What is StackProtect?

Web Hosting
Chris Wright
Published: 1 December 2022Last updated: 26 October 2023
Share:

You or your customers may have come across this message when visiting your website hosted with us: 

"To help us keep this website secure, please wait while we verify you're not a robot! It will only take a few seconds..."

But what does the message actually mean? Well, this message likely means that your HTTP request has been challenged by our bot protection, StackProtect

In this article, you’ll learn about what StackProtect is – and how it keeps your website safe. 

What is StackProtect? 

StackProtect is our bespoke security system designed to keep your or, if you are a hosting reseller, your customers, websites secure against malicious attacks and suspicious activity.   

This is done by presenting suspicious requests with a simple CAPTCHA to verify the user is genuine and not a bot. Once a visitor has passed the CAPTCHA check, their IP address is automatically whitelisted for 48 hours by all sites across the 20i platform.  

So the IP won’t hit StackProtect again during this time. It checks for potential ‘evil’ bot requests – and if they are detected, then it uses Google’s latest reCAPTCHA to block those requests.  

When is StackProtect raised on a request? 

Password focused attacks 

Perhaps the most common way to compromise a website is to guess the login password to the website’s content management system, e.g., /wp-admin for a WordPress website. Usually, malware will use trial and error approach to try to crack your website's password, known as brute force attacks

It may also start by rotating through different variations of the most commonly-used passwords, known as a dictionary attack. 

Suspicious networks  

StackProtect also monitors for requests from IP addresses that we’ve classified as ‘suspicious’. These are normally IP addresses that we’ve identified in the past as being used in fraudulent or suspicious activity.  

For example, this might be an IP address that we’ve seen perform DDoS or brute force attacks in the past. 

DDoS attacks 

 
A distributed denial-of-service (DDoS) attack is a malicious attempt to disturb the routine traffic of a server or network by overpowering the server or its infrastructure with a flood of layer 7 HTTP traffic from an array of different networks/clients. 

These networks involve computers and other devices (for example IOT devices) which have been malware-infected, permitting them to be controlled by the hacker. These devices are referred to as bots and a cluster of bots is referred to as a botnet. 

Note: To learn more about our other security features visit Secure Hosting

What should I do when StackProtect is triggered? 

Most of the time, the CAPTCHA warning should disappear within a second or two once StackProtect has verified you aren’t a bot and you’ll be able to view the site.  

However, if you continue to be prompted with the CAPTCHA verification and believe the challenge should not be triggered for a particular user, then it’s possible that either the site is still under a HTTP flood – or your request is being flagged as suspicious.  

In these cases, we’d recommend reaching out to our technical support team so that they can provide you with more information as to why your specific request is being challenged. 

Why do I see a 401 error when making a remote connection to my site? 

You may find that you see a 401 error when attempting to make connections to your site from third-party applications. For example, this could include services such as ‘SEO audit’ website crawlers.  

When this happens, it’s normally the case that StackProtect has identified that the request may be malicious and is blocking it. This normally happens when a number of requests have been made into our network from a bot using the same IP address.  

Many of the most common SEO crawlers and similar services are already whitelisted across StackProtect – but if you do see a 401 response on your request then please reach out to our support team. They’ll  be able to confirm whether or not the 401 error is down to StackProtect, and potentially whitelist the IP address or UserAgent that you’re seeing the issue with  – or they can point you in the right direction if it’s not!