shows two robust reports that don't match. So how can I get a single, accurate report for SSL sites? And where can I find documentation as to the solution? Thank you very much. Patrick
Hristo Pandjarov Siteground Team
I am afrad that this is the way AW Stats work and we can't really change it much. When you force HTTPS you still get hits on the HTTP versions but they are redirected to the encrypted URL. Basically, if you've forwarded everything to HTTPS, you should ignore the non-encrypted info in AW Stats since that's redirects only and look only into the SSL stats.
David Jackson
...thanks Hristo.
bob
Hi it's a good idea, just wonder if you guys thought of creating a whitelist in cpanel. Sometimes I have problems with your servers when I ftp many files to the server. Just wondered if there is a feature that could whitelist my IP when doing website developer work etc. and using a ftp client.
Hristo Pandjarov Siteground Team
Thanks for the suggestion! We will have in mind when we consider the upcoming features we plan to add :)
Chris
Excellent! Does this mean I no longer need to use a brute-force-protection plugin for my WordPress site?
Hristo Pandjarov Siteground Team
If you have something implemented, you should keep it but our extra layer of protection should be filtering most of that traffic before it even reaches it :)
Chris
Excellent. Thank you!
colin
Good job, guys. Keep up the fine work, I appreciate it :D
Craig
This is terrific news! I have a couple sites that have 1,000's of posts and these bots are terrible. I've been using WordFence to try and throttle them, but blocking them at the outer layers before it hits my site is great! Thanks!
Rishi
Wonderful job, SiteGround team! One of the many reasons I will continue to be a customer. :-)
Alan L. Jante
I am moving my web sites from GoDaddy to SiteGround for this very reason. SiteGround takes web security seriously. Keep up the great work.
Brian Prows
How does the SiteGround challenge page work in conjunction with CloudFlare's?
Hristo Pandjarov Siteground Team
If you have CloudFlare enabled, its page will show before ours if triggered.
Szabesz
Recently I was blocked from my site (cPanel/GoGeek) and I had to ask SiteGround Support to whitelist my IP. I do not know if it happened before the AI system had been turned on or after that, but it was really annoying and it took me a while to realize that I had been blocked. It was definitely a false positive and writing support tickets is a lot of time wasted, so it would be great to be able to manage the blockings so that we can see who is turned down. After all false positives will always happen and this currently do not know what is going on behind the scenes.
Hristo Pandjarov Siteground Team
The system will not block you directly but will show you a challenging CAPTCHA page so even in false-positive case you will know exactly what happened and will be able to solve it immediatelly. However, now after hundreds of millions of hits blocked, we have only a couple of false-positive cases, so you really shouldn't worry about being blocked out of your site.
Rerevisionist
I noticed a rise in 444 errors, in the last week or two, and inferred you were implementing some sort of filtering system. Looks good to me.
Jens Kirk
Very good news :-) Our clients are using CloudFlare Plus which has their own DNS / site firewall. Will these clients still benefit from the new server firewall? Having 2 firewall? Will your firewall be the first firewall and the firewall at CloudFlare will be the second one?
Hristo Pandjarov Siteground Team
The CloudFlare firewall would be the first line of defence. Our rules will kick in once the request reaches the server so yes, your customers will benefit from having two defence mechanisms working together.
Craig
I love what you guys do. Much MUCH better and caring than the host I used to use. Worth the extra price!
Enda
This sounds great. Thanks!
Helen
This is fantastic news! Thank you for doing this.
Ian Macdonald
Sounds like an excellent idea. You can also change the admin URL on most CMS, and it should be a security must-do. From my understanding, most 'bots try to determine what CMS is in-use from clues on the frontpage, then go to the default admin page and start bruteforcing the login form they expect to find there. The custom admin URL puts a dead stop to that, with the robot landing on the 404 page instead. (Or if you like you can put-up a dummy admin page which leads the robot to waste hours for nothing.. ;) Our file-based Mara CMS allows you to append a custom parameter to any page URL, which puts you into admin mode and loads the login interface. Works similarly to a custom admin URL, advantage is you can do this on any site page.
Mark Law
I use "WPS Hide Login URL" for all my clients Wordpress sites. Each client then has a unique login URL instead of the default /wp-login.php It also prevents /wp-admin/ from redirecting to the login URL. I assume like you that a brute force attack can't begin until it knows the URL to submit the login to, but I could be wrong...
Steve
This is great news! I have been struggling with going over account executions limits for months due to bots just hitting the home page thousands of times a day. Implementing some aggressive solutions killed my Moodle implementation, so I have been manually excluding bots in robots.txt (which only some follow) and recently with a .htaccess script to specifically block named bots. I am really happy to be a SiteGround customer today!
joanne pinatel
I was wondering what was going on. I have quite a few Joomla sites with Brute Force Stop installed and I usually get literally hundreds of failed login attempts each week. In the last few days, I've noticed a marked drop in attacks. I thought the bots were getting lazy! Great work guys! Siteground is the best host out there!
Nancy Hildebrandt
I also noticed a sudden decrease in blocked attacks in reports from the security plugins installed on my sites and couldn't figure out if all the attackers were all on holiday or what. This is great news!
Ivica Delic
One of the above visitors wrote: "SiteGround takes web security seriously. Keep up the great work." I couldn't agree more, but not only the security - speed as well, support, etc. In short: SG take care of the whole hosting package to be on the highest level... and they constantly improve what is needed. :-) Bravo Hristo & The Team!
Hristo Pandjarov Siteground Team
Thanks Ivica, really appreciate the kind words!
Mike Williquette
Thank you very much! I appreciate SiteGround's work to add benefits to our accounts that really are a help to us!!
Rich...
A little too late, you have been sending me resource overage messages for months now and has been the reason I terminated one of my accounts with you. It was out of my control all along and yet you keep taking down my site for these resource overages. Good thing this was a site that saw little or no traffic and didn't really effect the actual sites operation. Glad you did something proactive and might be a good thing for the other sites I maintain with you but it was a little too late to keep me from abandoning your service for one site. Maybe I'll reconsider pulling all the sites I have with you.
Hristo Pandjarov Siteground Team
That's one of the main reasons we spend a lot of development effort to create this system. It took us months do build it but the results are amazing. I am sure that you won't regret keeping your site with us!
Ron
Does this mean I don't need to include the bot-blocking code in htaccess?
Hristo Pandjarov Siteground Team
I would say you can stop using that, you should be protected by our system much better.
Kelvin Chege W.
What's that code friend? I could use some of that protection too :-)
Mohikaani
Great news, thanks!
Kimball Rexford
"Web Hosting Services Crafted with Care?" Check! So glad I switched.
Greg
Do we have to do anything to enable this on our cloud or it's for all customers by default?
Hristo Pandjarov Siteground Team
No, it works out of the box protecting all our customers :)
Seyfu Tasew
Thank you very much! I appreciate SiteGround's .
Seyfu Tasew
Thank you very much! I appreciate SiteGround's
eve lurie
Would this reject bots trying to use the Constant Contact Newsletter signup form on a client's site? I have not been able to get a captcha that works with this Constant Contact form.
Hristo Pandjarov Siteground Team
So far we do not monitor for bots trying to exploit plugins/extensions but that's on the roadmap for future improvements.
Kelvin Chege W.
Google recaptcha by Bestsoft i think could help with that, and you can use catchall version too. Check it out at WordPress
Nyssa
What with Cloudflare, then Siteground, then Wordfence, then my own codes in the .htaccess file, bots don't stand a chance! :D
Hristo Pandjarov Siteground Team
I would remove anti-bot measures from .htaccess because they are ineffective but the file content is loaded on each hit :)
Kenny Moore
I am using the SiteGround version of Jeff Starr's 6G Firewall in htaccess. Are you recommending removing the 6G Firewall, or just a piece of it (if so, which piece?), or is 6G separate from bot blocking and I should leave it in place?
Hristo Pandjarov Siteground Team
As far as I can see that firewall tries to match common hack attempts. That's already being handled by our WAF. It's up to you weather to leave it or not but I think most of the rules are already in place on a server leve.
Kenny Moore
Thank you Hristo. Your quick response and thoughtful advice are much appreciated. I ran some speed tests with and without 6G, did not detect a difference, so I will leave it in place for now.
Hristo Pandjarov Siteground Team
If the effect on performance is minimal/none, keeping it is a good idea, another layer of security doesn't hurt.
Lyn
Just another reason this is the best hosting company I have ever used! Excellent service!
Howard Kelley
I have already seen and felt the positive results of your anti-bot warfare...it is a noticeable difference. Through your efforts such as this that I am always comfortable in recommending SiteGround and pleased to renew my annual accounts. You have become a standard by which ALL other hosting system should be measured.
David Hubbard
Good stuff!
PDI
I'm really glad that we switched to SiteGround. Best support!!! Thank you!!!
Wolfgang
I dont wanna ruin the party, but its about time they take responsibility. Me and maybe many others had serious issues in the last months. Even after clarifying the issue several times I got blamed "your site is too successful" by support, though it was clear the traffic was produced by bots. I explained siteground that i see it as THEIR responsibility to keep these bots from "knocking on my door". I explained them that i am not gonna upgrade and pay more for my account for a small website because of issues that i have no control over. Well ... support told me that i can block the bots myself. I would have to sit every day and add thousands of IPs to the blacklist in cPanel. Seriously? Looks like there were more complaints so they added this new feature. Thx for taking responsibility Siteground.
Hristo Pandjarov Siteground Team
Hello Wolfgang, you are right that the rise in the cases like yours, where sites receive enormous traffic from bots and reach their resource limits, has triggered the decision to invest in the creation of the new anti-bot system. We want to thank all customers like you, who have been among the first affected from this growing issue for the patience and for helping us become better in dealing with it.
Oran Kangas
This seems to be a great idea. The only potential downside is load speed. So will this new system slow Google's view of load time?
Hristo Pandjarov Siteground Team
No, it will not affect your loading speeds in any way. The Google Bot will never be challenged with a captcha page by our system :)
Ridestoke
Regarding this captcha page and false positives. That is one of the reasons you have to be mindful of your security level with cloudflare. Too high and you can generate false captchas which is annoying for the user going to your site. How is this solution different? Do we have the option to turn that off since we are already using another solution to prevent brute force attacks?
Hristo Pandjarov Siteground Team
There isn't an option to turn this off. The system works globally and protects all our servers and customers. So far, after hundreds of millions of blocked hits we have just 2-3 cases (all very particular in nature) reporting false positives. So you really shouldn't worry about that. Our system is way more precise and configured to work as safe as possible so no human being should ever see the captcha.
Arne
If you want I can give you a list of thousands of ip addresses that my Akeeba install has blocked and blacklisted for both brute force and uploadsheild attacks over the last year. Literally thousands - most from Russia
Hristo Pandjarov Siteground Team
The great thing about our system is that it updates its blocking database dynamically. Bots change IPs, user-agents, behaviour pattern and simply blocking huge list of IPs doesn't do the trick. However, you should see a decrease in the number of IPs and intrusions blocked by Akeeba as many users already report because they don't even reach it :)
Brian
Your introduction of an AI based anti-bot system to protect against login attacks to the CMS sounds excellent. Thank you for investing in this upgrade. Regarding another route into user accounts - the CPanel login page. As this page is so easy to access by anyone are there any plans to protect this page better, for example two factor authentication? It would seem sensible to protect all login routes in a similar fashion to those for the CMS itself.
Hristo Pandjarov Siteground Team
Thanks for the suggestion, that's something we've been thinking about too!
Brian
If Siteground could work out a way(s) of doing this on the CPanel login page that would be a huge improvement. I am sure there must be many unauthorised attempts to access user accounts via this route but, certainly on shared servers, owners are probably going to be unaware of these.
Hristo Pandjarov Siteground Team
Thanks for reporting that!
John Spyrakos
Great news !!! Last months I experienced twice, brute force attacks and it seems that your AI antibot approach is the best approach to defend. Keep up the good work.
Nishant
Great feature! I have currently password protected the wp-admin folder on my Wordpress install. Would it be advisable to keep it password protected or remove that protection?
Hristo Pandjarov Siteground Team
Keep it password protected! Although we would stop the majority of bots, other attacks may still be possible and password protecting your admin login URL is a great security measure!
Nishant
Thanks for the reply Hristo! Is it possible to only password protect the admin login URL (wp-login) instead of the entire directory(wp-admin)?
Hristo Pandjarov Siteground Team
Yes, take a look at this article: https://www.siteground.com/kb/how_to_password_protect_a_single_file/
Fabio Schenone
Super !! There is a page or something that keep track of the action on a cPanel level ? some kind of report like Akismet ?
Hristo Pandjarov Siteground Team
Not yet but we're thinking of a page that shows the number of blocked hits.
Kristof Gheyssens
Our VPS at SiteGround does not come cheap, but with excellent support and now this AI anti-bot protection. It is worth every euro!
Gomyitguy
Coincident I found your blog...relay it's informative...Thanks, #Hristo
Lori
This is awesome! I am so happy to have you on my team at keeping my site up and running.
steven
Way to go SiteGround! Keep up the great work!
Frank K
Fantastic service! However, I generally don't use Wordpress nor Joomla, which are too bloated for my taste. Does this protection include regular Brute Force login attempts through htpasswd and htaccess too?
Hristo Pandjarov Siteground Team
Not at this time but we constantly add new mechanisms and criteria to catch malicious behaviour so thanks for the suggestion!
Frank K
Thank you for your answer Hristo!
Regin
Thanks! Hope this feature does a great job. I have been seeing hundreds of login attempts on my website by bots: - each attempt Happens every 2 - 5 seconds - tries so many different types of username combinations - Have been tracking a lot of the IPs to Ukraine and similar areas. I haven't seen any attacks within the last week, hope the new AI is able to fend every one of those bots! Cheers!
Robin Kiefer
We received a lot of spam posts on our wordpress blog - will these measures help reduce these?
Hristo Pandjarov Siteground Team
So far we monitor mostly login attempts and not spam comment submissions. However, that's something we've been thinking about. Unfortunatelly, without a plugin on every site like Akismet for example, it would be difficult to detect and get the information about spam comments.
Pavel
Hi Hristo, does the captcha page require understanding English? Can you show it?
Hristo Pandjarov Siteground Team
Well, it is in English but people nowadays are so used to captchas that even if someone doesn't know the language, I think they will be fine. However, we wanted to make sure it's accessible for visually-impaired people.
arfan ahmad
Already i have activated login security from jetpack by wordpress plugin who prevents from malicious login attempts and stops bruteforce attacks. So far so jetpack has blocked roundabout 6000 malicious logins from my wordpress site. Now! can i uninstall that plugin?
Hristo Pandjarov Siteground Team
I would recommend that you monitor the number of attacks blocked by JetPack. If that's the only feature (it's a meta plugin) you're using it for and you notice it doesn't block IPs anymore, you can consider disabling it.
Sheila
Hristo, off-topic but how do you pronounce your name?
Hristo Pandjarov Siteground Team
That question is on top of my WordCamp questions actually :) Google spells it pretty well though: https://translate.google.com/#auto/bg/Hristo
Abi
This works a treat. I worked on a site recent on godaddy and they had constant persistent attacks many targeting the correct username presumably scraped from author info. Compare this to a site I've just moved to your hosting and they have had hardly any. Keep up the good work!
Larry Levenson
Love it! thanks for the update about this. After suffering through resource overage messages for 2 months, your techs and I finally wrestled my WPMU sites under control -- but that whole process was SO annoying and stressful! Sound likes this new AI system will really help protect against future attacks. Thank you!!
Mark Barnes
Does this feature change the address of visitors (perhaps to the IP address of a proxy?). I had wp-login.php blocked for all but one IP address, but now that IP address is getting blocked. I've had to remove the rule to log in.
Hristo Pandjarov Siteground Team
No, it doesn't interfere with request IPs, that's probably your ISP changing IPs.
Vic Hardy
Wow, great job guys. This is very good news. I've just opened a SG account and am in the process of moving my 35+ sites from Bluehost to SG, mostly because of load times. My SG shared account is faster than my BH VPS. I don't generally add the protection plugins like Sucuri or Wordfence because I'm a plugin minimalist and never felt I needed them, but I do have Sucuri on one site and it gets hammered every day so I assume they all do. So anything you can do to stop these cretins at the outer level is appreciated. Well done.
Riley Wright
Very proactive of you! Thanks!
Chandima
Thank you very much. I'm really appreciate you. I had nice Wordpress site but 6 months a go it was compromised on Hostgator server. At that time I had a little idea that siteground can do something better solution for CMS. Now I'm happy about my change from Hostgator to Siteground. Hope you can do much more and thank you once again.
Massimo
When did the new service start? I just noticed on the logs a large attack on one of my Drupal sites on May 5th - almost 600 requests in a few minutes, IP from China Thanks
Hristo Pandjarov Siteground Team
At the beginning of the month. Note, however, that we may not detect all bot traffic so more targeted attack could have slipped through. However, we are constantly improving the product and add more and more rules and patterns to detect bad bots so hopefully, the next attack would be filtered.
Jann martin
Is there an additional charge for this?
Hristo Pandjarov Siteground Team
No, it's free and already working on all our servers :)
Peter La Fond
The only thing better than BBQ is.... WordPress on SiteGround!
Josè Scafarelli
Sorry i don't understand... this new security upgrade is alrady running on all our WP sites or do we have to do something to implement it? Thanks!
Hristo Pandjarov Siteground Team
It's already working and no action is required from you :)
Josè Scafarelli
THAT's AWESOME!!!!!
Corl DeLuna
Hi Hristo, For WordPress I use the Wordfence security plugin. Each month they report the top attacking IP addresses they come encounter, for example https://www.wordfence.com/blog/2017/04/march-2017-wordpress-attack-report/ You'll see links to their other reports as well there. I started collecting and adding them to the end of the https://www.siteground.com/kb/prevent-malicious-bots-visiting-website/ .htaccess file each month like: Deny from 107.150.37.26 Deny from 146.0.74.150 Deny from 160.202.162.19 ... I was going to ask support if there was a Find and Replace tool I could use in the cPanel to make this faster. But, then I noticed you saying to other readers that this might be mostly covered by the SiteGround WAF. Is this true? And I won't have to collect and add them to the .htaccess files anymore? Does the WAF protect static websites as well? P.S. As for cPanel security and anything I can use it with, I use https://www.grc.com/passwords.htm to generate near un-hackable passwords. Test them here https://howsecureismypassword.net/ I can't comprehend what 61 quattuortrigintillion years means, but I figure it'll cover me for more than a couple of years. I wish the MySQL Database Wizard accepted more password characters than it does. Please add this to your road map as well. Best Regards, Corl DeLuna
Hristo Pandjarov Siteground Team
Well, we don't just throw IPs in a block list but detect and block them dynanimcally for different period of time on all our networks. If those IPs have hit our servers, most probably they have been blocked. Once we detect bad bot behaviour, we block it per server basis. This means that although we rely on number of web apps to detect failed login attempts, once detected, bots are blocked for everyone.
Corl DeLuna
So, the .htaccess script at https://www.siteground.com/kb/prevent-malicious-bots-visiting-website/ is now no longer needed? While i'd still use the Wordfence plugin, now I don't need to add Wordfence's top attacking IP's like described above? And SG's new WAF will protect all sites both static or dynamic just as well or even better than if I continued with the two .htaccess steps above?
Angelina Micheva
Hi Corl, The 6G Firewall and the Wordfence’s top attacking IP’s are good mechanisms for blocking unwanted traffic on your website. You can leave them active as it will not interfere with the AI’s mechanism, and will still add to the security on your website. Our AI will collect and analyze the data from all our servers. Meaning, even if your website is hit by bots that the AI has previously detected on a completely different machine, the same bots will not affect your website as they will immediately be challenged based on the data that has been already analysed.
Liz Schneider
I've moved several sites to Siteground in the past week each time I try to add the Wordfence Optimized Firewall (their WAF), it doesn't do anything. Is there another way to do this or is it not needed because of Siteground WAF?
Angelina Micheva
Hi Liz, Great to hear you have chosen our services for your websites. Please note that our anti-bot AI system operates on server level and aims to prevent brute-force login attempts. Its biggest advantage is that it monitors and analyzes simultaneously the data from all our servers. As a result it is able to detect more efficiently different patterns and malicious behaviour used from bad bots and to block automatically such traffic. The operation of our Anti-bot AI should not affect the use of WordFence WAF on your account. We checked in our system on your case and it appears WordFence WAF is not configured properly. You can follow this guide: https://docs.wordfence.com/en/Web_Application_Firewall_Setup, which includes instructions on how to set it up with SiteGround. If you still experience a problem implementing it, please submit a ticket so our techs can check the issue. In this way they will be able to test things on our end, and make sure we are looking at the correct website where you see the problem.
Marx
How can I enable the challenge captcha page?
Hristo Pandjarov Siteground Team
It's already enabled and working for all our customers :) Hopefully, you will never see the captcha page itself.
Marx
Thanks for the clarification :)
Doug Ison
Sweet what hosting plan is this available on? How do we get it?
Hristo Pandjarov Siteground Team
It's available on all hosting plan and already works to protect your site. No further action is needed from our users :)
Jennifer Hoffman
Great products and services, wonderful, available, helpful support -- that is what I have received with Siteground after switching from Hostgator where I experienced heavy site down times and long waits for support, sometimes more than an hour. And Siteground goes the extra miles by using their love of technology and really smart people to create customer solutions that solve big problems, like DNS attacks which I have experienced, without changing their service fees. I love siteground, a big thank you from a grateful user.
John
This is indeed a good news! So just a question, which comes first in action: Anti-Bot filter then C.Flare? before it reaches siteground clients?
Angelina Micheva
Hi John, CloudFlare offers an excellent Web Application Firewall. Should you choose to activate it, requests sent to websites using the CND through SiteGround will first pass through CloudFlare’s WAF and will be filtered there. Our AI will activate as soon as the request reaches our server. This could be beneficial for your website, as it will be protected by two difference systems.
Jacquie Treagus
Hello, This unfortunately is not working for me. I am getting spam user registrations. I installed a security plugin and the spam user registrations stopped but then it locked me out the next time I accessed the admin panel. I got help from SG to unblock me and I removed the plugin but now I am getting the spam user registrations again. This isn't my main site but another site I have added to SG (under the same account) - would this have anything to do with it? Do I need to install a security plugin and if so which one would you recommend?
Angelina Micheva
Hi Jacquie, We would like to clarify that the system is focused on brute-force attacks and blocking bad bots targeting logins. At this time it does not monitor spam user registrations. For this reason it will not be effective towards preventing them. We can recommend you enhance the security of your registration page in order to eliminate them.
John Muriel
I've seen a steady decline in amount of emails with failed or blocked bot login attempts... which has been great :). What I'm recently seeing is an abnormal surge in the number of daily subscribers to my newsletter. Many have suspicious looking email addresses with anonymous countries. John
Ian
Great stuff, will keep an eye on the logs to see if we see the reduction! Thanks been looking for server level answer to this problem - you solved it.
Jaswinder Kaur
I use SiteGround and quite happy with all new technology. Thanks.
Moshe
Is this Anti-Bot still working?? It seems the last few days the Failed Brute-Force attempts on our Magento download folder started again. Thanks
Hristo Pandjarov Siteground Team
Yes, it's working, could you open a ticket in your Help Desk with more info about this so we can investigate and update our system if necessary?
Greg
Yeah its soooo good, that I cannot open my websites, also no matter how many times I write down correct captcha it doesn't allow me to go further - tried all possible browser. Changed IP - nothing works :(
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk, my colleagues will look into it and see what went wrong with your Captcha answers and IP blocking.
Eric G
Seems to be blocking the Tor browser. Entering the Captcha doesn't always work. Failed four times in a row for me.
Hristo Pandjarov Siteground Team
With Tor browser, pretty much every request comes from a different IP. It's widely used for malicous traffic and different hacking attacks. Tor exit nodes are not endless and it's normal that most of them are blocked. Please, use a regular browser in order to avoid such issues.
Gary Sonnenberg
Thanks for this. I've encountered it twice recently when trying to access my own sites. It would be nice if, after I've done the captcha, it didn't show me another challenge page but took me to my site instead.
Hristo Pandjarov Siteground Team
You must have switched IPs. If you solved the captcha you should not have seen it again that soon.
Angela
How can we turn this off for some domains ? Or whitelist IP's from this feature ? The sites we manage were getting hacked quite often ( hacker bots preying on plugin/theme vulnerabilities etc ) and so we now use a cloud based firewall in front of siteground (so providing us with an extra layer of hacker defence) . This gives us the luxury of not having to update themes , plugins , WordPress constantly and yet still stay clean from infections. Of course we update in the end but as we have the firewall covering our backs we can do it in our own time to fit our business schedule. This setup has stopped all the hacking completely and has been working great for months but now since you added this failed login IP tracking all the valid users of the sites are constantly getting catcha pages from siteground ( as the siteground feature is checking the firewall ips instead of the visiors ips). This is of course very annoying to valid users and puts them off ftom using the sites. We were not facing any issues with brute logins before so you can imagine that now with all visitors incorrectly get captchas ftom siteground is really off putting . Can we turn it off or whitelist ips for some domains?
Hristo Pandjarov Siteground Team
You can request from our support team to disable it for your account. Please, post a ticket in your Help Desk about this.
Andy Renals
Hi Hristo, I'm using Gravityscan which is now failing to obtain a connection to my site. When I do a manual scan I'm told that my scan results may be incomplete or inaccurate due to security software (SiteGround Anti-Bot) used by this site. Is there a work around? Andy
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk, our support team will help you out with that.
Kevin
How can I whitelist the Gravityscan bot? They are telling me that the SiteGround Anti-Bot is blocking requests.
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk and our support team will help you out.
Andy Renals
The response from the support team is that on a shared server there are two options. Option 1 disable Anti-Bot on my domain and sub domains entrusting things to Gravityscan. Option 2 we have to assume is to rely on Anti-Bot and disable GravityScan since it can't be white-listed.
Hristo Pandjarov Siteground Team
We've worked with the Gravity scan team to make it work without our Anti-Bot system to block it. Everything should be working fine now on your end :)
Tamas
Great news. Does it mean that I do not need to use Loginizer on every WP installation because your new anti-bot system makes it unnecessary? It would be great :)
Angelina Micheva
Hi Tamas, The logic behind our system resembles the functionality of the Loginizer plugin. Your sites will be always be protected on our servers via the AI system and it is working on a global level to keep them safe. In case you want to have more control in managing this process for the websites you can use the plugin as well. Regards, SiteGround Team
Frank
Hi We have migrated an old forum to a new bbpress/wordpress version hosted on Siteground. We have users on our site that is generally very picky about protecting their privacy from eavesdropping from anyone, simply by principle. The number of such individuals are clearly on the rise. They use among other solutions, TOR and have never experienced problems with other sites. BUT they have just about given up our site which is very unfortunate as they are among the largest contributors to our forum. The problem is that they end up at your anti-bot-ai Captcha - which is fine and completely acceptable - but when they solve the captcha they are not referred back to the site, but are presented with a new captcha endlessly. Their ip seems not to be blocked as they gain acces if they manually enter the original URL after solving the captcha!?!?! Do you have an explanation for this behaviour? It must be possible to redirect correctly by issuing a cookie that the browser can present or similar (I am no security expert) (which would be acceptable for the users in this particular situation as would be part of encrypted information) How can we ensure that legitimit TOR users can use our site? Just telling them to use an unsafe browser is considered rude - we have tried that .-( best regards,
Hristo Pandjarov Siteground Team
The Tor browser makes requests constantly switching IP addresses. It is widely used by people who want to do malicious tasks without being detected. Although many, Tor has finite number of IP addresses and due to its regular usage, those addresses get blocked very, very fast. The problem comes from the fact that Tor uses a torrent like technology to make requests from a variety of IPs. Usually, if a regular user is presented with a captcha and solves it, they will never see the challenge again. We have very, very little false-positives with that system. However, due to the constant IP change for requests, users keep getting challenged with captcha. We can't risk the security of our customers and allow IPs that have been used for malicious reasons to access our servers. I would recommend that you advice your visitors to use a regular browser when visiting your site.
Frank
thanks for the answer, did not give me any explanation why solving the captcha does not redirect back to the site as it should. And it sounds like a contradiction to me - you DO actually let people in from the TOR network - the captcha redirection is just not working. as I stated - "Their ip seems not to be blocked as they gain access if they manually enter the original URL after solving the captcha!?!?!" (i.e. removing the "./well-known/captcha...." that is appended and which I assume is your anti-bot-ai) So if the user can manually enter the URL after solving the captcha - why cant the captcha page send the user to our site??
Hristo Pandjarov Siteground Team
That looks like an application issue, once solved the captcha, the user is redireted to the originating URL. However, if that URL is restricted for logged in users for example, it may redirect to the index. Please, email me at hristo.p at siteground.com with exact URLs to test with and I will be able to give a more concrete answer.
Steve
I've been blocked from all my sites on my account. How do I clear it. I've already tried clearing my browser cache.
Hristo Pandjarov Siteground Team
Our Anti-bot system chalanges requests with captcha it does not block IPs. If you've been blocked, other systems have most probably noticed some malicious requests coming from you. Please, open a ticket in your Help Desk so we can assist you further.
Eric
I can't even log into my own admin because of this "feature". I understand why it was implemented but it is very bothersome to me and my customers. The logic is we shouldn't have enter a captcha in the first place. This should all be done in the background. Your AI needs to be tweaked at the very least. Prompting everyone to enter a captcha and then white-listing IP addresses doesn't sound like good AI to me.
Hristo Pandjarov Siteground Team
Not everyone is prompted with a CAPTCHA. If you see it, this means that there's malicious traffic or traffic considered malicious coming from your IP address. Even then, you should see it once. If this happens again, please post a ticket in your Help Desk providing your IP address and our team will look into it further.
Marty
Hi Hristo, I would like to provide some feedback on the AI defence system and hope that you could pass it onto the developers to consider for a future update? I noticed in my logs i had 43 requests, over a period of 30 minutes, to /wp-admin/admin-ajax.php This is obviously not human activity, and i think the defence system should be able to detect things like this and prevent them. Thanks
Hristo Pandjarov Siteground Team
That could easily be an opened tab in a browser logged into your backend, also known as the WP Heartbeat. That's not a login attempt, so you shouldn't be worried about it :)
Raul
Your bot isn't letting me log in
Hristo Pandjarov Siteground Team
The bot challenges you with a captcha when detects you as maliciout load. Unless you're using a Tor browser or similar, that shouldn't be a problem. For further assistance, please contact our technical support team.
Miko
Hi Hristo, We recently transferred to SG and so far everything has been very smooth and support is great. A recent challenge, however blocked Google bot from crawling our CDN files. We use MaxCDN for our static content and our xml sitemaps are reference links to the CDN location of our files. When Googlebot tires to crawl our images for example, CDN logs show error: 502. Your anti-bot AI was blocking the requests because they were originating from MaxCDN IP ranges but not Google IPs. This sounds fine, however I expect MaxCDN to be whitelisted being a recognized CDN provider. The support guys acted quickly and whitelisted our domain in your anti-bot AI as a workaround. We really would like to take full advantage of your services and turning off anti-bot AI should not be the permanent fix in this case. Any help is appreciated! Thanks! p.s. Our account is hosted in your UK location.
Hristo Pandjarov Siteground Team
Thanks for your feedback, I will discuss this with our devops team and see if we can whitelist their IPs globally.
Miko
Hi Hristo, Just checking if MaxCDN has been whitelisted in your anti-bot system? Thank you very much!
Hristo Pandjarov Siteground Team
We did update some rules and issue shouldn't happen anymore. Do you still have problems with that?
Miko
SG Support team whitelisted our domain in the anti-bot system as a workaround. If the MaxCDN IP ranges were whitelisted when I think it should be safe to re-arm the AI again but do not want to experiment.
Hristo Pandjarov Siteground Team
Whitelisting a wide range of IPs is not the best way to do that because there's no guarantee that all the traffic coming from them is legitimate. We're getting fewer and fewer false-positives from the system and constantly improving its filters is much better in the long term.
Shelly Haffly
I'm currently in the middle of developing a site and have been kicked out with this bot message - in the middle of working. Followed by another one, when I went to a different client site to update something else. Maybe the settings need to be eased up some. This is ridiculous.
Hristo Pandjarov Siteground Team
That's strange, once you solve the captcha from that address, you should not see it again for quite some time. Could you open a ticket in your Help Desk next time this happens so we can investigate and solve that.
Herman
seems like this is interfering with ezoic ad testing. Is there a way to white list ezoic?
Hristo Pandjarov Siteground Team
Thanks for reporting that, could you open a ticket in your Help Desk regarding that so we can troubleshoot with exact data and see what's triggering it exactly.
Stuart Wilson
Can you please stop using this on my site. If it continues, I am cancelling my siteground subscription.
Hristo Pandjarov Siteground Team
If you're experiencing issues with our anti-bot system, please open a ticket in your Help Desk, my colleagues will assist you further.
Jean-François Cloutier
You should add geo local language, and be carefully about VPN traffic, because i get « Our system thinks you might be a robot!» when im connected to my VPN, and also i get a english langage message when my site is FRENCH!
Hristo Pandjarov Siteground Team
The AI system cannot know the language of your site, it detects pattern, considered bot traffic and shows a generic captcha in English. I am sorry for the inconvenience but I am sure your normal French visitors will never see that message.
GG
over the past week or two, i have gone from 3-4 failed and blocked login attempts per week to about 20 failed log ins per day, and that is with IP blocking on the 3rd failed attempt... doesn't seem to be working. Using wordpress and limit login attempts plugin...
Hristo Pandjarov Siteground Team
3-4 failed login attempts per week cannot be considered as brute-force attak, nor 20 per day. That's way too low threshold for banning an IP from our system.
Jes C
This makes working on client sites an absolute pain in the you-know-what. While the concept is solid, tThere needs to be an option to disable/enable it within the cpanel. It's absolute hell when I have to enter a captcha every time I try to view changes made.
Hristo Pandjarov Siteground Team
Please, open a ticket in your Help Desk, something you're doing is triggering the AI system. Once you solve the captcha you shouldn't see it again unless the same rules are triggered.
Theodore Hildebrandt
I'm getting this captcha screen on every page load. It's frustrating. How do we turn it off?
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk so we can look into it.
Frederico
I need this to be in portuguese, my customers believe that my website is the problem when they see this challenge in english.
Hristo Pandjarov Siteground Team
I am afraid we cannot internationalize that message. However, your customers should not see that captcha challenge if it's a legitimate traffic.
Andy
Is good that you allow to disable this anti-bot AI for entire website, otherwise can be a real problem. Ezoic ad network has thousands of IPs that were blocked, if they change some IPs and traffic is blocked is not good at all - can be a reason to choose another hosting. So is good to let the possibility to turn it off (good to make the option in CPanel too).
Hristo Pandjarov Siteground Team
You can always open a ticket in your Help Desk and request the protection to be stopped for your account. However, the system works for quite some time now and false-positives are very, very rare. So I think it's better to provide us with IPs you believe are incorrectly blocked so we can investigate further.
Kristof Gheyssens
they don't seem so very, very rare. Client of ours had several people in the company who all got the captcha, not just one user.
Hristo Pandjarov Siteground Team
Any chance they work in the same office? We block IPs so that's to be expected if one triggers the captcha with multiple incorrect login attempts for example, the rest to be challenged with it too.
Thom
There's got to be a better way. I'm not doing a captcha to read an article, I'll just move on. It also stopped me from making a purchase recently. The system thinks I might be a robot? Absurd. But then you don't need my money.
Hristo Pandjarov Siteground Team
People should not see a captcha in first place if the traffic is legitimate. It's difficult to get your IP flagged unless there's malicious traffic from it so I would not be worried about your customers having to solve it.
Darius
Great idea but its very bad for the visitors. They will just back out instead of doing the captcha to read, view, or purchase. I requested the feature to be taken off of my account. I recommend this not being a default feature on the accounts. Let your customers use something else like Cloudflare that focus on fighting bots.
Hristo Pandjarov Siteground Team
Normal users should never see the captcha challenge. It requires detected malicious activity to blacklist an IP address and those lists are constantly updated. This service saves tons of hosting resources to customers from bad bot traffic and I really don't recommend turning it off. By the way, Cloudflare use captcha to confront bots too.
Prashant
Can the AI anti-bot be made intelligent enough to whitelist traffic from popular speedtest tools such as GTmetrix & Webpagetest? Its difficult to measure speed of our sites when we see siteground captcha validation while testing speed of our website. I raised a support ticket also, but it isn't helping
Hristo Pandjarov Siteground Team
We are not blocking that traffic. It's something with your particular account and we've already replied to your ticket :)
Ilyes
Also, you should at least whitelist traffic coming from search engines, i activated a VPN on incognito window to check how my website is performing, i clicked my website link on google search results and i found robot challenge screen.
Hristo Pandjarov Siteground Team
Search engines do not get challenged with captcha. However, it seems your VPN address has been used for activities, marked as malicous by our system, thus the captcha screen.
Sourav
Hi Hristo, While your intentions are good, the BOT challenge page being served to even human traffic is a big put off . An eCommerce client of ours has lost traffic and visitors . Their FB campaigns have sent visitors to the website who see a Captcha page instead. So it seems the AI cant distinguish yet traffic correctly. My client might shift his hosting to another provider if no there is no resolution.
Hristo Pandjarov Siteground Team
Our AI service does not block IPs unless there are malicious traffic coming from that. This said, please open a ticket in your Help Desk and provide my colleagues with details about the issues so we can investigate and see what can be done.
JTurner
Completely agree with SOURAV. This should be opt-in only.
Marina Yordanova Siteground Team
Hello JTurner, thank you for your comment. Currently, you cannot opt-out of it, but our team will be able to assist you if you should stumble upon a particular problem with the anti-bot AI. So, please be sure to post a ticket to our Support team.
Scott
Can you at least make the captcha page redirect to the original requested page instead of going to the root domain. For whatever reason you think the company I work for is a bot, but the most annoying thing is having to enter the captcha and then go back to google and reclick the link.
Hristo Pandjarov Siteground Team
The system is indeed configured to redirect to the requested page after successfully solving the captcha. If it redirects to your homepage, most probably there's something within your site config doing it. Furthermore, please note that we don't start challenging with captcha unless numerous bad login attempts are made per time frame, so normal traffic should not be affected. Make sure your saved passwords are up-to-date and if there isn't any software generating incorrect logins on your network. If the issue persists, please contact our support team with a ticket and we will investigate further.
Nick
Hi Hristo, One of our Woocommerce sites recently experienced a 'carding attack', and our payments company suspended our account until we installed reCAPTCHA on our Checkout page. Would your servers be expected to pick up on this traffic, or is this sort of attack out of its range?
Hristo Pandjarov Siteground Team
Right now we monitor login attempts mostly and since there's no failed signups it must have went pass our filters. If you could send me more detailed info at hristo.p [at] siteground.com it would be highly appreciated, we always add new rules and improve our systems to detect malicious traffic better.
Nick
Thanks Hristo - I've raised a support ticket too, and I'll email you an update.
Kris
Are you guys the original designers of this anti-bot software? I ask because I get caught at these pages all the time. I have no issue with the idea of entering a code as it only takes a moment, but there are 2 primary problems. 1. If it accepts the code it never takes you to the original url you were trying to go (from the search engine). 2. Many times (More times than not for me) it doesn't accept the code. It says "Incorrect Code". I can enter the correct code every time and it will never work. I have one site I entered the code it asked for about 8 times in a row before I gave up. I have gotten to the point now that if I am going to purchase something and that bot thing shows up I just buy elsewhere, or use another sites service. I understand the Antibot thing 100%, but when you are turning away customers and provide them no way to bypass you are effectively tanking legitimate users.
Hristo Pandjarov Siteground Team
This can only happen if you are behind a proxy that handles each request through different IPs and those IPs are all blocked by out Anti-Bot system. Otherwise a single captcha solving is enough. Please, post as ticket in your Help Desk with detailed information regarding your particular case and we will look into it. We do not block legitimate users and this is not something you should be worried about.
Kris
I appreciate the reply. It looks like technical support is for customers, but as I am not one I will put in a message with sales and see if it gets to the right department. Thank You!
Ola
Please how can i disable this on my site. Whenever i enter the captha, it keeps giving me another to enter.
Hristo Pandjarov Siteground Team
Please, check if you don't have any software generating incorrect logins, like an FTP app for example. If you think your network is marked incorrectly, please contact our support team.
Krishna
What a mess.... i cant see my website. I entered dozen of times the characters on recaptcha. Nothing. Zero. Nada. I had to register on my Siteground Hosting account to see my page. What about other people?
Hristo Pandjarov Siteground Team
Make sure you're not using some browser stripping cookies like the Tor browsers. Once solved, the captcha should not be shown to you for at least 24 hours. Most probably other people do not have problems since they are not originating from your IP. In addition, check if some software logging into your account is not generating incorrect logins.
Comments for this post are now closed.