How Our New Anti-Bot AI Prevents Millions of Brute-Force Attacks

For the last few days, we have been gradually launching a new AI-based bot prevention system on our servers developed by our own DevOps specialists. We are already seeing amazing results from the operation of the system. Each hour it blocks between 500 000 and 2 million brute-force attempts across all our servers. Thus, we have prevented an unknown number of potential unauthorized logins, but what is even more important — we have managed to save an enormous amount of server resources that can now be used for a meaningful and legitimate activity by our users.

Why are bots a problem?

Malicious traffic is an enormous problem that probably affects every single website that is online. This traffic is usually created by bots trying to gain access to your site by brute-forcing its login. The bots perform multiple login attempts using different combinations of usernames and passwords. Actually, if you have a strong password, the chance of a successful bot login is minimal. However, this activity is still a serious problem. In their login attempts, the bots use huge amount of server resources. For a personal blog, for example, it can exceed multiple times the legitimate traffic created by the real human visitors. Even if bot activity is not in big volumes resulting in a denial of service, it can still make your hosting more costly by causing you to go over your account resources. The reason for that is that the account has to handle not only your legitimate visitor’s traffic, but unwanted bot traffic as well.

How does our system work?

Artificial Intelligence analyzes data from multiple servers

The main difficulty with fighting the bot activity is that bots are very clever and elusive. Bot attacks use different IPs and user agents, and often the data from attempts aimed at a single site login, or even a single server, is not good enough to determine a brute-forcing bot. We have had brute-force prevention system on each of our servers for a long time, but the new AI is much more efficient as it is able to collect and analyze simultaneously the data from all our servers. Based on the results of the analysis it can also automatically apply actions to stop unwanted bots. There are numerous indicators that our AI monitors in order to detect malicious behaviour patterns and block bad traffic. Some of them are:

  • Failed login attempts in the majority of popular web applications – WordPress, Drupal, Joomla, Magento, etc.
  • Number of simultaneous connections to different URLs
  • Different request types and known DDoS vulnerabilities in applications
  • Dynamic list of bad user agents that’s constantly being updated

We have introduced challenge captcha page

Once our system flags a certain IP address or user agent as malicious, it’s been immediately blocked and challenged with a Captcha page. The system is learning continuously how to minimize false positives. If a human visitor reaches the captcha page and solves it, the address/agent related to this solution is whitelisted. In case the captcha page persists (e.g. you see it more than once for 24 hours), please contact our support.

author avatar
Hristo Pandjarov

WordPress Initiatives Manager

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments ( 215 )

author avatar

David Jackson

May 04, 2017

Hi, this is great and one of the reasons I'm glad I use SiteGround! Can I just ask, Is the new anti-bot AI now in use on your Cloud VPS servers? I have had brute-force attempt problems on one of my joomla site in the past and it would be great if this prevented it. Tanks Dave

author avatar

Hristo Pandjarov Siteground Team

May 04, 2017

We don't monitor only WordPress but Joomla, Drupal, Magento and more failed login attempts so you should see a fall in the brute-force attempts towards your website.

author avatar

Andy Connell

May 04, 2017

The question was wether the AI Bot is running in your Cloud VPS too or just shared servers? I'd be interested to know the answer to that too.

author avatar

Hristo Pandjarov Siteground Team

May 04, 2017

Yes, all our customers are protected including those on Cloud accounts :)

author avatar

Todd Chaney

May 13, 2017

Security plugins such as iThemes security do some some blocking in this area also and your customer service team has been recommending a lots of htaccess blocks specifically the 6G parameters. Are you recommending that some of these can be relaxed now since this makes for an very full and maybe overly redundant HTA access file? Keep up the Good work SiteGround!

author avatar

Angelina Micheva

May 15, 2017

Hi Todd, You can relax the rules and make changes to them if yоu see fit. Yet, please be advised that if something is already implemented in your website and works well, you don’t have to remove it. The iThemes and 6G firewall rules should not create issues with the AI’s functionality.

author avatar

Patrick

May 20, 2017

Hi Hristo, My question regards SSL and AW Stats. I'm hoping you can point me to documentation and if not, that someone on your team will write an article on it. My concern is that when a Wordpress site is SSL (https://), AW Stats still tracks http://. As a consequence, there are two reports: one http:// and one https:// In addition, AW Stats shows many hits for http://, and the two reports don't match. This is very concerning and makes it impossible to know for sure which numbers are accurate. To be clear, even if the main Wordpress URLs are https://, and even if I activate 'HTTPS Enforce' in Let's Encrypt SSL, AW stats shows two robust reports that don't match. So how can I get a single, accurate report for SSL sites? And where can I find documentation as to the solution? Thank you very much. Patrick

author avatar

Hristo Pandjarov Siteground Team

May 22, 2017

I am afrad that this is the way AW Stats work and we can't really change it much. When you force HTTPS you still get hits on the HTTP versions but they are redirected to the encrypted URL. Basically, if you've forwarded everything to HTTPS, you should ignore the non-encrypted info in AW Stats since that's redirects only and look only into the SSL stats.

author avatar

David Jackson

May 04, 2017

...thanks Hristo.

author avatar

bob

May 04, 2017

Hi it's a good idea, just wonder if you guys thought of creating a whitelist in cpanel. Sometimes I have problems with your servers when I ftp many files to the server. Just wondered if there is a feature that could whitelist my IP when doing website developer work etc. and using a ftp client.

author avatar

Hristo Pandjarov Siteground Team

May 04, 2017

Thanks for the suggestion! We will have in mind when we consider the upcoming features we plan to add :)

author avatar

Chris

May 04, 2017

Excellent! Does this mean I no longer need to use a brute-force-protection plugin for my WordPress site?

author avatar

Hristo Pandjarov Siteground Team

May 05, 2017

If you have something implemented, you should keep it but our extra layer of protection should be filtering most of that traffic before it even reaches it :)

author avatar

Chris

May 09, 2017

Excellent. Thank you!

author avatar

colin

May 04, 2017

Good job, guys. Keep up the fine work, I appreciate it :D

author avatar

Craig

May 05, 2017

This is terrific news! I have a couple sites that have 1,000's of posts and these bots are terrible. I've been using WordFence to try and throttle them, but blocking them at the outer layers before it hits my site is great! Thanks!

author avatar

Rishi

May 05, 2017

Wonderful job, SiteGround team! One of the many reasons I will continue to be a customer. :-)

author avatar

Alan L. Jante

May 05, 2017

I am moving my web sites from GoDaddy to SiteGround for this very reason. SiteGround takes web security seriously. Keep up the great work.

author avatar

Brian Prows

May 05, 2017

How does the SiteGround challenge page work in conjunction with CloudFlare's?

author avatar

Hristo Pandjarov Siteground Team

May 09, 2017

If you have CloudFlare enabled, its page will show before ours if triggered.

author avatar

Szabesz

May 05, 2017

Recently I was blocked from my site (cPanel/GoGeek) and I had to ask SiteGround Support to whitelist my IP. I do not know if it happened before the AI system had been turned on or after that, but it was really annoying and it took me a while to realize that I had been blocked. It was definitely a false positive and writing support tickets is a lot of time wasted, so it would be great to be able to manage the blockings so that we can see who is turned down. After all false positives will always happen and this currently do not know what is going on behind the scenes.

author avatar

Hristo Pandjarov Siteground Team

May 07, 2017

The system will not block you directly but will show you a challenging CAPTCHA page so even in false-positive case you will know exactly what happened and will be able to solve it immediatelly. However, now after hundreds of millions of hits blocked, we have only a couple of false-positive cases, so you really shouldn't worry about being blocked out of your site.

author avatar

Rerevisionist

May 05, 2017

I noticed a rise in 444 errors, in the last week or two, and inferred you were implementing some sort of filtering system. Looks good to me.

author avatar

Jens Kirk

May 06, 2017

Very good news :-) Our clients are using CloudFlare Plus which has their own DNS / site firewall. Will these clients still benefit from the new server firewall? Having 2 firewall? Will your firewall be the first firewall and the firewall at CloudFlare will be the second one?

author avatar

Hristo Pandjarov Siteground Team

May 09, 2017

The CloudFlare firewall would be the first line of defence. Our rules will kick in once the request reaches the server so yes, your customers will benefit from having two defence mechanisms working together.

author avatar

Craig

May 09, 2017

I love what you guys do. Much MUCH better and caring than the host I used to use. Worth the extra price!

author avatar

Enda

May 10, 2017

This sounds great. Thanks!

author avatar

Helen

May 10, 2017

This is fantastic news! Thank you for doing this.

author avatar

Ian Macdonald

May 10, 2017

Sounds like an excellent idea. You can also change the admin URL on most CMS, and it should be a security must-do. From my understanding, most 'bots try to determine what CMS is in-use from clues on the frontpage, then go to the default admin page and start bruteforcing the login form they expect to find there. The custom admin URL puts a dead stop to that, with the robot landing on the 404 page instead. (Or if you like you can put-up a dummy admin page which leads the robot to waste hours for nothing.. ;) Our file-based Mara CMS allows you to append a custom parameter to any page URL, which puts you into admin mode and loads the login interface. Works similarly to a custom admin URL, advantage is you can do this on any site page.

author avatar

Mark Law

May 12, 2017

I use "WPS Hide Login URL" for all my clients Wordpress sites. Each client then has a unique login URL instead of the default /wp-login.php It also prevents /wp-admin/ from redirecting to the login URL. I assume like you that a brute force attack can't begin until it knows the URL to submit the login to, but I could be wrong...

author avatar

Steve

May 10, 2017

This is great news! I have been struggling with going over account executions limits for months due to bots just hitting the home page thousands of times a day. Implementing some aggressive solutions killed my Moodle implementation, so I have been manually excluding bots in robots.txt (which only some follow) and recently with a .htaccess script to specifically block named bots. I am really happy to be a SiteGround customer today!

author avatar

joanne pinatel

May 10, 2017

I was wondering what was going on. I have quite a few Joomla sites with Brute Force Stop installed and I usually get literally hundreds of failed login attempts each week. In the last few days, I've noticed a marked drop in attacks. I thought the bots were getting lazy! Great work guys! Siteground is the best host out there!

author avatar

Nancy Hildebrandt

May 11, 2017

I also noticed a sudden decrease in blocked attacks in reports from the security plugins installed on my sites and couldn't figure out if all the attackers were all on holiday or what. This is great news!

author avatar

Ivica Delic

May 10, 2017

One of the above visitors wrote: "SiteGround takes web security seriously. Keep up the great work." I couldn't agree more, but not only the security - speed as well, support, etc. In short: SG take care of the whole hosting package to be on the highest level... and they constantly improve what is needed. :-) Bravo Hristo & The Team!

author avatar

Hristo Pandjarov Siteground Team

May 10, 2017

Thanks Ivica, really appreciate the kind words!

author avatar

Mike Williquette

May 10, 2017

Thank you very much! I appreciate SiteGround's work to add benefits to our accounts that really are a help to us!!

author avatar

Rich...

May 10, 2017

A little too late, you have been sending me resource overage messages for months now and has been the reason I terminated one of my accounts with you. It was out of my control all along and yet you keep taking down my site for these resource overages. Good thing this was a site that saw little or no traffic and didn't really effect the actual sites operation. Glad you did something proactive and might be a good thing for the other sites I maintain with you but it was a little too late to keep me from abandoning your service for one site. Maybe I'll reconsider pulling all the sites I have with you.

author avatar

Hristo Pandjarov Siteground Team

May 10, 2017

That's one of the main reasons we spend a lot of development effort to create this system. It took us months do build it but the results are amazing. I am sure that you won't regret keeping your site with us!

author avatar

Ron

May 10, 2017

Does this mean I don't need to include the bot-blocking code in htaccess?

author avatar

Hristo Pandjarov Siteground Team

May 10, 2017

I would say you can stop using that, you should be protected by our system much better.

author avatar

Kelvin Chege W.

May 14, 2017

What's that code friend? I could use some of that protection too :-)

author avatar

Mohikaani

May 10, 2017

Great news, thanks!

author avatar

Kimball Rexford

May 10, 2017

"Web Hosting Services Crafted with Care?" Check! So glad I switched.

author avatar

Greg

May 10, 2017

Do we have to do anything to enable this on our cloud or it's for all customers by default?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

No, it works out of the box protecting all our customers :)

author avatar

Seyfu Tasew

May 10, 2017

Thank you very much! I appreciate SiteGround's .

author avatar

Seyfu Tasew

May 10, 2017

Thank you very much! I appreciate SiteGround's

author avatar

eve lurie

May 10, 2017

Would this reject bots trying to use the Constant Contact Newsletter signup form on a client's site? I have not been able to get a captcha that works with this Constant Contact form.

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

So far we do not monitor for bots trying to exploit plugins/extensions but that's on the roadmap for future improvements.

author avatar

Kelvin Chege W.

May 14, 2017

Google recaptcha by Bestsoft i think could help with that, and you can use catchall version too. Check it out at WordPress

author avatar

Nyssa

May 10, 2017

What with Cloudflare, then Siteground, then Wordfence, then my own codes in the .htaccess file, bots don't stand a chance! :D

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

I would remove anti-bot measures from .htaccess because they are ineffective but the file content is loaded on each hit :)

author avatar

Kenny Moore

May 11, 2017

I am using the SiteGround version of Jeff Starr's 6G Firewall in htaccess. Are you recommending removing the 6G Firewall, or just a piece of it (if so, which piece?), or is 6G separate from bot blocking and I should leave it in place?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

As far as I can see that firewall tries to match common hack attempts. That's already being handled by our WAF. It's up to you weather to leave it or not but I think most of the rules are already in place on a server leve.

author avatar

Kenny Moore

May 12, 2017

Thank you Hristo. Your quick response and thoughtful advice are much appreciated. I ran some speed tests with and without 6G, did not detect a difference, so I will leave it in place for now.

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

If the effect on performance is minimal/none, keeping it is a good idea, another layer of security doesn't hurt.

author avatar

Lyn

May 10, 2017

Just another reason this is the best hosting company I have ever used! Excellent service!

author avatar

Howard Kelley

May 10, 2017

I have already seen and felt the positive results of your anti-bot warfare...it is a noticeable difference. Through your efforts such as this that I am always comfortable in recommending SiteGround and pleased to renew my annual accounts. You have become a standard by which ALL other hosting system should be measured.

author avatar

David Hubbard

May 11, 2017

Good stuff!

author avatar

PDI

May 11, 2017

I'm really glad that we switched to SiteGround. Best support!!! Thank you!!!

author avatar

Wolfgang

May 11, 2017

I dont wanna ruin the party, but its about time they take responsibility. Me and maybe many others had serious issues in the last months. Even after clarifying the issue several times I got blamed "your site is too successful" by support, though it was clear the traffic was produced by bots. I explained siteground that i see it as THEIR responsibility to keep these bots from "knocking on my door". I explained them that i am not gonna upgrade and pay more for my account for a small website because of issues that i have no control over. Well ... support told me that i can block the bots myself. I would have to sit every day and add thousands of IPs to the blacklist in cPanel. Seriously? Looks like there were more complaints so they added this new feature. Thx for taking responsibility Siteground.

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Hello Wolfgang, you are right that the rise in the cases like yours, where sites receive enormous traffic from bots and reach their resource limits, has triggered the decision to invest in the creation of the new anti-bot system. We want to thank all customers like you, who have been among the first affected from this growing issue for the patience and for helping us become better in dealing with it.

author avatar

Oran Kangas

May 11, 2017

This seems to be a great idea. The only potential downside is load speed. So will this new system slow Google's view of load time?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

No, it will not affect your loading speeds in any way. The Google Bot will never be challenged with a captcha page by our system :)

author avatar

Ridestoke

May 11, 2017

Regarding this captcha page and false positives. That is one of the reasons you have to be mindful of your security level with cloudflare. Too high and you can generate false captchas which is annoying for the user going to your site. How is this solution different? Do we have the option to turn that off since we are already using another solution to prevent brute force attacks?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

There isn't an option to turn this off. The system works globally and protects all our servers and customers. So far, after hundreds of millions of blocked hits we have just 2-3 cases (all very particular in nature) reporting false positives. So you really shouldn't worry about that. Our system is way more precise and configured to work as safe as possible so no human being should ever see the captcha.

author avatar

Arne

May 11, 2017

If you want I can give you a list of thousands of ip addresses that my Akeeba install has blocked and blacklisted for both brute force and uploadsheild attacks over the last year. Literally thousands - most from Russia

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

The great thing about our system is that it updates its blocking database dynamically. Bots change IPs, user-agents, behaviour pattern and simply blocking huge list of IPs doesn't do the trick. However, you should see a decrease in the number of IPs and intrusions blocked by Akeeba as many users already report because they don't even reach it :)

author avatar

Brian

May 11, 2017

Your introduction of an AI based anti-bot system to protect against login attacks to the CMS sounds excellent. Thank you for investing in this upgrade. Regarding another route into user accounts - the CPanel login page. As this page is so easy to access by anyone are there any plans to protect this page better, for example two factor authentication? It would seem sensible to protect all login routes in a similar fashion to those for the CMS itself.

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Thanks for the suggestion, that's something we've been thinking about too!

author avatar

Brian

May 11, 2017

If Siteground could work out a way(s) of doing this on the CPanel login page that would be a huge improvement. I am sure there must be many unauthorised attempts to access user accounts via this route but, certainly on shared servers, owners are probably going to be unaware of these.

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Thanks for reporting that!

author avatar

John Spyrakos

May 11, 2017

Great news !!! Last months I experienced twice, brute force attacks and it seems that your AI antibot approach is the best approach to defend. Keep up the good work.

author avatar

Nishant

May 11, 2017

Great feature! I have currently password protected the wp-admin folder on my Wordpress install. Would it be advisable to keep it password protected or remove that protection?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Keep it password protected! Although we would stop the majority of bots, other attacks may still be possible and password protecting your admin login URL is a great security measure!

author avatar

Nishant

May 11, 2017

Thanks for the reply Hristo! Is it possible to only password protect the admin login URL (wp-login) instead of the entire directory(wp-admin)?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Yes, take a look at this article: https://www.siteground.com/kb/how_to_password_protect_a_single_file/

author avatar

Fabio Schenone

May 11, 2017

Super !! There is a page or something that keep track of the action on a cPanel level ? some kind of report like Akismet ?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Not yet but we're thinking of a page that shows the number of blocked hits.

author avatar

Kristof Gheyssens

May 11, 2017

Our VPS at SiteGround does not come cheap, but with excellent support and now this AI anti-bot protection. It is worth every euro!

author avatar

Gomyitguy

May 11, 2017

Coincident I found your blog...relay it's informative...Thanks, #Hristo

author avatar

Lori

May 11, 2017

This is awesome! I am so happy to have you on my team at keeping my site up and running.

author avatar

steven

May 11, 2017

Way to go SiteGround! Keep up the great work!

author avatar

Frank K

May 11, 2017

Fantastic service! However, I generally don't use Wordpress nor Joomla, which are too bloated for my taste. Does this protection include regular Brute Force login attempts through htpasswd and htaccess too?

author avatar

Hristo Pandjarov Siteground Team

May 11, 2017

Not at this time but we constantly add new mechanisms and criteria to catch malicious behaviour so thanks for the suggestion!

author avatar

Frank K

May 11, 2017

Thank you for your answer Hristo!

author avatar

Regin

May 11, 2017

Thanks! Hope this feature does a great job. I have been seeing hundreds of login attempts on my website by bots: - each attempt Happens every 2 - 5 seconds - tries so many different types of username combinations - Have been tracking a lot of the IPs to Ukraine and similar areas. I haven't seen any attacks within the last week, hope the new AI is able to fend every one of those bots! Cheers!

author avatar

Robin Kiefer

May 11, 2017

We received a lot of spam posts on our wordpress blog - will these measures help reduce these?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

So far we monitor mostly login attempts and not spam comment submissions. However, that's something we've been thinking about. Unfortunatelly, without a plugin on every site like Akismet for example, it would be difficult to detect and get the information about spam comments.

author avatar

Pavel

May 11, 2017

Hi Hristo, does the captcha page require understanding English? Can you show it?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

Well, it is in English but people nowadays are so used to captchas that even if someone doesn't know the language, I think they will be fine. However, we wanted to make sure it's accessible for visually-impaired people.

author avatar

arfan ahmad

May 11, 2017

Already i have activated login security from jetpack by wordpress plugin who prevents from malicious login attempts and stops bruteforce attacks. So far so jetpack has blocked roundabout 6000 malicious logins from my wordpress site. Now! can i uninstall that plugin?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

I would recommend that you monitor the number of attacks blocked by JetPack. If that's the only feature (it's a meta plugin) you're using it for and you notice it doesn't block IPs anymore, you can consider disabling it.

author avatar

Sheila

May 11, 2017

Hristo, off-topic but how do you pronounce your name?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

That question is on top of my WordCamp questions actually :) Google spells it pretty well though: https://translate.google.com/#auto/bg/Hristo

author avatar

Abi

May 11, 2017

This works a treat. I worked on a site recent on godaddy and they had constant persistent attacks many targeting the correct username presumably scraped from author info. Compare this to a site I've just moved to your hosting and they have had hardly any. Keep up the good work!

author avatar

Larry Levenson

May 11, 2017

Love it! thanks for the update about this. After suffering through resource overage messages for 2 months, your techs and I finally wrestled my WPMU sites under control -- but that whole process was SO annoying and stressful! Sound likes this new AI system will really help protect against future attacks. Thank you!!

author avatar

Mark Barnes

May 11, 2017

Does this feature change the address of visitors (perhaps to the IP address of a proxy?). I had wp-login.php blocked for all but one IP address, but now that IP address is getting blocked. I've had to remove the rule to log in.

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

No, it doesn't interfere with request IPs, that's probably your ISP changing IPs.

author avatar

Vic Hardy

May 11, 2017

Wow, great job guys. This is very good news. I've just opened a SG account and am in the process of moving my 35+ sites from Bluehost to SG, mostly because of load times. My SG shared account is faster than my BH VPS. I don't generally add the protection plugins like Sucuri or Wordfence because I'm a plugin minimalist and never felt I needed them, but I do have Sucuri on one site and it gets hammered every day so I assume they all do. So anything you can do to stop these cretins at the outer level is appreciated. Well done.

author avatar

Riley Wright

May 11, 2017

Very proactive of you! Thanks!

author avatar

Chandima

May 11, 2017

Thank you very much. I'm really appreciate you. I had nice Wordpress site but 6 months a go it was compromised on Hostgator server. At that time I had a little idea that siteground can do something better solution for CMS. Now I'm happy about my change from Hostgator to Siteground. Hope you can do much more and thank you once again.

author avatar

Massimo

May 11, 2017

When did the new service start? I just noticed on the logs a large attack on one of my Drupal sites on May 5th - almost 600 requests in a few minutes, IP from China Thanks

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

At the beginning of the month. Note, however, that we may not detect all bot traffic so more targeted attack could have slipped through. However, we are constantly improving the product and add more and more rules and patterns to detect bad bots so hopefully, the next attack would be filtered.

author avatar

Jann martin

May 11, 2017

Is there an additional charge for this?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

No, it's free and already working on all our servers :)

author avatar

Peter La Fond

May 11, 2017

The only thing better than BBQ is.... WordPress on SiteGround!

author avatar

Josè Scafarelli

May 11, 2017

Sorry i don't understand... this new security upgrade is alrady running on all our WP sites or do we have to do something to implement it? Thanks!

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

It's already working and no action is required from you :)

author avatar

Josè Scafarelli

May 16, 2017

THAT's AWESOME!!!!!

author avatar

Corl DeLuna

May 11, 2017

Hi Hristo, For WordPress I use the Wordfence security plugin. Each month they report the top attacking IP addresses they come encounter, for example https://www.wordfence.com/blog/2017/04/march-2017-wordpress-attack-report/ You'll see links to their other reports as well there. I started collecting and adding them to the end of the https://www.siteground.com/kb/prevent-malicious-bots-visiting-website/ .htaccess file each month like: Deny from 107.150.37.26 Deny from 146.0.74.150 Deny from 160.202.162.19 ... I was going to ask support if there was a Find and Replace tool I could use in the cPanel to make this faster. But, then I noticed you saying to other readers that this might be mostly covered by the SiteGround WAF. Is this true? And I won't have to collect and add them to the .htaccess files anymore? Does the WAF protect static websites as well? P.S. As for cPanel security and anything I can use it with, I use https://www.grc.com/passwords.htm to generate near un-hackable passwords. Test them here https://howsecureismypassword.net/ I can't comprehend what 61 quattuortrigintillion years means, but I figure it'll cover me for more than a couple of years. I wish the MySQL Database Wizard accepted more password characters than it does. Please add this to your road map as well. Best Regards, Corl DeLuna

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

Well, we don't just throw IPs in a block list but detect and block them dynanimcally for different period of time on all our networks. If those IPs have hit our servers, most probably they have been blocked. Once we detect bad bot behaviour, we block it per server basis. This means that although we rely on number of web apps to detect failed login attempts, once detected, bots are blocked for everyone.

author avatar

Corl DeLuna

May 12, 2017

So, the .htaccess script at https://www.siteground.com/kb/prevent-malicious-bots-visiting-website/ is now no longer needed? While i'd still use the Wordfence plugin, now I don't need to add Wordfence's top attacking IP's like described above? And SG's new WAF will protect all sites both static or dynamic just as well or even better than if I continued with the two .htaccess steps above?

author avatar

Angelina Micheva

May 15, 2017

Hi Corl, The 6G Firewall and the Wordfence’s top attacking IP’s are good mechanisms for blocking unwanted traffic on your website. You can leave them active as it will not interfere with the AI’s mechanism, and will still add to the security on your website. Our AI will collect and analyze the data from all our servers. Meaning, even if your website is hit by bots that the AI has previously detected on a completely different machine, the same bots will not affect your website as they will immediately be challenged based on the data that has been already analysed.

author avatar

Liz Schneider

Sep 13, 2017

I've moved several sites to Siteground in the past week each time I try to add the Wordfence Optimized Firewall (their WAF), it doesn't do anything. Is there another way to do this or is it not needed because of Siteground WAF?

author avatar

Angelina Micheva

Sep 14, 2017

Hi Liz, Great to hear you have chosen our services for your websites. Please note that our anti-bot AI system operates on server level and aims to prevent brute-force login attempts. Its biggest advantage is that it monitors and analyzes simultaneously the data from all our servers. As a result it is able to detect more efficiently different patterns and malicious behaviour used from bad bots and to block automatically such traffic. The operation of our Anti-bot AI should not affect the use of WordFence WAF on your account. We checked in our system on your case and it appears WordFence WAF is not configured properly. You can follow this guide: https://docs.wordfence.com/en/Web_Application_Firewall_Setup, which includes instructions on how to set it up with SiteGround. If you still experience a problem implementing it, please submit a ticket so our techs can check the issue. In this way they will be able to test things on our end, and make sure we are looking at the correct website where you see the problem.

author avatar

Marx

May 11, 2017

How can I enable the challenge captcha page?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

It's already enabled and working for all our customers :) Hopefully, you will never see the captcha page itself.

author avatar

Marx

May 14, 2017

Thanks for the clarification :)

author avatar

Doug Ison

May 12, 2017

Sweet what hosting plan is this available on? How do we get it?

author avatar

Hristo Pandjarov Siteground Team

May 12, 2017

It's available on all hosting plan and already works to protect your site. No further action is needed from our users :)

author avatar

Jennifer Hoffman

May 12, 2017

Great products and services, wonderful, available, helpful support -- that is what I have received with Siteground after switching from Hostgator where I experienced heavy site down times and long waits for support, sometimes more than an hour. And Siteground goes the extra miles by using their love of technology and really smart people to create customer solutions that solve big problems, like DNS attacks which I have experienced, without changing their service fees. I love siteground, a big thank you from a grateful user.

author avatar

John

May 14, 2017

This is indeed a good news! So just a question, which comes first in action: Anti-Bot filter then C.Flare? before it reaches siteground clients?

author avatar

Angelina Micheva

May 15, 2017

Hi John, CloudFlare offers an excellent Web Application Firewall. Should you choose to activate it, requests sent to websites using the CND through SiteGround will first pass through CloudFlare’s WAF and will be filtered there. Our AI will activate as soon as the request reaches our server. This could be beneficial for your website, as it will be protected by two difference systems.

author avatar

Jacquie Treagus

May 15, 2017

Hello, This unfortunately is not working for me. I am getting spam user registrations. I installed a security plugin and the spam user registrations stopped but then it locked me out the next time I accessed the admin panel. I got help from SG to unblock me and I removed the plugin but now I am getting the spam user registrations again. This isn't my main site but another site I have added to SG (under the same account) - would this have anything to do with it? Do I need to install a security plugin and if so which one would you recommend?

author avatar

Angelina Micheva

May 16, 2017

Hi Jacquie, We would like to clarify that the system is focused on brute-force attacks and blocking bad bots targeting logins. At this time it does not monitor spam user registrations. For this reason it will not be effective towards preventing them. We can recommend you enhance the security of your registration page in order to eliminate them.

author avatar

John Muriel

May 15, 2017

I've seen a steady decline in amount of emails with failed or blocked bot login attempts... which has been great :). What I'm recently seeing is an abnormal surge in the number of daily subscribers to my newsletter. Many have suspicious looking email addresses with anonymous countries. John

author avatar

Ian

May 16, 2017

Great stuff, will keep an eye on the logs to see if we see the reduction! Thanks been looking for server level answer to this problem - you solved it.

author avatar

Jaswinder Kaur

May 28, 2017

I use SiteGround and quite happy with all new technology. Thanks.

author avatar

Moshe

Jun 19, 2017

Is this Anti-Bot still working?? It seems the last few days the Failed Brute-Force attempts on our Magento download folder started again. Thanks

author avatar

Hristo Pandjarov Siteground Team

Jun 20, 2017

Yes, it's working, could you open a ticket in your Help Desk with more info about this so we can investigate and update our system if necessary?

author avatar

Greg

Aug 29, 2017

Yeah its soooo good, that I cannot open my websites, also no matter how many times I write down correct captcha it doesn't allow me to go further - tried all possible browser. Changed IP - nothing works :(

author avatar

Hristo Pandjarov Siteground Team

Aug 29, 2017

Please, post a ticket in your Help Desk, my colleagues will look into it and see what went wrong with your Captcha answers and IP blocking.

author avatar

Eric G

Sep 03, 2017

Seems to be blocking the Tor browser. Entering the Captcha doesn't always work. Failed four times in a row for me.

author avatar

Hristo Pandjarov Siteground Team

Sep 05, 2017

With Tor browser, pretty much every request comes from a different IP. It's widely used for malicous traffic and different hacking attacks. Tor exit nodes are not endless and it's normal that most of them are blocked. Please, use a regular browser in order to avoid such issues.

author avatar

Gary Sonnenberg

Sep 29, 2017

Thanks for this. I've encountered it twice recently when trying to access my own sites. It would be nice if, after I've done the captcha, it didn't show me another challenge page but took me to my site instead.

author avatar

Hristo Pandjarov Siteground Team

Sep 29, 2017

You must have switched IPs. If you solved the captcha you should not have seen it again that soon.

author avatar

Angela

Oct 08, 2017

How can we turn this off for some domains ? Or whitelist IP's from this feature ? The sites we manage were getting hacked quite often ( hacker bots preying on plugin/theme vulnerabilities etc ) and so we now use a cloud based firewall in front of siteground (so providing us with an extra layer of hacker defence) . This gives us the luxury of not having to update themes , plugins , WordPress constantly and yet still stay clean from infections. Of course we update in the end but as we have the firewall covering our backs we can do it in our own time to fit our business schedule. This setup has stopped all the hacking completely and has been working great for months but now since you added this failed login IP tracking all the valid users of the sites are constantly getting catcha pages from siteground ( as the siteground feature is checking the firewall ips instead of the visiors ips). This is of course very annoying to valid users and puts them off ftom using the sites. We were not facing any issues with brute logins before so you can imagine that now with all visitors incorrectly get captchas ftom siteground is really off putting . Can we turn it off or whitelist ips for some domains?

author avatar

Hristo Pandjarov Siteground Team

Oct 09, 2017

You can request from our support team to disable it for your account. Please, post a ticket in your Help Desk about this.

author avatar

Andy Renals

Oct 13, 2017

Hi Hristo, I'm using Gravityscan which is now failing to obtain a connection to my site. When I do a manual scan I'm told that my scan results may be incomplete or inaccurate due to security software (SiteGround Anti-Bot) used by this site. Is there a work around? Andy

author avatar

Hristo Pandjarov Siteground Team

Oct 16, 2017

Please, post a ticket in your Help Desk, our support team will help you out with that.

author avatar

Kevin

Oct 14, 2017

How can I whitelist the Gravityscan bot? They are telling me that the SiteGround Anti-Bot is blocking requests.

author avatar

Hristo Pandjarov Siteground Team

Oct 16, 2017

Please, post a ticket in your Help Desk and our support team will help you out.

author avatar

Andy Renals

Oct 20, 2017

The response from the support team is that on a shared server there are two options. Option 1 disable Anti-Bot on my domain and sub domains entrusting things to Gravityscan. Option 2 we have to assume is to rely on Anti-Bot and disable GravityScan since it can't be white-listed.

author avatar

Hristo Pandjarov Siteground Team

Oct 24, 2017

We've worked with the Gravity scan team to make it work without our Anti-Bot system to block it. Everything should be working fine now on your end :)

author avatar

Tamas

Dec 21, 2017

Great news. Does it mean that I do not need to use Loginizer on every WP installation because your new anti-bot system makes it unnecessary? It would be great :)

author avatar

Angelina Micheva

Dec 21, 2017

Hi Tamas, The logic behind our system resembles the functionality of the Loginizer plugin. Your sites will be always be protected on our servers via the AI system and it is working on a global level to keep them safe. In case you want to have more control in managing this process for the websites you can use the plugin as well. Regards, SiteGround Team

author avatar

Frank

Jan 22, 2018

Hi We have migrated an old forum to a new bbpress/wordpress version hosted on Siteground. We have users on our site that is generally very picky about protecting their privacy from eavesdropping from anyone, simply by principle. The number of such individuals are clearly on the rise. They use among other solutions, TOR and have never experienced problems with other sites. BUT they have just about given up our site which is very unfortunate as they are among the largest contributors to our forum. The problem is that they end up at your anti-bot-ai Captcha - which is fine and completely acceptable - but when they solve the captcha they are not referred back to the site, but are presented with a new captcha endlessly. Their ip seems not to be blocked as they gain acces if they manually enter the original URL after solving the captcha!?!?! Do you have an explanation for this behaviour? It must be possible to redirect correctly by issuing a cookie that the browser can present or similar (I am no security expert) (which would be acceptable for the users in this particular situation as would be part of encrypted information) How can we ensure that legitimit TOR users can use our site? Just telling them to use an unsafe browser is considered rude - we have tried that .-( best regards,

author avatar

Hristo Pandjarov Siteground Team

Jan 22, 2018

The Tor browser makes requests constantly switching IP addresses. It is widely used by people who want to do malicious tasks without being detected. Although many, Tor has finite number of IP addresses and due to its regular usage, those addresses get blocked very, very fast. The problem comes from the fact that Tor uses a torrent like technology to make requests from a variety of IPs. Usually, if a regular user is presented with a captcha and solves it, they will never see the challenge again. We have very, very little false-positives with that system. However, due to the constant IP change for requests, users keep getting challenged with captcha. We can't risk the security of our customers and allow IPs that have been used for malicious reasons to access our servers. I would recommend that you advice your visitors to use a regular browser when visiting your site.

author avatar

Frank

Jan 22, 2018

thanks for the answer, did not give me any explanation why solving the captcha does not redirect back to the site as it should. And it sounds like a contradiction to me - you DO actually let people in from the TOR network - the captcha redirection is just not working. as I stated - "Their ip seems not to be blocked as they gain access if they manually enter the original URL after solving the captcha!?!?!" (i.e. removing the "./well-known/captcha...." that is appended and which I assume is your anti-bot-ai) So if the user can manually enter the URL after solving the captcha - why cant the captcha page send the user to our site??

author avatar

Hristo Pandjarov Siteground Team

Jan 23, 2018

That looks like an application issue, once solved the captcha, the user is redireted to the originating URL. However, if that URL is restricted for logged in users for example, it may redirect to the index. Please, email me at hristo.p at siteground.com with exact URLs to test with and I will be able to give a more concrete answer.

author avatar

Martin

Jan 29, 2018

Hi, I've been made aware of this post by Siteground support. I discovered that the security system is blocking my CDN occasionally. So the support is giving me the option of disabling the security which i would prefer not to do. I've been told i can't whitelist my cdn ips. I'm new to Siteground and find this to be a puzzling situation. Surely i should be able to use a cdn with Siteground? Why would my cdn (BunnyCDN) be getting blocked? Support told me it could be due to the cdn sending a large number of requests to the server, but that would happen with any cdn. Does this mean i have to move hosts now?

author avatar

Hristo Pandjarov Siteground Team

Feb 02, 2018

We have ways to whitelist known providers that do lots of requests to our servers. Due to the nature of the CDN service false positive block may occur. I will forward this to our team and contact BunnyCDN to get more info about their networks and see what can be done.

author avatar

Martin

Feb 11, 2018

Hi Hristo, I spoke to BunnyCDN and they told me Siteground has been in touch and will implement a fix so that the cdn won't be blocked. Would you be able to check with your team when this fix will take effect? I've currently had to ask support to disable the anti-bot ai system on my account, but would like to re-enable it at the earliest possible opportunity once the fix for BunnyCDN takes effect. Thanks

author avatar

Hristo Pandjarov Siteground Team

Feb 12, 2018

Yes, we've figured this out last week, they are using a header that we will monitor. We will not block their IPs, however, will still manage to block offending addresses (the origin ones) if they have malicious behaviour on our servers. So that should be working just fine now.

author avatar

Martin

Feb 13, 2018

That's great to hear. Just so I understood correctly, it's now safe for me to re-enable the anti bot system as it will no longer block BunnyCDN IPs? Thank you for checking up on this!

author avatar

Hristo Pandjarov Siteground Team

Feb 13, 2018

Yes, it should work fine with all BunnyCDN users!

author avatar

Steve

Mar 07, 2018

I've been blocked from all my sites on my account. How do I clear it. I've already tried clearing my browser cache.

author avatar

Hristo Pandjarov Siteground Team

Mar 08, 2018

Our Anti-bot system chalanges requests with captcha it does not block IPs. If you've been blocked, other systems have most probably noticed some malicious requests coming from you. Please, open a ticket in your Help Desk so we can assist you further.

author avatar

Eric

Apr 16, 2018

I can't even log into my own admin because of this "feature". I understand why it was implemented but it is very bothersome to me and my customers. The logic is we shouldn't have enter a captcha in the first place. This should all be done in the background. Your AI needs to be tweaked at the very least. Prompting everyone to enter a captcha and then white-listing IP addresses doesn't sound like good AI to me.

author avatar

Hristo Pandjarov Siteground Team

Apr 17, 2018

Not everyone is prompted with a CAPTCHA. If you see it, this means that there's malicious traffic or traffic considered malicious coming from your IP address. Even then, you should see it once. If this happens again, please post a ticket in your Help Desk providing your IP address and our team will look into it further.

author avatar

Marty

May 06, 2018

Hi Hristo, I would like to provide some feedback on the AI defence system and hope that you could pass it onto the developers to consider for a future update? I noticed in my logs i had 43 requests, over a period of 30 minutes, to /wp-admin/admin-ajax.php This is obviously not human activity, and i think the defence system should be able to detect things like this and prevent them. Thanks

author avatar

Hristo Pandjarov Siteground Team

May 09, 2018

That could easily be an opened tab in a browser logged into your backend, also known as the WP Heartbeat. That's not a login attempt, so you shouldn't be worried about it :)

author avatar

Raul

Aug 28, 2018

Your bot isn't letting me log in

author avatar

Hristo Pandjarov Siteground Team

Aug 29, 2018

The bot challenges you with a captcha when detects you as maliciout load. Unless you're using a Tor browser or similar, that shouldn't be a problem. For further assistance, please contact our technical support team.

author avatar

Miko

Sep 18, 2018

Hi Hristo, We recently transferred to SG and so far everything has been very smooth and support is great. A recent challenge, however blocked Google bot from crawling our CDN files. We use MaxCDN for our static content and our xml sitemaps are reference links to the CDN location of our files. When Googlebot tires to crawl our images for example, CDN logs show error: 502. Your anti-bot AI was blocking the requests because they were originating from MaxCDN IP ranges but not Google IPs. This sounds fine, however I expect MaxCDN to be whitelisted being a recognized CDN provider. The support guys acted quickly and whitelisted our domain in your anti-bot AI as a workaround. We really would like to take full advantage of your services and turning off anti-bot AI should not be the permanent fix in this case. Any help is appreciated! Thanks! p.s. Our account is hosted in your UK location.

author avatar

Hristo Pandjarov Siteground Team

Sep 19, 2018

Thanks for your feedback, I will discuss this with our devops team and see if we can whitelist their IPs globally.

author avatar

Miko

Jan 22, 2019

Hi Hristo, Just checking if MaxCDN has been whitelisted in your anti-bot system? Thank you very much!

author avatar

Hristo Pandjarov Siteground Team

Jan 23, 2019

We did update some rules and issue shouldn't happen anymore. Do you still have problems with that?

author avatar

Miko

Jan 23, 2019

SG Support team whitelisted our domain in the anti-bot system as a workaround. If the MaxCDN IP ranges were whitelisted when I think it should be safe to re-arm the AI again but do not want to experiment.

author avatar

Hristo Pandjarov Siteground Team

Jan 24, 2019

Whitelisting a wide range of IPs is not the best way to do that because there's no guarantee that all the traffic coming from them is legitimate. We're getting fewer and fewer false-positives from the system and constantly improving its filters is much better in the long term.

author avatar

Shelly Haffly

Nov 15, 2018

I'm currently in the middle of developing a site and have been kicked out with this bot message - in the middle of working. Followed by another one, when I went to a different client site to update something else. Maybe the settings need to be eased up some. This is ridiculous.

author avatar

Hristo Pandjarov Siteground Team

Nov 16, 2018

That's strange, once you solve the captcha from that address, you should not see it again for quite some time. Could you open a ticket in your Help Desk next time this happens so we can investigate and solve that.

author avatar

Herman

Nov 15, 2018

seems like this is interfering with ezoic ad testing. Is there a way to white list ezoic?

author avatar

Hristo Pandjarov Siteground Team

Nov 16, 2018

Thanks for reporting that, could you open a ticket in your Help Desk regarding that so we can troubleshoot with exact data and see what's triggering it exactly.

author avatar

Stuart Wilson

Nov 30, 2018

Can you please stop using this on my site. If it continues, I am cancelling my siteground subscription.

author avatar

Hristo Pandjarov Siteground Team

Dec 03, 2018

If you're experiencing issues with our anti-bot system, please open a ticket in your Help Desk, my colleagues will assist you further.

author avatar

Jean-François Cloutier

Feb 03, 2019

You should add geo local language, and be carefully about VPN traffic, because i get « Our system thinks you might be a robot!» when im connected to my VPN, and also i get a english langage message when my site is FRENCH!

author avatar

Hristo Pandjarov Siteground Team

Feb 04, 2019

The AI system cannot know the language of your site, it detects pattern, considered bot traffic and shows a generic captcha in English. I am sorry for the inconvenience but I am sure your normal French visitors will never see that message.

author avatar

GG

Feb 18, 2019

over the past week or two, i have gone from 3-4 failed and blocked login attempts per week to about 20 failed log ins per day, and that is with IP blocking on the 3rd failed attempt... doesn't seem to be working. Using wordpress and limit login attempts plugin...

author avatar

Hristo Pandjarov Siteground Team

Feb 19, 2019

3-4 failed login attempts per week cannot be considered as brute-force attak, nor 20 per day. That's way too low threshold for banning an IP from our system.

author avatar

Jes C

Feb 25, 2019

This makes working on client sites an absolute pain in the you-know-what. While the concept is solid, tThere needs to be an option to disable/enable it within the cpanel. It's absolute hell when I have to enter a captcha every time I try to view changes made.

author avatar

Hristo Pandjarov Siteground Team

Feb 26, 2019

Please, open a ticket in your Help Desk, something you're doing is triggering the AI system. Once you solve the captcha you shouldn't see it again unless the same rules are triggered.

author avatar

Theodore Hildebrandt

Feb 25, 2019

I'm getting this captcha screen on every page load. It's frustrating. How do we turn it off?

author avatar

Hristo Pandjarov Siteground Team

Feb 26, 2019

Please, post a ticket in your Help Desk so we can look into it.

author avatar

Frederico

Mar 12, 2019

I need this to be in portuguese, my customers believe that my website is the problem when they see this challenge in english.

author avatar

Hristo Pandjarov Siteground Team

Mar 14, 2019

I am afraid we cannot internationalize that message. However, your customers should not see that captcha challenge if it's a legitimate traffic.

author avatar

Andy

Mar 13, 2019

Is good that you allow to disable this anti-bot AI for entire website, otherwise can be a real problem. Ezoic ad network has thousands of IPs that were blocked, if they change some IPs and traffic is blocked is not good at all - can be a reason to choose another hosting. So is good to let the possibility to turn it off (good to make the option in CPanel too).

author avatar

Hristo Pandjarov Siteground Team

Mar 14, 2019

You can always open a ticket in your Help Desk and request the protection to be stopped for your account. However, the system works for quite some time now and false-positives are very, very rare. So I think it's better to provide us with IPs you believe are incorrectly blocked so we can investigate further.

author avatar

Kristof Gheyssens

Sep 19, 2019

they don't seem so very, very rare. Client of ours had several people in the company who all got the captcha, not just one user.

author avatar

Hristo Pandjarov Siteground Team

Sep 20, 2019

Any chance they work in the same office? We block IPs so that's to be expected if one triggers the captcha with multiple incorrect login attempts for example, the rest to be challenged with it too.

author avatar

Thom

Apr 21, 2019

There's got to be a better way. I'm not doing a captcha to read an article, I'll just move on. It also stopped me from making a purchase recently. The system thinks I might be a robot? Absurd. But then you don't need my money.

author avatar

Hristo Pandjarov Siteground Team

Apr 22, 2019

People should not see a captcha in first place if the traffic is legitimate. It's difficult to get your IP flagged unless there's malicious traffic from it so I would not be worried about your customers having to solve it.

author avatar

Darius

Jun 05, 2019

Great idea but its very bad for the visitors. They will just back out instead of doing the captcha to read, view, or purchase. I requested the feature to be taken off of my account. I recommend this not being a default feature on the accounts. Let your customers use something else like Cloudflare that focus on fighting bots.

author avatar

Hristo Pandjarov Siteground Team

Jun 07, 2019

Normal users should never see the captcha challenge. It requires detected malicious activity to blacklist an IP address and those lists are constantly updated. This service saves tons of hosting resources to customers from bad bot traffic and I really don't recommend turning it off. By the way, Cloudflare use captcha to confront bots too.

author avatar

Prashant

Jun 16, 2019

Can the AI anti-bot be made intelligent enough to whitelist traffic from popular speedtest tools such as GTmetrix & Webpagetest? Its difficult to measure speed of our sites when we see siteground captcha validation while testing speed of our website. I raised a support ticket also, but it isn't helping

author avatar

Hristo Pandjarov Siteground Team

Jun 18, 2019

We are not blocking that traffic. It's something with your particular account and we've already replied to your ticket :)

author avatar

Ilyes

Oct 12, 2019

Also, you should at least whitelist traffic coming from search engines, i activated a VPN on incognito window to check how my website is performing, i clicked my website link on google search results and i found robot challenge screen.

author avatar

Hristo Pandjarov Siteground Team

Oct 14, 2019

Search engines do not get challenged with captcha. However, it seems your VPN address has been used for activities, marked as malicous by our system, thus the captcha screen.

author avatar

Sourav

Dec 06, 2019

Hi Hristo, While your intentions are good, the BOT challenge page being served to even human traffic is a big put off . An eCommerce client of ours has lost traffic and visitors . Their FB campaigns have sent visitors to the website who see a Captcha page instead. So it seems the AI cant distinguish yet traffic correctly. My client might shift his hosting to another provider if no there is no resolution.

author avatar

Hristo Pandjarov Siteground Team

Dec 06, 2019

Our AI service does not block IPs unless there are malicious traffic coming from that. This said, please open a ticket in your Help Desk and provide my colleagues with details about the issues so we can investigate and see what can be done.

author avatar

JTurner

Dec 18, 2019

Completely agree with SOURAV. This should be opt-in only.

author avatar

Marina Yordanova Siteground Team

Dec 19, 2019

Hello JTurner, thank you for your comment. Currently, you cannot opt-out of it, but our team will be able to assist you if you should stumble upon a particular problem with the anti-bot AI. So, please be sure to post a ticket to our Support team.

author avatar

Scott

Jan 07, 2020

Can you at least make the captcha page redirect to the original requested page instead of going to the root domain. For whatever reason you think the company I work for is a bot, but the most annoying thing is having to enter the captcha and then go back to google and reclick the link.

author avatar

Hristo Pandjarov Siteground Team

Jan 08, 2020

The system is indeed configured to redirect to the requested page after successfully solving the captcha. If it redirects to your homepage, most probably there's something within your site config doing it. Furthermore, please note that we don't start challenging with captcha unless numerous bad login attempts are made per time frame, so normal traffic should not be affected. Make sure your saved passwords are up-to-date and if there isn't any software generating incorrect logins on your network. If the issue persists, please contact our support team with a ticket and we will investigate further.

author avatar

Nick

Mar 03, 2020

Hi Hristo, One of our Woocommerce sites recently experienced a 'carding attack', and our payments company suspended our account until we installed reCAPTCHA on our Checkout page. Would your servers be expected to pick up on this traffic, or is this sort of attack out of its range?

author avatar

Hristo Pandjarov Siteground Team

Mar 04, 2020

Right now we monitor login attempts mostly and since there's no failed signups it must have went pass our filters. If you could send me more detailed info at hristo.p [at] siteground.com it would be highly appreciated, we always add new rules and improve our systems to detect malicious traffic better.

author avatar

Nick

Mar 04, 2020

Thanks Hristo - I've raised a support ticket too, and I'll email you an update.

author avatar

Kris

May 08, 2020

Are you guys the original designers of this anti-bot software? I ask because I get caught at these pages all the time. I have no issue with the idea of entering a code as it only takes a moment, but there are 2 primary problems. 1. If it accepts the code it never takes you to the original url you were trying to go (from the search engine). 2. Many times (More times than not for me) it doesn't accept the code. It says "Incorrect Code". I can enter the correct code every time and it will never work. I have one site I entered the code it asked for about 8 times in a row before I gave up. I have gotten to the point now that if I am going to purchase something and that bot thing shows up I just buy elsewhere, or use another sites service. I understand the Antibot thing 100%, but when you are turning away customers and provide them no way to bypass you are effectively tanking legitimate users.

author avatar

Hristo Pandjarov Siteground Team

May 11, 2020

This can only happen if you are behind a proxy that handles each request through different IPs and those IPs are all blocked by out Anti-Bot system. Otherwise a single captcha solving is enough. Please, post as ticket in your Help Desk with detailed information regarding your particular case and we will look into it. We do not block legitimate users and this is not something you should be worried about.

author avatar

Kris

May 12, 2020

I appreciate the reply. It looks like technical support is for customers, but as I am not one I will put in a message with sales and see if it gets to the right department. Thank You!

author avatar

Ola

May 16, 2020

Please how can i disable this on my site. Whenever i enter the captha, it keeps giving me another to enter.

author avatar

Hristo Pandjarov Siteground Team

May 18, 2020

Please, check if you don't have any software generating incorrect logins, like an FTP app for example. If you think your network is marked incorrectly, please contact our support team.

author avatar

Krishna

May 21, 2020

What a mess.... i cant see my website. I entered dozen of times the characters on recaptcha. Nothing. Zero. Nada. I had to register on my Siteground Hosting account to see my page. What about other people?

author avatar

Hristo Pandjarov Siteground Team

May 22, 2020

Make sure you're not using some browser stripping cookies like the Tor browsers. Once solved, the captcha should not be shown to you for at least 24 hours. Most probably other people do not have problems since they are not originating from your IP. In addition, check if some software logging into your account is not generating incorrect logins.

Comments for this post are now closed.