Someone is trying to hack my website (seems like Distributed Brute force attack)

Duan

Senior Member
Joined
Jun 20, 2004
Messages
892
Reaction score
42
Location
South Africa.
Hi Guys,

I am wondering if someone has some idea who / what is orchestrating the attack on my website.

I have a wordpress based website which is locally hosted. I have been receiving email notifications all day about failed login attempts and locked user accounts.

I originally had the site developed by a reputable developer, and he seems to have done a decent job of setting up security as far as I can tell.

I have had a look at the security section and I have noticed that the attacks are focussing on the admin account and test accounts, but every attempt is from a different IP and mostly different country as well.

There is nothing valuable to gain from the site and I cant thing why someone would be looking to hack it.

Does anyone have any thoughts on the matter?

Thanks
 
Bots for sure have the same problem on my WordPress blog and it's not even 2 weeks old.
 
Bots that target WordPress sites for weak passwords

Thanks, do you have any more information on these bots / botnet?

If they are using a dictionary approach, then they will be out of luck. If they are trying patterns, they are also out of luck. The only option is if they guess a 20 digit password with upper and lowercase as well as numbers and symbols. So I am fairly comfortable that my passwords are strong.

Any way to retaliate?
 
Nope, just block. More than 50% of web traffic is bots

That is shocking, but I assume some of that would be legitimate bots for things like search engines?

I keep receiving emails alerting me to failed attempts and while I could switch it off completely, I would rather not.

Any suggestions?
 
.
Any way to retaliate?

You know when you are peeing in a urinal, and glance over at the guy in the next urinal.....and notice that he is holding a tree trunk in his hand.

Retaliating is like having a dick fight with the trunk man....his is bigger than yours, accept it and move on otherwise you will end up dickless.
 
Thanks, do you have any more information on these bots / botnet?

If they are using a dictionary approach, then they will be out of luck. If they are trying patterns, they are also out of luck. The only option is if they guess a 20 digit password with upper and lowercase as well as numbers and symbols. So I am fairly comfortable that my passwords are strong.

Any way to retaliate?

According to Wolfram Alpha, such a password has 131.1 bits of entropy and would take 919.9 septillion years to enumerate at 100k passwords a second.

Damn. I should change from 12 digits to 20 digits.
 
Look at WordFence security. It works relatively well.
Alternatively or in addition, you should take some time and remove any reference to WP in your headers. That's generally the first place bots look to. Oh and change the wp-admin page from being your login page.
 
That is shocking, but I assume some of that would be legitimate bots for things like search engines?

I keep receiving emails alerting me to failed attempts and while I could switch it off completely, I would rather not.

Any suggestions?

It's just a reality of operating - especially if you're running a WordPress installation. It's far and away the most popular CMS being used by websites, and as such it becomes a natural target for attackers in much the same way as Windows did for PCs. They generally score because there are always some idiots who:

1. Keep their default admin account in place, and
2. Who use crappy passwords, and
3. Don't keep their core and plugins up to date.

I'd like to echo snowwolf's suggestions - install Wordfence. That's the easiest. The other options require a bit of additional know-how. Also delete your default "admin" account - set up a new one with a different username beforehand (not admin or the site/author name). With Wordfence you will quickly see those are the usernames most regularly targeted.

You can set it to block IPs trying certain usernames, or who send too many requests, like those who are scanning for vulnerabilities.
 
It's just a reality of operating - especially if you're running a WordPress installation. It's far and away the most popular CMS being used by websites, and as such it becomes a natural target for attackers in much the same way as Windows did for PCs. They generally score because there are always some idiots who:

1. Keep their default admin account in place, and
2. Who use crappy passwords, and
3. Don't keep their core and plugins up to date.

I'd like to echo snowwolf's suggestions - install Wordfence. That's the easiest. The other options require a bit of additional know-how. Also delete your default "admin" account - set up a new one with a different username beforehand (not admin or the site/author name). With Wordfence you will quickly see those are the usernames most regularly targeted.

You can set it to block IPs trying certain usernames, or who send too many requests, like those who are scanning for vulnerabilities.

Thanks for the suggestions!

The attackers have been unsuccessful as far as I can tell and I must attribute it to the skills of the guys who created the site for me. They have configured Wordfence and ensured that no default user accounts exist.

Wordfence has identified "admin" and "test" accounts as the most targeted accounts attacked, but the accounts don't actually exist.

So far so good!
 
In addition to wordfence install IQ Block Country, you can then block the countries that wordfence identifies from your backend. Wordfence does have country block at a cost.
 
Running WP or any other CMS paints a bullseye on your site; simple google searches reveal sites running X CMS, and a few advanced searches even highlight those open to attack.

Solution:
1. Implement a very restrictive and precise .htaccess
2. Or consider turfing CMS for something like http://jekyllrb.com
 
[XC] Oj101;15453600 said:
How's Wordfrence compared to Better WP Security?

I don't think either one is particularly better than the other - they both do what they do pretty well. That being said, I switched to Wordfence after having issues with Better WP Security - the server my site was hosted on at that particular point didn't play along very well. I probably wouldn't have those issues now, but I haven't had a reason to switch back since Wordfence works fine.
 
Top
Sign up to the MyBroadband newsletter
X