1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pretty Sure Someone is Trying to Hack Me

Discussion in 'White Hat SEO' started by TribeGal, Jan 22, 2012.

  1. TribeGal

    TribeGal Newbie

    Joined:
    Nov 21, 2011
    Messages:
    8
    Likes Received:
    0
    Okay, so I looked at my stats and two different IPs viewed my login page over 1200 times in one day. Both IPs were adding a .php on the end of the URL of my login page, but it redirects to a 404error when I tried it.

    I looked on my site under admins, the site source, etc. and it doesn't appear that they got in, but I'm a novice so I don't know what else to check. I have one security plug-in installed, and a very strong password, but what other things should I do to increase security?

    I find it ironic that this happened after I just posted that someone kept trying to viewing my robots.txt.

    ETA: I edited to say that prior to this 1200+ view day, I've been average 25 to 30ish views a day, so I know something is up.
     
  2. Virus1

    Virus1 Supreme Member

    Joined:
    Dec 13, 2010
    Messages:
    1,326
    Likes Received:
    1,409
    Occupation:
    destroyer of worlds...
    Location:
    Welcome to Black Hat World........................
    Home Page:
    Block those ips.
     
    • Thanks Thanks x 1
  3. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    Could try this in your .htaccess in your root. This will only allow access to your login page from your ip. just fill in the x's with your ip. It will take them to a special page...

    HTML:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
    
    <Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from xx.x.xxx.xx
    </Files>
    
    #custom error docs
    ErrorDocument 403 http://chan.jeffreybosman.com/src/127662775139.gif
    I would also install "secure wordpress" plugin and "WSD Security". Do a scan and it will let you know what permissions should be changed and analyze your site. There are also tons of step by step tutorials out there. But wsd will inform you to add a .htacces to your wp-admin directory to prevent browsing, proper file permssions on wp-config.php and many other things, so you should be good. Sounds like they are trying to do an sql injection so you could also install some block bad query plugins which secure wordpress does as well.
     
    • Thanks Thanks x 2
  4. justin

    justin Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 15, 2007
    Messages:
    505
    Likes Received:
    392
    Yes, you can block thoso IPs.
     
    • Thanks Thanks x 1
  5. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    trying to block all the ip's is not a good idea as they are probably just going to switch to another proxy. Best to only allow your IP to the login page.
     
    • Thanks Thanks x 1
  6. TribeGal

    TribeGal Newbie

    Joined:
    Nov 21, 2011
    Messages:
    8
    Likes Received:
    0
    Thank you so much for this reply, flexnds, and everyone else! I have had BBQ and WSD Security installed for awhile. I have all of the proper settings set in WSD, so I suppose that is why they weren't successful. As far as my .htaccess file, I have everything similar to yours except this part:

    <Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from xx.x.xxx.xx
    </Files>

    I don't think this would work as I am using broadband internet, so my ip is dynamic. Would it still be okay if I left that part out?
     
  7. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    well, I guess it's up to you if you want to have to change your .htaccess everytime your IP changes.
     
  8. TribeGal

    TribeGal Newbie

    Joined:
    Nov 21, 2011
    Messages:
    8
    Likes Received:
    0
    Well that wouldn't make much sense.
     
  9. procam

    procam Senior Member

    Joined:
    Jan 5, 2010
    Messages:
    879
    Likes Received:
    325
    Occupation:
    Webmaster, Big Data Scrappin
    Location:
    'lynx -listonly -dump url.yourcrappysite.com'
    I think those plugins mentioned by flexnds is your best option at this point. You should still block those IP's. There is also a block proxies plugin somewhere on the net I saw a while back.

    All the best!
     
    • Thanks Thanks x 1
  10. Bloghat

    Bloghat Regular Member

    Joined:
    Feb 18, 2011
    Messages:
    249
    Likes Received:
    120
    Is there a way to allow only ips of a certain range? that way they'd need a proxy of your city/state...? Would reduce the risk and you could do it with dynamic IP.
     
  11. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    Ya, you can use wildcards. So if you IP does not change by much, that is a possibility.