1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Victom of Peristent WrodPress Hacking

Discussion in 'Blogging' started by bertbaby, Mar 21, 2013.

  1. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Over the past month my blogs appears to be under constant assault from some persistent hackers trying get past the wp-login. I have taken the usual precautions such as a security plugin, backups and I have access to the files directly. I can track the IPs and have been blocking some of those but some of these sites are so toxic I have to use my Linux box to check them.

    So far they have been unsuccessful but I don't get it. My sites are not ecommerce and are basically brochure sites so what's the goal? Even if they take control I'll simply delete the files and reinstall. I don't get in, anybody have any suggestions?
     
  2. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    I had the same problem and opened this thread http://www.blackhatworld.com/blackh...-constant-hack-attempts-need-some-advise.html

    It got some great replies and its worth a read.

    Despite taking onboard the info I still got hacked a week later. Had all my sites secured except one shitty one I had forgot about...they got in through that weak link and took me down.

    To answer your question why ? In my case they were able to use my email accounts to spit out 200,000 payday loan offers in a weekend.
     
    • Thanks Thanks x 2
  3. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Thanks, I actually followed that thread early on but missed some of the later posts. The hosting company has been useless and the tech I spoke to knew less than me. Would be nice if I had more in depth reporting to spot the abusers but I'll go with my shotgun approach.

    My approach has been to block suspect IPs, backup frequently and to limit logins. Obviously, somebody has a script and the ability to shift attacks to other IP addresses so this is not a kiddie attack.
     
    Last edited: Mar 21, 2013
  4. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    You could rename the wp-login.php to something else, then they can't brute force it.

    If I saw they were hitting wp-login over and over that's what I'd be doing.
     
    • Thanks Thanks x 2
  5. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Sounds like a good way to lock yourself out of a function. If you rename the file does it impact other WordPress functions?

    The other observation I have made looking at the logs is that there appears to be coordinated paired attacks from two different IP addresses in Europe for the most part. The stats are exactly the same and the IPs appear to be a hosting company.
     
  6. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    One other observation when doing a lookup using Who is I have noticed that a number of the IPs are under watch with ProjectHoneypot.org. So that's a good indication they are a hacker site and safe to block.
     
  7. Standard Toaster

    Standard Toaster Regular Member

    Joined:
    Aug 29, 2009
    Messages:
    335
    Likes Received:
    190
    I didn't realize that many people were trying to bruteforce into my blog before I installed a plugin called WP Better security. It works and works really well to protect your blog.
     
    Last edited: Mar 21, 2013
  8. Paranoid Android

    Paranoid Android Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 20, 2010
    Messages:
    1,459
    Likes Received:
    2,221
    Gender:
    Male
    Occupation:
    Pantie Thief
    Location:
    Native America
    w rod press? sounds something mechanical
     
  9. Zak_A

    Zak_A Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 16, 2008
    Messages:
    808
    Likes Received:
    873
    Gender:
    Male
    Occupation:
    WP designer & developer
    Location:
    Western Europe
    One of my - pretty useless - micro niche site is in the same situation, someone (probably a bot) have been trying to log in each and every day for almost a year.

    I've set a security plugin that lockout the login page for the IP after one failed attempt and made sure my password was something really complicated.
    From the logs I can tell it still trying to login every day with a different IP, but has never been successful.

    Just make sure your install and password are strong and secure and let them waste their time, don't waste yours :)
     
    • Thanks Thanks x 1
  10. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    One of the things many of the security plugins for wordpress does is either rename wp-admin and wp-login.php, or add an additional parameter that the login needs via the .htaccess file.

    http://wordpress.org/extend/plugins/wsecure/ (just one example where they rename things).

    The biggest concern is you shouldn't go editing core wp files, because when you upgrade it overwrites those core files you changed, reverting back to the original state. Just use a plugin to do it, the plugin will implement the hooks, .htaccess changes, etc. so you can continue upgrading WP.
     
    • Thanks Thanks x 2
    Last edited: Mar 21, 2013
  11. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    I got to be honest with you I hate playing around with the security plugins. I have seen some strange behaviors and more than once got locked out of my own site never mind the hackers, lol. Fortunately, I had backups and was able to restore the updated php files but this is damn scary for any newbie.
     
  12. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    I was running WPBetter security....But I had it all set up arse ways. I since found out that if I had set it up correctly then they have a one push database prefix changer. I was the same as you scratching my head wondering why I was getting constant ip lockouts from Italy, Spain and Argentina but Presuming I was safe. If they are knocking on your door and you dont have good passwords and security...bastards can just get in eventually.
     
  13. neteater

    neteater Jr. VIP Jr. VIP

    Joined:
    Feb 14, 2009
    Messages:
    525
    Likes Received:
    318
    Location:
    somewhere between CPU an d heat sink
    Home Page:
    webetter security is able to protect from most of the attacks... one feature that i like it simply disable your site backend for a defined time.. so i disable my site backend when not online..
     
    • Thanks Thanks x 1
  14. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Is the full name webetter security actually Better WP Security?
     
  15. CherryAffairs

    CherryAffairs Newbie

    Joined:
    Feb 12, 2013
    Messages:
    25
    Likes Received:
    2
    Home Page:
    Sounds really scary. Anybody else using WP better security?
     
  16. SuaveSalmon

    SuaveSalmon Registered Member

    Joined:
    Feb 8, 2013
    Messages:
    84
    Likes Received:
    16
    I am using bulletproof security at the moment. Seems pretty nice.
    Wordfence is nice, I dont use it, but you can lock out IP's too, and it tells you everything about the person. I dont use it since it isnt stable. But you can set certain lock out points, 3 failed logins, locks our for how many minutes/hours thing.
    Make sure you dont have the main account named admin. If it is, make yourself a new account, promote it to admin, and then lower the admin named account to subscriber level.
    Cloudflare may work, but your site will be down a lot if you use the free one.

    Also, Yoast says this is very secure hosting, as most cloud hosting is http://websynthesis.com/ a tad pricy though. Just keep daily backups no matter what, and keep the old databases on your computer too. Always helpful :)
     
  17. dme17

    dme17 Newbie

    Joined:
    Sep 2, 2011
    Messages:
    20
    Likes Received:
    12
    I always try to secure my sites using the least number of plugins too because less to worry about updating or adding additional potential vulnerabilities. I have tried the most popular ones sine my very first hands free money making site got hacked and ruined because of the hidden links that were added. Now I just do most things manually but still use one or two (every site is a little different) instead.

    If you want a really simple solution why don't you try searching Fiverr for providers who secure Wordpress blogs and message asking them if they use plugins or do things mostly manualy like you'd prefer? Obviously only use someone with lots of positive reviews for this service. Also I'd think it best to use one who doesn't use your site as an example on the sales page. I figure there's got to be some smart alec who would find it funny to take down a "hacker proof" site. Better safe than sorry.