1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone tried to hack my site

Discussion in 'Black Hat SEO' started by Xlr8, Oct 3, 2015.

  1. Xlr8

    Xlr8 BANNED BANNED Jr. VIP

    Joined:
    Oct 17, 2014
    Messages:
    430
    Likes Received:
    174
    Some douchebag tried to hack into my website yesterday. No idea why.

    I woke up this morning to like a 100 messages from my host stating certain IP's have been blocked due to too many bad attempts.

    Screenshot (14).png

    Looks like it was a bruteforce attack.

    I currently use iThemes Security to protect and backup my site. What more steps should I take to prevent anyone from accessing my site.

    Just don't want to take any chances

    EDIT- Is there a way I could reverse track this dude?
     
  2. walterhartman

    walterhartman Newbie

    Joined:
    Sep 12, 2015
    Messages:
    9
    Likes Received:
    2
    Location:
    Tennesse
    Home Page:
    Just have a good password and keep your theme and plugins up to date. There are always brute force bots hitting my wp-login.php file. Nothing else much you can do. Bad guys probably using TOR or VPNs.

    I don't know much about the iThemes security. That is pretty cool. There are also plugins that put a captcha on the login. I rename my wp-loging.php when I am not using it. But I still see bots trying and even on my sites without wordpress the bots are hitting that file.
     
  3. uncce

    uncce Junior Member

    Joined:
    Dec 24, 2014
    Messages:
    166
    Likes Received:
    27
    If you don't have experience and understanding of concepts in how this hacking thing works there is not much you can do besides using strong(long) passwords.
     
  4. JasonGraham

    JasonGraham Regular Member

    Joined:
    Oct 2, 2015
    Messages:
    322
    Likes Received:
    89
    You could contact iThemes Security and ask for a two step login (like the banks use for the login of their clients in e-banking)

    First a regular login with password then another password that you get from a sms, mail etc...
     
  5. diesel1

    diesel1 Senior Member

    Joined:
    May 22, 2013
    Messages:
    934
    Likes Received:
    226
    Mostly to obtain links from your site; for personal use and to sell on sites such as sape

    No, I do not think so
     
  6. uncce

    uncce Junior Member

    Joined:
    Dec 24, 2014
    Messages:
    166
    Likes Received:
    27
    plus database might contain some nice email list
     
  7. LeanLow

    LeanLow Senior Member

    Joined:
    Jun 15, 2013
    Messages:
    924
    Likes Received:
    304
    You need to have Cloud Flare on all of your sites that you care about.
     
  8. venthi76

    venthi76 Regular Member

    Joined:
    Oct 4, 2009
    Messages:
    379
    Likes Received:
    116
  9. Franklin Hattchet

    Franklin Hattchet Senior Member

    Joined:
    Feb 10, 2015
    Messages:
    991
    Likes Received:
    966
    Location:
    World Wide
    I get that all day it's so dam anoying. Hopfully it's just doing a run through some sites and it will stop.
     
  10. wizard04

    wizard04 Elite Member

    Joined:
    Apr 1, 2014
    Messages:
    2,700
    Likes Received:
    2,538
    Location:
    Outside your house
    Install this plugin https://wordpress.org/plugins/wordfence/
    and in the settings tab go to the Login security options and do this:

    Select this 3 options
    Don't let WordPress reveal valid users in login errors
    Prevent users registering 'admin' username if it doesn't exist
    Prevent discovery of usernames through '/?author=N' scans
    Also
    Lock out after how many login failures add 3 times
    Lock out after how many forgot password attempts add 3 times
    Count failures over what time period 1hour
    Amount of time a user is locked out 1 hour
    Do this and you will have no problem anymore and make a strong pass.
     
    • Thanks Thanks x 2
  11. Ambitious12

    Ambitious12 Elite Member

    Joined:
    Jun 26, 2014
    Messages:
    3,096
    Likes Received:
    609
    Occupation:
    No Occupation
    Location:
    Among the Stars
    You should be grateful to that hosting provider :)
     
  12. zoom5

    zoom5 Newbie

    Joined:
    Apr 28, 2015
    Messages:
    40
    Likes Received:
    7
    Standard wordpress installations are all the same so attackers look for key things to try to exploit. There are ways to tighten up your wordpress installation using a layered approach.

    1. Change the login url for your website. By default it is yoursite/wp-login.php. Attackers just go straight to this url to start their brute-force attack. If they can't find your login then they can't brute-force. Like someone else suggested use iThemes Security. Make it anything you want like yoursite/secretdashboard. Also setup the feature that allows you to lockout a person after too many attempts. Be sure to whitelist your own IP address.

    2. Don't use admin as your login name. No matter how strong your password is there is no reason to make things easier by letting them just focus on guessing one field instead of two. There are plugins that allow you to rename the account but you can just create a new admin account with a better name then delete the old one and select the option to transfer all posts to the new admin.

    3. Now that you have a new admin account make sure that you use a nickname for your account that is not the same as the account name itself. That way if you create posts using this account to your blog the attackers won't be able to get the name on the new account from your blog posts.

    4. Block IP addresses from other countries from accessing your dashboard. In case someone does find the secret url, which is highly unlikely they will get redirected to a url of your choosing. Use can use IQ Block for that.

    5. Delete the readme.html file in your WP installation. Hackers can read this file to determine which version of WP you are using which then lets them focus on trying specific exploits as they become available.

    6. Let's say someone gets into your site anyway or maybe you gave someone access to your site to do some work for you but you want to know if/when they mess with anything beyond what you told them to do. You can track which files have been altered by using the Sucuri Security Auditing plugin. You will receive emails anytime a file is altered. You can also set it to send you emails for anytime someone logs in or tries to login (also showing which user/password they tried).

    With these things in place it's still possible for an attacker to bombard your yoursite/wp-login.php and eat up your bandwidth. So if you setup all of the above and you are still getting messed with you may want to look into getting a firewall like cloudflare.
     
    • Thanks Thanks x 1
    Last edited: Oct 3, 2015
  13. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,020
    Likes Received:
    1,502
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Trust me, this won't be the last attack.
     
  14. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,196
    Likes Received:
    7,845
    Home Page:
    Looks like it's doing the job, lower the amount of attempts before lockout maybe.
     
  15. abdallah869

    abdallah869 Newbie

    Joined:
    Apr 9, 2015
    Messages:
    10
    Likes Received:
    0
    I want to learn how can i hack website
     
  16. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    7,134
    Likes Received:
    12,585
    Gender:
    Male
    Occupation:
    Reaper
    Location:
    Riverside, California
    Home Page:
    Excellent advice!

    Here's a plugin that can rename the login page for you, OP. :)
    https://wordpress.org/plugins/rename-wp-login/
     
    • Thanks Thanks x 1
  17. Tomich

    Tomich Newbie

    Joined:
    Aug 13, 2014
    Messages:
    31
    Likes Received:
    0
    Gender:
    Male
    Occupation:
    Media Buyer
    Location:
    Ukraine
    Someones really want to get yor website. Previous comment is very useful for you in this situation.