1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

am i being attacked?

Discussion in 'BlackHat Lounge' started by swon, Dec 24, 2016.

  1. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    158
    Gender:
    Male
    this is what the WP loginizer plugin is telling me... Does this mean someone is currently actively attempting to break in?


    suggestions to secure my site?
    page 1.jpg page 2.jpg
     

    Attached Files:

  2. pewep

    pewep Power Member

    Joined:
    Nov 3, 2008
    Messages:
    660
    Likes Received:
    2,873
    Gender:
    Male
    Occupation:
    Yogi-In-Training
    Location:
    U.S.
    Could be just the average botnet scouring the web for insecure sites. Update WP immediately if you haven't. I fucking lost my dating site to that bullshit lol.
     
  3. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    158
    Gender:
    Male
    WP is up to date. seems like all the IP's are coming from Moscow and Moscow surrounding areas.
    i changed the login page url to something completely random. not sure if that would make a difference.

    seems like the attempts have ceased for now.
     
    • Thanks Thanks x 1
  4. pewep

    pewep Power Member

    Joined:
    Nov 3, 2008
    Messages:
    660
    Likes Received:
    2,873
    Gender:
    Male
    Occupation:
    Yogi-In-Training
    Location:
    U.S.
    Honestly, just block all IPs coming from 3rd world countries and suspect nations like Russia, Ukraine, China, etc...

    They don't convert, drain bandwidth and are possibly infected.
     
  5. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,462
    Likes Received:
    34,402
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  6. DigiSoft

    DigiSoft Registered Member

    Joined:
    Jul 28, 2011
    Messages:
    77
    Likes Received:
    41
    Gender:
    Male
    Occupation:
    Making great software
    I also had this and I installed jetpack and the attacks are gone now.
     
  7. Ste Fishkin

    Ste Fishkin BANNED BANNED Jr. VIP

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    10,212
    Do this on your wp-admin directory

    http://stackoverflow.com/questions/4400154/deny-all-allow-only-one-ip-through-htaccess
     
    • Thanks Thanks x 4
  8. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,462
    Likes Received:
    34,402
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  9. Alchemizt

    Alchemizt Regular Member

    Joined:
    Aug 25, 2016
    Messages:
    221
    Likes Received:
    206
    I had Russians hammering a handful of my sites for a month before they gave up trying to bruteforce my passwords. I rarely check on some of these sites is why it went on for so long but my passwords are all 20+ character random alphanumeric and I use 2 factor on all my WordPress sites so needless to say they gave up eventually.

    Strong passwords, 2 factor and keeping everything updated is your best defense. At the end of the day though a true hacker will get in if they want to bad enough.
     
  10. mayouf med

    mayouf med Newbie

    Joined:
    Dec 24, 2016
    Messages:
    32
    Likes Received:
    4
    Gender:
    Male
    why 3rd world countries !!
     
  11. pewep

    pewep Power Member

    Joined:
    Nov 3, 2008
    Messages:
    660
    Likes Received:
    2,873
    Gender:
    Male
    Occupation:
    Yogi-In-Training
    Location:
    U.S.
    They don't convert at all and are more likely to be infected. Why even take the risk?
     
    • Thanks Thanks x 1
  12. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    158
    Gender:
    Male
    how do i block ips by country?
     
  13. pewep

    pewep Power Member

    Joined:
    Nov 3, 2008
    Messages:
    660
    Likes Received:
    2,873
    Gender:
    Male
    Occupation:
    Yogi-In-Training
    Location:
    U.S.
    There are a bunch of ways. You can do it by htaccess (a pain), scripts or with wp plugins like Geoblock, etc....
     
  14. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    158
    Gender:
    Male
    Thank for the input everyone... I added Stealth Login Page.
    basically you will login with username, password, and an additional code.
    incorrect login will redirect to a URL of your choice.

    stealthlogin.jpg

    if anyone is wondering where the url is redirecting to, its to this gif:

    128.gif
     
    • Thanks Thanks x 4
  15. pewep

    pewep Power Member

    Joined:
    Nov 3, 2008
    Messages:
    660
    Likes Received:
    2,873
    Gender:
    Male
    Occupation:
    Yogi-In-Training
    Location:
    U.S.
    Lol, you should have redirected them to cia.gov or interpol or a very suspicious auto-download .exe
     
    • Thanks Thanks x 2
  16. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,462
    Likes Received:
    34,402
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Yeah I usually redirect people to fbi.gov
     
  17. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,118
    Likes Received:
    1,507
    Occupation:
    Marketing
    Location:
    Portland,Or
    And use wordfence, with their firewall, and cloudflare to, you should be alright after using these.
     
  18. swon

    swon Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    108
    Likes Received:
    158
    Gender:
    Male
    Great ideas guys! thank you all, i feel like i secured my website enough now.
     
  19. derjrjr

    derjrjr Junior Member

    Joined:
    Nov 1, 2015
    Messages:
    190
    Likes Received:
    20
    Occupation:
    SMS Verification Panel
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    get CloudFlare lol