Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: Brute Force Attacks On WordPress Underway

  1. #11
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    14,839
    Likes (Given)
    244
    Likes (Received)
    493

    Default

    Funny Harold about locking yourself out of your site. I'm not afraid to admit I've done the same thing. In fact early on here I was blocking an IP address through the admin side of the forum, but I had accidentally copied my own IP address and so I blocked myself. I was going to dig through the database and fix things, but instead I just restarted my modem and had it assign me a new IP.

    With the guy trying to break into your site, did you try blocking the entire C-Block of IPs?
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

  2. #12
    hello world Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,235
    Likes (Given)
    996
    Likes (Received)
    931

    Default

    Quote Originally Posted by vangogh View Post
    Funny Harold about locking yourself out of your site. I'm not afraid to admit I've done the same thing. In fact early on here I was blocking an IP address through the admin side of the forum, but I had accidentally copied my own IP address and so I blocked myself. I was going to dig through the database and fix things, but instead I just restarted my modem and had it assign me a new IP.

    With the guy trying to break into your site, did you try blocking the entire C-Block of IPs?
    No, I didn't feel the need to do that. Besides, he started bouncing around probably with proxies. Some coming from Israel, Turkey, Georgia, and then San Francisco.
    Although I could probably block Russia, Afghanistan, Pakistan, India (maybe), Sri Lanka, Tajikistan, and The Ukraine completely and not miss one lick of legitimate traffic.
    Last edited by Harold Mansfield; 07-12-2013 at 12:27 AM.
    WordPress Support WordPress Security Seeker.One

    "It takes less time to do a thing right, than it does to explain why you did it wrong." -Henry Longfellow

  3. #13
    Member Needs New Keyboard Array Brian Altenhofel's Avatar
    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    900
    Likes (Given)
    109
    Likes (Received)
    180

    Default

    A lot of those proxies (like known Tor exit nodes) end up on RBLs really fast. I've got one site that somehow got targeted for spam (services like Mollom and Recaptcha caught 99+% of it, but still had 40+ comments/emails get through per day... on a site that has a normal traffic rate of only 1,500/mo). Finally ended up taking the super-aggressive approach and making the server invisible to any IP that has a certain score or higher. And yes, the client was made aware of the potential side effects of such an aggressive approach.
    || VMdoh - Drupal development, consulting, and support

  4. #14
    hello world Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,235
    Likes (Given)
    996
    Likes (Received)
    931

    Default

    I had to learn the hard way how malicious it can be on the web. It's amazing to watch someone from the other side of the world target your site for hours. Trying over and over to basically guess your password or find a way in. Or to backtrack a relentless comment spammer to the country they're sending from.

    People that try and tell me that they use a particular kind of publishing software, or coding and therefore no one ever tries to gain access to their site aren't exactly being 100%. There is no publishing software that is going to scare a hacker in Russia, or be something that he's never seen before so he gives you a pass.

    Small time hackers, spammers, and people looking for places to do malicious installs are all over the internet by the thousands and they try every site they see...like a robber that turns every door knob he walks past. Everyday. All day long. It's non stop. Malicious bots roam the web freely looking for weak spots like pigeons in a park full of statues.

    Depending on what security software you have installed, you may not SEE every attempt, but it's happening. If it's not your site specifically, it's the server that your site is hosted on which they're targeting through one of the hundreds of other sites on that same server.

    I've talked to my host and other hosts for years that tell me that it's constant. Sure, most hosts block or thwart 99% of the Amateur stuff so that you, the site owner, never see any of it...but to have a live website on the World Wide Web and think that no one, or nothing has ever tried to gain access to your website is living in fantasy land. It's the World Wide Web. That's what they do. And much of it is automated.

    Now, if your site is not known by anyone, hosted all alone on a dedicated server, uses no 3rd party scripts, not linked to from anywhere, and gets no traffic...then maybe you've managed to get lucky up until now. But it's luck. It's not the Joomla Gods protecting your site with a magical invisible shield that keeps all attempts at bay.

    If they see you, they will try you. They may move on because it's not easy, but don't walk around thinking that you are immune or one day you'll be like those people on TV that always get on the news after something bad happens with, "This is such a safe neighborhood. We never thought something like this could ever happen here.".
    Last edited by Harold Mansfield; 07-12-2013 at 02:01 PM.
    WordPress Support WordPress Security Seeker.One

    "It takes less time to do a thing right, than it does to explain why you did it wrong." -Henry Longfellow

  5. Likes vangogh liked this post
  6. #15
    Member Needs New Keyboard Array MyITGuy's Avatar
    Join Date
    Apr 2011
    Location
    Miami, FL
    Posts
    976
    Likes (Given)
    42
    Likes (Received)
    82

    Default

    Quote Originally Posted by Harold Mansfield View Post
    You know, people that try and tell me that they use a particular kind of publishing software, or coding and therefore no one ever tries to gain access to their site aren't exactly being 100%. There is no publishing software that is going to scare a hacker in Russia, or be something that he's never seen before so he gives you a pass.

    Small time hackers, spammers, and people looking for places to do malicious installs are all over the internet by the thousands and they try every site they see...like a robber that turns every door knob he walks past. Everyday. All day long. It's non stop. Malicious bots roam the web freely looking for weak spots like pigeons in a park full of statues.

    Depending on what security software you have installed, you may not SEE every attempt, but it's happening. If it's not your site specifically, it's the server that your site is hosted on which they're targeting through one of the hundreds of other sites on that same server.

    I've talked to my host and other hosts for years that tell me that it's constant. Sure, most hosts block or thwart 99% of the Amateur stuff so that you, the site owner, never see any of it...but to have a live website on the World Wide Web and think that no one, or nothing has ever tried to gain access to your website is living in fantasy land. It's the World Wide Web. That's what they do. And much of it is automated.

    Now, if your site is not known by anyone, hosted all alone on a dedicated server, uses no 3rd party scripts, not linked to from anywhere, and gets no traffic...then maybe you've managed to get lucky up until now. But it's luck. It's not the Joomla Gods protecting your site with a magical invisible shield that keeps all attempts at bay.

    If they see you, they will try you. They may move on because it's not easy, but don't walk around thinking that you are immune or one day you'll be like those people on TV that always get on the news after something bad happens with, "This is such a safe neighborhood. We never thought something like this could ever happen here.".
    Agree with this! Even if your site has no links and is not found anywhere on the web, people run port scans across IP Blocks all day long and they will find you eventually.

    My web servers see thousands of port scans (I'm looking at 1,189 alerts from the past 12 hours alone) and people trying to guess passwords to random accounts on a daily basis, and I have my servers set to block IP addresses after 3 failed login attempts or a certain # of ports being scanned in a certain timeframe. I'm just a small time hoster so that hopefully gives people a sense on the volume that we see.
    Jeff Tysco President Cingular, Inc.
    Business Class Hosting Services
    Your Total IT Solutions Provider

  7. Likes Harold Mansfield liked this post
  8. #16
    hello world Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,235
    Likes (Given)
    996
    Likes (Received)
    931

    Default

    Quote Originally Posted by MyITGuy View Post
    Agree with this! Even if your site has no links and is not found anywhere on the web, people run port scans across IP Blocks all day long and they will find you eventually.

    My web servers see thousands of port scans (I'm looking at 1,189 alerts from the past 12 hours alone) and people trying to guess passwords to random accounts on a daily basis, and I have my servers set to block IP addresses after 3 failed login attempts or a certain # of ports being scanned in a certain timeframe. I'm just a small time hoster so that hopefully gives people a sense on the volume that we see.
    So happy to hear someone in the industry and who deals with this stuff all of the time, confirm. I've been trying to tell people I know this for years, but since they don't see it, they think I'm just being paranoid and their website is the fortress of solitude.

    I have a lot of respect for a good host. Sure, we all just worry about our sites, but the crap that a real hosting company deals with hourly 24/7 to keep our sites secure is amazing. The web can be a nasty place. You guys pretty much keep it away from us so that all we see is Ponies, and Stickers, and My Space, and sparkly things.
    Last edited by Harold Mansfield; 07-12-2013 at 03:11 PM.
    WordPress Support WordPress Security Seeker.One

    "It takes less time to do a thing right, than it does to explain why you did it wrong." -Henry Longfellow

  9. #17
    Member Needs New Keyboard Array
    Join Date
    Mar 2013
    Location
    Farmingdale, NY
    Posts
    252
    Likes (Given)
    6
    Likes (Received)
    14

    Default

    Quote Originally Posted by Harold Mansfield View Post
    Self Hosted (.org). WordPress takes care of security for WordPress.com. But common sense precautions are always a good idea.
    Thanks, Harold. Org seems to be more likely to have trouble since it allows javascript (I think, don't quote me on that). But yes of course, always better safe than sorry.

  10. #18
    hello world Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,235
    Likes (Given)
    996
    Likes (Received)
    931

    Default

    Quote Originally Posted by patrickprecisione View Post
    Thanks, Harold. Org seems to be more likely to have trouble since it allows javascript (I think, don't quote me on that). But yes of course, always better safe than sorry.
    No, it's not that it's more trouble. It's just more responsibility. You are in control of your own website, so you have to act like an administrator. It's not the Javascript.
    The problem with allowing people to use Js on WordPress.com is that people can be malicious and Js is how a lot of Ad programs and install scripts run.

    WordPress.com's decision to not allow Js is not about the code language itself. A few of the themes that they make available have Js in them, as well as the software itself and some of the plug ins...all have Js in them. And since WP.Com doesn't allow ads or allow you to run your own scripts, they block it.

    It's about what people can do with it when they can add their own. And when you are hosting millions of blogs and websites for free, you have to be careful what you allow people to do on your network.

    When you host your own site, it's your site. You can do what you want. Js is everywhere. It's nothing to be scared of like it's an old pork chop back in the 1800's before refrigeration. Just be careful as with anything else.
    Last edited by Harold Mansfield; 07-12-2013 at 03:33 PM.
    WordPress Support WordPress Security Seeker.One

    "It takes less time to do a thing right, than it does to explain why you did it wrong." -Henry Longfellow

  11. #19
    Member Needs New Keyboard Array Brian Altenhofel's Avatar
    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    900
    Likes (Given)
    109
    Likes (Received)
    180

    Default

    Yep, we see thousands of port scans and brute force attempts on our edge servers. We have various tools in place for monitoring and response at each tier, both for security and performance. Right now, I collect 45-50GB of logs per day that are analyzed, indexed, and stored. My office has a 24" monitor that is dedicated to showing reporting from everything we have running for monitoring.

    Important things like your website's database and files should not be allowed to reside on an Internet-facing server. Very, very few reasons for an Internet-facing server to have more than :80 and :443 accepting connections.

    And if your servers are remote, they should only be able to be accessed over a VPN or a very limited shell (as in "if you're not on the VPN, you can only do these certain things").
    Last edited by Brian Altenhofel; 07-12-2013 at 03:35 PM.
    || VMdoh - Drupal development, consulting, and support

  12. #20
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    14,839
    Likes (Given)
    244
    Likes (Received)
    493

    Default

    I think it's a good reason why someone always needs to be paying attention to your website. I work on my sites all the time, whether it's just posting here like I am now or making a quick change to my design site. Both sites are set up to send me email for certain things and I check on their stats and see who's commenting etc. By paying attention everyday it helps me recognize something out of the ordinary, which when it happens gets me to look around more for why something unordinary is going on.

    It doesn't always lead me to a security issue and I'm sure I wouldn't recognize every potential security threat as one of those unordinary things, but I think keeping an eye on the usual helps alert me to some potential danger.
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •