Notice to all members: our hosting service (and probably some others) have been under brute force attacks from malicious forces (probably faeries–always blame faeries).
Here’s what Arvixe’s page had to say:
“Due to a recent large scale WordPress wp-login.php brute force attack coming from an extremely large amount of IP addresses with no geographical or specific range or signature, we’ve been forced to take immediate action to attempt to alleviate some of the load being generated by this. Arvixe as well as any other hosting provider providing PHP and WordPress hosting is being impacted by this. (…)
“What we are doing:
“Two days ago, in an attempt to provide immediate relief, we sent out Linux server changes which throttled refreshes and login attempts to all wp-login pages. This method proved to be effective for about a 24 hour period. As the attack worsened, it started becoming apparent that each IP making the request was no longer making more then 1-2 attempts every couple minutes, masking the “attack” as typical traffic but the issue then became that such a large assortment of IP’s are being used. As such, using mod_security, about 15 minutes ago, we pushed out a rule to return “406 not acceptable” for any attempts to browse to a “wp-login.php” file.
This change should prove to be temporary until we can roll customers being impacted by this into CloudFlare whch has been able to successful identify a signature and is scrubbing traffic as we speak.”
So in short, there’s nothing I can do to fix this. They don’t have an ETA, but they’re on top of it. Service will be restored as soon as possible.
Thanks for your patience and understanding.