Website Attacks

Albatross · Sep 27, 2016

Do you guys ever get attacks on your websites? So far today, my Jetpack plugin has blocked 479 malicious attempts, and several of the usernames have been locked out. I assume that the attacks are automated and coming from overseas. There isn't much data to be stolen from my website, so I can't imagine I was targeted that specifically.

Does anyone else deal with this?

kittmaster · Sep 27, 2016

What platform?

Albatross · Sep 27, 2016

kittmaster said:
What platform?

The site is built on Wordpress.

ittigger · Sep 27, 2016

WP has been having quite a few attacks. I forgot what the vulnerability was - but hopefully they have patched their stuff.

Albatross · Sep 27, 2016

ittigger said:
WP has been having quite a few attacks. I forgot what the vulnerability was - but hopefully they have patched their stuff.

I'm up to date on the WP software, and I just made sure all my plugins were up to date too.

ittigger · Sep 27, 2016

Make sure your using strong passwords too and not basic usernames.

Proformance · Sep 27, 2016

I think it would be the server that's a target - not your website specifically. Just collateral damage.

ittigger · Sep 27, 2016

Could be a random target but could also be a domain wide attack.

kittmaster · Sep 28, 2016

The new spambot tools are getting more intelligent, are you using Google Captcha for form registration?

rickryan.com · Sep 28, 2016

I'm using SquareSpace. No issues.

Albatross · Sep 28, 2016

kittmaster said:
The new spambot tools are getting more intelligent, are you using Google Captcha for form registration?

I do have a simple math problem on my contact form which has been effective, as I don't get much spam there.

This was an actual attack on my logins. There are 4 registered users for my website, 2 for the company that built it, 1 for me, and 1 for a member of my team. 3 of the 4 experienced lockouts from too many failed attempts yesterday. So whatever it was had gotten further than just trying "Admin" as a username. It has my actual username and was trying to get into it.

kittmaster · Sep 28, 2016

They must be using some SQL injection method to get a user list dump based on user access privilege. You really should be asking these questions on WordPress's forums as they will have more real time data to guide you what to look for an how to combat it. I'm sure your not the only one who is getting hit in this way. Good luck, keep us updated.

Dan The Man · Sep 29, 2016

WP is constantly attacked. It's one of the most widely used platforms on the internet. /wp-admin is one of the first URLs the script kiddies and hackers try. Several of my non-WP sites including ODJT show attempted hits to /wp-admin. So long as your username isn't 'admin' (the default user account) and your password is decent you'll be fine.

I usually lock down WP with All in One Security and Firewall. There are quite a few "firewall" and security plugins most of the popular ones offer a similar feature set; AiO is just the plugin I'm more familiar with. One particularly useful setting is changing the admin URL via the Brute Force area of this plugin. I'm happy to post the default ruleset I use it just has to be scrubbed of my email address for notifications.

DjDennis · Dec 31, 2016

also there are these books to read!!!
only one of many I have here

Search

Search

Website Attacks

Albatross

DJ Extraordinaire

kittmaster

ABPDJS

Albatross

DJ Extraordinaire

ittigger

Hundred Acre Industry Icon

Albatross

DJ Extraordinaire

ittigger

Hundred Acre Industry Icon

Proformance

DJ Extraordinaire

ittigger

Hundred Acre Industry Icon

kittmaster

ABPDJS

rickryan.com

DJ Extraordinaire

Albatross

DJ Extraordinaire

kittmaster

ABPDJS

Dan The Man

Administrator

DjDennis

RIP- My Dad (2011), Sister (2013) and Mum (2017)