Page 4 of 4 FirstFirst 1234
Results 31 to 38 of 38

Thread: Brute Force Attacks On WordPress Underway

  1. #31
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    14,796
    Likes (Given)
    237
    Likes (Received)
    487

    Default

    VaultPress is a WordPress only solution. Your own scripts are custom so I think you'll need to create something custom for them or find a script that does something on the generic side. Keep in mind the more generic something is, the more likely it will have false positives.

    Jeff's idea above should work, but again keep in mind that any time someone legitimately changes a file you're going to get an alert. Maybe you'd want to limit how often the script runs or have a way to turn it off when you know work is being done. Or better have it selectively check files so if you know your theme is being worked on you can ignore alerts on those changes (though you'd still want to store the changes for a latter comparison).
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

  2. #32
    Member Needs New Keyboard Array Brian Altenhofel's Avatar
    Join Date
    Sep 2012
    Location
    Oklahoma
    Posts
    895
    Likes (Given)
    109
    Likes (Received)
    179

    Default

    You could have everything under version control and have a script that checks for changes and sends a notification (as well as checks back out the known good code). Fairly trivial - just use Git, a cron job, and a shell script. Bonus points for using Jenkins and Fabric.py.

    You could also put everything under a configuration management tool like Chef or Puppet and have the deployment to servers take place every few minutes. Difficult, but worth it if your application is spread across multiple servers.
    || VMdoh - Drupal development, consulting, and support

  3. #33
    Member Needs New Keyboard Array
    Join Date
    Aug 2008
    Posts
    4,919
    Likes (Given)
    88
    Likes (Received)
    213

    Default

    Quote Originally Posted by vangogh View Post
    VaultPress is a WordPress only solution. Your own scripts are custom so I think you'll need to create something custom for them or find a script that does something on the generic side. Keep in mind the more generic something is, the more likely it will have false positives.

    Jeff's idea above should work, but again keep in mind that any time someone legitimately changes a file you're going to get an alert. Maybe you'd want to limit how often the script runs or have a way to turn it off when you know work is being done. Or better have it selectively check files so if you know your theme is being worked on you can ignore alerts on those changes (though you'd still want to store the changes for a latter comparison).
    It's sounding like jeffs solution is the best and not that hard to do. The only issue I would have is if my partner uploads an image to an image directory (I know shopp stores images in a db). I haven't done a script for that yet, but I want him to be able to upload images. That way we can both upload the most current / best images.

    Oh, and and another thing. This should be transportable to any platform. That wouldn't be true of a WP plugin.
    Last edited by billbenson; 07-20-2013 at 01:11 AM.

  4. #34
    Member Needs New Keyboard Array MyITGuy's Avatar
    Join Date
    Apr 2011
    Location
    Miami, FL
    Posts
    976
    Likes (Given)
    42
    Likes (Received)
    82

    Default

    Quote Originally Posted by billbenson View Post
    @Jeff, how long does it take to run? It's a pretty big site.

    If the MD5 value is not set, I'm assuming that's a file that is a possible hack if I'm not working on the site.
    It shouldn't take too long for the script to run....but I'll see if I cant create a simple task this weekend and do some testing.

    Yes, if an MD5 value is not set then that would be some cause for concern (As long as your ignoring temp files).
    Jeff Tysco President Cingular, Inc.
    Business Class Hosting Services
    Your Total IT Solutions Provider

  5. #35
    Member Needs New Keyboard Array
    Join Date
    Aug 2008
    Posts
    4,919
    Likes (Given)
    88
    Likes (Received)
    213

    Default

    Quote Originally Posted by MyITGuy View Post
    It shouldn't take too long for the script to run....but I'll see if I cant create a simple task this weekend and do some testing.

    Yes, if an MD5 value is not set then that would be some cause for concern (As long as your ignoring temp files).
    Thanks, I appreciate it.

  6. #36
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    14,796
    Likes (Given)
    237
    Likes (Received)
    487

    Default

    Quote Originally Posted by Brian Altenhofel
    You could have everything under version control and have a script that checks for changes and sends a notification
    That's a good idea and has plenty of advantages beyond just being alerted to changes. I'm still slowly wrapping my head around version control. I get what it is and why use it. I have Git set up locally and a GitHub account. It's more incorporating it into my workflow that's taking time. Little by little though I'm moving in that direction.
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

  7. #37
    Web Consultant Array Harold Mansfield's Avatar
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,128
    Likes (Given)
    984
    Likes (Received)
    912

    Default

    Woke up this morning to 400 email alerts that someone tried to gain access to one of my sites overnight between 12-2 am.

    I saw a few attempts yesterday afternoon that seemed to be coming from the same person, so I had already moved my log in page and set unauthorized lock outs to 1 attempt before banning the host completely yesterday. Host said that really helped and it worked just as it was supposed to.

    Host also said the same happened on a few other sites on my server and I had him install extra security across my entire server for any attempted access.

    I can't say it enough, if you are running WordPress move your log in page, and monitor attempts to access your site. All it takes is a little extra security to save you a big headache down the line.

    The security vulnerability is that everyone knows where the default log in page is, and that the default username is "Admin". So that's what they try to hit and brute force thier way in.
    If you move that page to an obscure URL that only you know, and use a different username the BS hackers are lost and tend to move on.
    Last edited by Harold Mansfield; 08-01-2013 at 09:50 PM.
    WordPress Support WordPress Design WordPress Security

    "It takes less time to do a thing right, than it does to explain why you did it wrong." -Henry Longfellow

  8. #38
    Post Impressionist Array vangogh's Avatar
    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    14,796
    Likes (Given)
    237
    Likes (Received)
    487

    Default

    Glad nothing happened to your site. It seems like you're doing a good job locking it down. Oddly enough I read a post earlier with some tips for blocking attempts to brute force author page scans. Two plugins and a bit of .htaccess. The plugins are Limit Login Attempt, which you wouldn't need since you have it set up and Google Authenticator to set up 2 step verification. The .htaccess code blogs robots from author pages, but you should be able to tweak it so they can't access any page.
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •