Bots attacked hosting site

[Boltgreywing]

So I just recently found out that some malicious bot activity has been trying to compromise my hosting site. I am guessing the users behind the bots must be getting desperate since they can't get in through my three level authentication mechanism. So the question I have is should I pull down the entire site and change the password or just change the password to stop the attacks for the time being?

[chazerz]

I would personally shut it down for a bit and change passwords and of course... I dunno anything about this. I'm SO helpful. I hope this gets resolved. I know how hard you worked on this site.

[Anoua]

I don't see why you would take your site down if that's what you mean. Bots will likely always try to get in, that is what they are designed to do. I have bots that get in some times on Animal Acres too and just ban them and move on. Eventually I will tighten my security on it, but currently it's not a priority.

It's not likely a bot was designed for your site, that would be very unusual for such a small site, plus if an individual really wanted to target your site specifically, they wouldn't need to create a bot to do that, but could just manual create accounts as wanted. They'd have an easier time getting in,  that way. And the only way to really block against spammers (which is what this ones would be called) is to moderate and block as necessary. 

I also don't why you would immediately change your password. Unless you have reason to believe the accounts been compromised, or you feel your current password is weak, I don't see why you would just change it.

[Aminirus]

I agree with @Anoua . I mean, I don't know much about bots, other than how to recognize them for Forums based on the type of email they try to submit, but I don't see the need to shut down your site entirely. They'll just be back. 

Bots, as far as I see it, are just annoying ticks on a deer. They hop on for some info and a ride and then never do anything other than take up space and provide false information (like if you're trying to keep track of member count, they mess that up). So long as you have strong authentication systems, they shouldn't be able to get in and mess things up. For such, I create super weird passwords with numbers, letters, and symbols and make it at least 8 characters long for like maximum strength. I follow this code for creating passwords on just about everything and never once have I been hacked or had bot troubles for my forums. 

Can't say yet how it'll go for Wild Howlz, but I always prefer to double check any new incoming account emails. The type of email usually gives it away as to if its a bot or not.

[Digital]

In today's world, such things are commonplace. As long as they are not actually successful, you are good. I would just monitor and keep an eye on it.

No need to take a site down over it though.

[Boltgreywing]

On 5/12/2017 at 4:09 AM, chazerz said:

I would personally shut it down for a bit and change passwords and of course... I dunno anything about this. I'm SO helpful. I hope this gets resolved. I know how hard you worked on this site.

@chazerz: I decided to just change the password.

On 5/12/2017 at 5:33 AM, Anoua said:

I don't see why you would take your site down if that's what you mean. Bots will likely always try to get in, that is what they are designed to do. I have bots that get in some times on Animal Acres too and just ban them and move on. Eventually I will tighten my security on it, but currently it's not a priority.

It's not likely a bot was designed for your site, that would be very unusual for such a small site, plus if an individual really wanted to target your site specifically, they wouldn't need to create a bot to do that, but could just manual create accounts as wanted. They'd have an easier time getting in,  that way. And the only way to really block against spammers (which is what this ones would be called) is to moderate and block as necessary. 

I also don't why you would immediately change your password. Unless you have reason to believe the accounts been compromised, or you feel your current password is weak, I don't see why you would just change it.

@Anoua: I looked through the email and it was not a bot attack on my hosting site digital ocean. Just digital ocean saying some information.

On 5/12/2017 at 8:06 AM, Aminirus said:

I agree with @Anoua . I mean, I don't know much about bots, other than how to recognize them for Forums based on the type of email they try to submit, but I don't see the need to shut down your site entirely. They'll just be back. 

Bots, as far as I see it, are just annoying ticks on a deer. They hop on for some info and a ride and then never do anything other than take up space and provide false information (like if you're trying to keep track of member count, they mess that up). So long as you have strong authentication systems, they shouldn't be able to get in and mess things up. For such, I create super weird passwords with numbers, letters, and symbols and make it at least 8 characters long for like maximum strength. I follow this code for creating passwords on just about everything and never once have I been hacked or had bot troubles for my forums. 

Can't say yet how it'll go for Wild Howlz, but I always prefer to double check any new incoming account emails. The type of email usually gives it away as to if its a bot or not.

@Aminirus: I found some information on the whole thing that I am going to send to you. Sorry about the mislead.

On 5/12/2017 at 8:56 AM, Digital said:

In today's world, such things are commonplace. As long as they are not actually successful, you are good. I would just monitor and keep an eye on it.

No need to take a site down over it though.

@Digital: I thought the password approach was better.

[Nate]

The information given here by everyone is really useful information towards bots in general.

Perhaps one of the contributors should consider making a guide for "How to handle/prevent bots on your site/game"?

Tagging all of them:
@Aminirus @Digital @chazerz @Anoua