1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Active russian hack attempts on my website.. what should I do?

Discussion in 'Black Hat SEO' started by beingink, Oct 8, 2016.

  1. beingink

    beingink Senior Member

    Joined:
    Sep 19, 2013
    Messages:
    1,015
    Likes Received:
    219
    A new member registered on my site which was shocking since I have disabled my websites registration. After further checking there have been continuous attempts at login page.

    So far I have:-
    1. Actively blocked ip
    2. Blocked originating country
    3. Changed login file name
    4. deleted the user
    5. got a more secure password.

    Anything else I can do? How long can this last? Does this put my site on some sort of hit list?
     
  2. cooper1210

    cooper1210 Regular Member

    Joined:
    Aug 7, 2016
    Messages:
    230
    Likes Received:
    60
    Gender:
    Male
    VPS / Shared hosting / private server?

    What technology is the site? Wordpress? Joomla?

    We need more info :D
     
  3. beingink

    beingink Senior Member

    Joined:
    Sep 19, 2013
    Messages:
    1,015
    Likes Received:
    219
    Sorry about that.. Shared hosting and wordpress.
     
  4. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,400
    Likes Received:
    8,103
    Get wordfence premium. Set strict lockout policy, monitor closely.
     
    • Thanks Thanks x 6
  5. beingink

    beingink Senior Member

    Joined:
    Sep 19, 2013
    Messages:
    1,015
    Likes Received:
    219
    I think they have stopped. No more activity. Just to prevent in future what kind of precautions should I take?
     
  6. thedynamic

    thedynamic BANNED BANNED

    Joined:
    Feb 17, 2015
    Messages:
    208
    Likes Received:
    14
    Gender:
    Male
    Also try Itheme security and Most of these things come from bots...
     
  7. cooper1210

    cooper1210 Regular Member

    Joined:
    Aug 7, 2016
    Messages:
    230
    Likes Received:
    60
    Gender:
    Male
    Yeah, it will be bot activity. My servers get repeated abuse 24/7.

    For a shared hosting account with Wordpress there's not much you can do at a server level, but as mentioned above, wordfence is a good bet.
     
  8. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,400
    Likes Received:
    8,103
    More specifically with wordfence premium-

    Create a new admin account for yourself
    Set the default admin account to block any IP that tries to log in to it
    Whitelist your IP
    Block after 3 incorrect login attempts
    Block after 3 password reset requests
    Regular scans
    Scan for plugin and theme changes
    Notify you whenever an admin user logs in

    That should cover it.
     
    • Thanks Thanks x 2
  9. samcram

    samcram Junior Member

    Joined:
    Sep 10, 2014
    Messages:
    138
    Likes Received:
    36
    Occupation:
    SEO
    Location:
    Moscow
    Home Page:
    Turn off XML-RPC autorization in WP
     
  10. LisaSimpson

    LisaSimpson BANNED BANNED

    Joined:
    Sep 25, 2016
    Messages:
    20
    Likes Received:
    5
    Gender:
    Female
    Use "all in one WP Security", change your admin url page to something different. This will be a great help.
     
    • Thanks Thanks x 2
  11. bahus

    bahus Regular Member

    Joined:
    Jun 4, 2014
    Messages:
    353
    Likes Received:
    97
    Gender:
    Male
    I had a similar issue a year ago with continuous attempts at login page, it was like there was no end to it. Since I bought wordfence premium and block all none english traffic things got quiet, I mean really quiet. If you can't afford it, the free version will do a good job protecting your website except for blocking undesirable traffic but if you're on a shared server it may slow your website down. Why don't you get a VPS, digital ocean or linode, the cost is just slightly more than shared service but you'll be in full control of your server.
     
    • Thanks Thanks x 1
  12. SebWgnr

    SebWgnr Registered Member

    Joined:
    Apr 19, 2016
    Messages:
    75
    Likes Received:
    57
    Home Page:
  13. d3t0x

    d3t0x Jr. VIP Jr. VIP

    Joined:
    Oct 28, 2008
    Messages:
    2,085
    Likes Received:
    808
    Location:
    Vancouver, BC
    • Thanks Thanks x 1
  14. se900se

    se900se Jr. VIP Jr. VIP

    Joined:
    Oct 14, 2014
    Messages:
    1,330
    Likes Received:
    499
    Occupation:
    Traffic Arbitrage
    Location:
    New York
    Home Page:
    i got sucuri security for my sites after one of them was attacked - works fine and since then never had a security problems
     
  15. bahus

    bahus Regular Member

    Joined:
    Jun 4, 2014
    Messages:
    353
    Likes Received:
    97
    Gender:
    Male
  16. KHer0

    KHer0 Supreme Member

    Joined:
    Mar 22, 2011
    Messages:
    1,363
    Likes Received:
    1,246
    Occupation:
    Architect
    Take it from someone who knows his stuff when it comes to hacking.

    The type of attack you are talking about is called bruteforce attack. It's basically people trying different passwords to log in. All you need to do is setup strong password. Something like : @ASDF3^1D12#. No password cracking software will be able to crack it. This more than enough to be safe from this type of attack

    If you want to make it a little bit harder, install any login limit plugin. And set the number of Login Attempts from same IP to something like 5 or 3. If they entered wrong password more than 3 times, their IP is banned for 1 week or 1 month.

    To conclude, as long as you set strong password, you are immune to bruteforce attacks.
     
    • Thanks Thanks x 2
  17. beingink

    beingink Senior Member

    Joined:
    Sep 19, 2013
    Messages:
    1,015
    Likes Received:
    219
    Thanks everyone for suggestions. I cant afford any premiums or dedicated hosting yet, stll waiting on amazon cheques. For now I have changed the login page and strength of password so it seems harder for them.

    Yes that is a problem for me, so I can't blacklist every ip.
     
  18. beingink

    beingink Senior Member

    Joined:
    Sep 19, 2013
    Messages:
    1,015
    Likes Received:
    219
    Also just checking back a lot of people are targeting robots file and plugins file but wordfence is good in hiding them. So should I hope that I am in the clear? I have made a backup just incase.
     
  19. DigitalCon

    DigitalCon Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 27, 2014
    Messages:
    518
    Likes Received:
    88
    Gender:
    Male
    Occupation:
    Internet Research
    Location:
    Home
    Home Page:
    Also to make sure your site hasn't a shell planted in somewhere, download a full backup of the website, including folder outside the domain's folder and scan them using a good antivirus. Most of the antiviruses detect php shells.

    EDIT: Also check for modifications in wordpress core files using wordfence.
     
  20. KHer0

    KHer0 Supreme Member

    Joined:
    Mar 22, 2011
    Messages:
    1,363
    Likes Received:
    1,246
    Occupation:
    Architect
    People won't upload a shell using bruteforce attempts. Wordfence isn't as great as you think. Just to make it clear, you can't protect yourself against dedicated pro hacker. However, why would a pro hacker target you. On the other hand, it's very easy to protect yourself against 99.999 of script kiddies using automated scripts attack out there. Just keep your plugins updated and set up a good password.
     
    • Thanks Thanks x 1