1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[HELP] 40+ hack attempts from Russsian Federation this week

Discussion in 'Blogging' started by AnotherOne, Nov 20, 2012.

Tags:
  1. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    919
    Likes Received:
    187
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    Hi,
    I have received multiple emails from a plugin I am using on my WordPress website that someone from Russia with host name 46x0x225x118.static-customer.samara.ertelecom.ru and IP 46.0.225.118 is trying to login to my website. The user/bot has tried different login names (14+ times) to enter in my website but Alhamdullilah he was not successful.

    This is not the first time someone from Russia was trying to hack my site. I was planning to block whole Russian Federation from accessing my website because of continuous hack attempts (more than 40 attempts this week alone).

    I need advice whether to block the whole country or just IP range of those users/bots tried to hack my website.


    Currently I am using Firewall, Antivirus, limit access to login/user attempts, .htaccess protection and robots protection on my website and I need help securing my WordPress website even more.
     
  2. B. Friendly

    B. Friendly BANNED BANNED

    Joined:
    Jun 10, 2012
    Messages:
    388
    Likes Received:
    480
    14 is nothing. 40 is nothing. Make sure to have a secure password, and update all the plugins, etc... The proxies may be from the Russian Federation, but proxies can come from anywhere.
     
    • Thanks Thanks x 1
  3. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    919
    Likes Received:
    187
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    40+ hack attempts from a single country in a week is nothing?
    I am already using a secure password and I have all updated plugins.

    If the hacker uses a proxy why would he leave his host name behind?
     
  4. B. Friendly

    B. Friendly BANNED BANNED

    Joined:
    Jun 10, 2012
    Messages:
    388
    Likes Received:
    480
    Yes, it's nothing. Block the IP and see if they shift to a different one.
     
  5. MafiaBoss

    MafiaBoss Elite Member

    Joined:
    May 5, 2012
    Messages:
    1,522
    Likes Received:
    1,031
    Occupation:
    Currently Un-Occupied
    Location:
    In granny's Basement
    Home Page:
    proxies...if you know what i mean :p
     
    • Thanks Thanks x 1
  6. assphuck

    assphuck Senior Member

    Joined:
    Feb 22, 2009
    Messages:
    1,196
    Likes Received:
    905
    Block Russia and China in htaccess. I've seen nothing been hacking/spamming from these countries. Use cloud hosting and lockdown your admin with an IP restriction allowing only you access.
     
    • Thanks Thanks x 1
  7. gvncerri

    gvncerri Regular Member

    Joined:
    Jun 10, 2011
    Messages:
    348
    Likes Received:
    71
    Occupation:
    Internet Marketer
    Location:
    Italy
    Home Page:
    Is yours a membership site or only you should access? Do you use semisecure login reimagined plugin and secure wordpress?
     
    • Thanks Thanks x 1
  8. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    919
    Likes Received:
    187
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    No attempt after I blocked the IP. Maybe the user is not using proxies to hack?

    Only 4-5 hack attempt is made from China in last two months so I think it's not a good idea to block China, isn't it?
    I am restricting admin access to only my IP, thank you for the tip.

    Only two members (me and an author) are allowed to login to that site. Don't know what's semisecure login reimaged plugin and secure wordpress plugin.
     
  9. Untouchable

    Untouchable Supreme Member

    Joined:
    Mar 22, 2012
    Messages:
    1,345
    Likes Received:
    1,173
    Location:
    Canada
    Are you using cloudflare? If not install it immediately. All problems solved!
     
    • Thanks Thanks x 1
  10. handmadebots

    handmadebots Senior Member

    Joined:
    Nov 8, 2012
    Messages:
    902
    Likes Received:
    204
    Home Page:
    Man, just use some plugin when you type the password wrong first time, you won't be able to login in the next 24 hrs.
     
  11. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    919
    Likes Received:
    187
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    No, I am not using Cloudflare and I am not sure how Cloudflare will help a website from hackers?

    What if I mistyped it myself? 24 hours is a VERY long time.
     
  12. gvncerri

    gvncerri Regular Member

    Joined:
    Jun 10, 2011
    Messages:
    348
    Likes Received:
    71
    Occupation:
    Internet Marketer
    Location:
    Italy
    Home Page:
    Semisecure Login Reimagined is a free wordpress plugin that install password encription in your Login. Recommended
     
    • Thanks Thanks x 1
  13. cgimaster

    cgimaster Power Member

    Joined:
    Jun 30, 2012
    Messages:
    525
    Likes Received:
    311
    Gender:
    Male
    TIPS:

    You can add to your htaccess for it to check the ENV variables that can possible detect open proxies in case he is not using private and/or fully anonymous proxies.
    You can rename the admin folder to something else that only you know about.
    You can add another password protection on top of your admin folder using htaccess.
    You can use complicated passwords that include symbols, numbers, upper and lower case characters with 8 or more characters to make brute-force and known md5's break list useless.
    You can use wp plugins to improve your site security.
    You can verify the chmods to make sure the folders are secure.
    You can add htaccess rules to deny access to files that are not supose to like php files on the uploads folder.
    You can add a rule on the htaccess that will only allow your ip and the other guy's ip to access the admin folder.
    You can limit password tries per ip to something like 3 which I believe to be more than enough and if you get blocked for whatever reason you can access your ftp or phpmyadmin or w/e and unblock yourself manually.

    ===== MOST IMPORTANT =====
    Set a cronjob or schedule for a fullsite backup daily if you dont have one.
    ===== MOST IMPORTANT =====
     
    • Thanks Thanks x 2
  14. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    919
    Likes Received:
    187
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    You gave some excellent tips.
    I have followed all your tips but I was not able to understand that 'ENV variable' tip.

    I have password protected the wp-admin folder but now every visitor/user has to cancel a "Authentication required" popup on each of my website pages :|


     
  15. B. Friendly

    B. Friendly BANNED BANNED

    Joined:
    Jun 10, 2012
    Messages:
    388
    Likes Received:
    480
    I think it's good that you are learning all about website security and all, but I also think that you are over-reacting. As I said, 14, 40 numbers like that are nothing. Read-up on "brute force attacks" in order to get some sense of how many attempts it takes to crack a password of "X" length and a particular degree of "hardness" (special characters, upper & lower case, no words that can be found in a dictionary, etc...). They measure the number of attempts needed to crack a decent password in the hundreds of thousands, and describe the time to crack in terms of months and years.

    I'm no expert, but I think a direct, brute-force attack on a hardened password is the least of your worries. Having an adjacent website on your website's server that has a security hole would be your biggest threat, and there's not much you can do about that. Someone hacks into the other site, acquires root on the Server, and is then able to do whatever they want to your site, and any others that are on that Server. So, if you are going to worry, worry about that.
     
    • Thanks Thanks x 2
  16. ChEcKeD

    ChEcKeD Senior Member

    Joined:
    Aug 27, 2012
    Messages:
    984
    Likes Received:
    467
    Occupation:
    ☺☺☺☺
    Location:
    ☺☺☺☺
    As long as you backup regularly and keep your website secure, you should have to resort to banning country IPs
     
    • Thanks Thanks x 1
  17. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    • Thanks Thanks x 1
  18. cgimaster

    cgimaster Power Member

    Joined:
    Jun 30, 2012
    Messages:
    525
    Likes Received:
    311
    Gender:
    Male
    http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html you can find on the second part some information on it, you could however do it with php as well

    Place a new htaccess with password protection rules into the folder u want to proctect with it and it will take action only at that folder.
     
  19. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    919
    Likes Received:
    187
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    You have posted some excellent info about Brute force attacks and I'll surely read more about it.
    After discussing the issue with several people I think I am over-reacting but I think (like you said) this 'over-reacting' has gave me some excellent advices from some brilliant helpful users and I learned a lot:)

    So it's time to move to a dedicated server? My website is not that big and it's working fine on this shared plan. Moving it to a dedicated server will cost a lot of money.


    I have posted some tips myself too in that thread (check them out) and this time I have followed your Tip#6 successfully.



    I'll look into it.

    After adding a 401 redirection in main .htaccess I was able to solve that issue.
     
    • Thanks Thanks x 2
  20. cgimaster

    cgimaster Power Member

    Joined:
    Jun 30, 2012
    Messages:
    525
    Likes Received:
    311
    Gender:
    Male
    You dont need a dedicated server right off the bat, you can get a small VPS based on your site needs and grow from there.

    However having your own server does not mean you will be safer, in fact you will have more work then u have right now because besides securing your site you will also have to secure your server which can get attacked directly instead of attacking your site.

    Secure http server, mail server, dns server, firewal, ssh, and other services that your VPS will be running.

    EDIT: IMHO you dont need either vps or dedicated servers just sticked to the advices given to you and make sure you have daily backups (not your hosting company) but YOU have the daily backups.

    Why ? In most cases your hosting company will take some time to restore it and if u have it at hand you can do it right away if an issue arrives.
     
    • Thanks Thanks x 1
    Last edited: Nov 23, 2012