1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress: Constant Hack attempts...need some advise.

Discussion in 'Black Hat SEO' started by Duffers5000, Feb 28, 2013.

  1. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    Like most Wordpress users I have been hacked over the years and have learned some Lessons.

    I have WPBetter Security running on my sites and changed passwords to major difficult level. I have a lockout and ip notification for anyone thats trying to brute there way in. So after three failed attempts I get a notification and an IP to add to the blacklist.

    On one of my sites I am getting hit 5-10 times a day. So someone really wants in. As much as I would like to think I am secure I also know that its only a matter of time so I am looking for suggestions.

    Not that it matters but all the Hits have been coming from Italy, Spain and Argentina.

    Thanks
     
    • Thanks Thanks x 2
  2. mrblackjack

    mrblackjack Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 6, 2011
    Messages:
    959
    Likes Received:
    552
    Occupation:
    I live alone, I work alone, I make money alone
    Location:
    G00gle LaNd
    find out with your hosting provider, if the following mods are installed on the Apache server:
    1. Mod Evasive - useful against DoS / Brute Force attacks
    more info here:
    http://library.linode.com/web-servers/apache/mod-evasive
    2. Mod Security - can monitor the HTTP traffic in real time in order to detect attacks. Useful against Sql injections, etc.
    more info here:
    http://library.linode.com/web-servers/apache/mod-security




    I use both of them with combnation of mod_rewrite to create a set of rules against attackers / spammers.
     
    • Thanks Thanks x 2
  3. MixerDJ

    MixerDJ Regular Member

    Joined:
    Nov 20, 2012
    Messages:
    374
    Likes Received:
    147
    if you are in shared server you will get hacked even if you have good security.There is a method called symlinking.with that one if hacker hack in to server he can read you config file using special commands.so even you have strong pw the can change it
     
    • Thanks Thanks x 3
  4. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    Okay so I am with Hostgator. I have experienced the server side hack, where all my sites where redirected to some Russian Pharma. Hostgator were pretty good at clearing that one up. At the moment its just the one site getting picked at constantly. Its also a good site with a tonne of content so Im not keen on getting hit.
     
  5. marttali

    marttali Junior Member

    Joined:
    Sep 3, 2007
    Messages:
    154
    Likes Received:
    34
    Next time you install wordpress do not leave user "admin", choose something else for "admin" name, makes it a lot harder.
    Do not install wordpress database with the default WP_ as table prefix, instead of "wp" use "gfghuilfs" for example
     
    • Thanks Thanks x 2
  6. audioguy

    audioguy Power Member

    Joined:
    Jun 12, 2010
    Messages:
    609
    Likes Received:
    224
    Location:
    Anywhere in the world building WP sites.
    If you update your WP to the latest version and have secure password (and also other security measures), you don't have to worry.

    Sooner or later they're going to figure out that perhaps their time is better used elsewhere.

    A strong password, even with automatic program that guesses at several blazing speed, still need lifetimes to crack.

    Test your password here:

    http://howsecureismypassword.net/

    I won't input my own password, but a variety of it... and see how long it takes to crack it.
     
    • Thanks Thanks x 1
  7. CISadam

    CISadam Newbie

    Joined:
    Nov 22, 2012
    Messages:
    45
    Likes Received:
    11
    If you don't care about international traffic, you can deny the entire IP range for the countries you're seeing the most attacks from. I use Better WP Security too after getting hacked on a shared-hosting shitshow
     
  8. CISadam

    CISadam Newbie

    Joined:
    Nov 22, 2012
    Messages:
    45
    Likes Received:
    11
    You can also use the wp Salt key to change the way WP stores user cookies and make your site way more secure.
     
    • Thanks Thanks x 1
  9. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    Okay thanks for the suggestions.

    So basically I have a very very long hard and difficult password set up. I am using the latest wp 3.5 and I run better wp security plug in. So you reckon Im ok ?

    Its just the constant hits that are worrying and also the fact they seem to come in groups from the one country. Site has an international interest so bulk blocking country ips is not really an option.
     
  10. infoasian

    infoasian Supreme Member

    Joined:
    May 12, 2011
    Messages:
    1,335
    Likes Received:
    421
    Occupation:
    retired
    Location:
    Singapore
    Home Page:
    My sys-admin configured my server in a way that admin scripts are accessible by one IP, only. That is a static IP of a VPN that only me and my admin have access to. An alternative would be to use own, handmade certificate.
     
    • Thanks Thanks x 1
  11. edgematch

    edgematch Elite Member

    Joined:
    May 24, 2010
    Messages:
    2,538
    Likes Received:
    1,949
    Occupation:
    You can never guess!
    Location:
    :noitacoL
    • Thanks Thanks x 1
  12. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
  13. kasiviswanath

    kasiviswanath Newbie

    Joined:
    Feb 20, 2013
    Messages:
    12
    Likes Received:
    0
    Location:
    bangalore
    Home Page:
    If you update your WP to the latest version and have secure password.
     
  14. ubersaki

    ubersaki Newbie

    Joined:
    Jan 7, 2013
    Messages:
    11
    Likes Received:
    14
    you cant always help it. They can get your info easy if they can symlink the server. not hard to do..
     
  15. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    I'm not surprised that there are server side exploits against blogs but this is the first time for me to find out there is a name for that type of attack.

    The only other thing I would reiterate is to be sure to have reasonable backups as well. Don't always rely on the hosting company.
     
  16. kasheshe

    kasheshe Regular Member

    Joined:
    Oct 7, 2012
    Messages:
    304
    Likes Received:
    135
    Home Page:
    Have you tried wordfence. It cleared my headaches for good. And someone said hostgator can help. my experience with them is excellent too on sites I didn't want to spend too much time on.

    But wordfence, manual installs with changes from default wordpress database names will give you nights that are rather peaceful. There is a free version and a paid version.
     
    • Thanks Thanks x 1
  17. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    Thanks I'll look into that.

     
  18. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,543
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    One of my sites is also under constant attack but so far they have not succeeded.

    I also use hostgator.
    http://support.hostgator.com/categories/pre-sales-policies/security-abuse/


    Then security plugins I use are :

    WORDFENCE
    http://www.wordfence.com/

    http://wordpress.org/extend/plugins/wordfence/


    SECURE-WORDPRESS
    http://www.websitedefender.com/secure-wordpress-plugin/
    http://wordpress.org/extend/plugins/secure-wordpress/

    WORDPRESS SECURITY SCAN
    http://www.websitedefender.com/wordpress-security-scan-plugin/

    http://wordpress.org/extend/plugins/wp-security-scan/


    WEBSITE DEFENDER WORDPRESS SECURITY
    http://www.websitedefender.com/websitedefender-wordpress-security-plugin/
    http://wordpress.org/extend/plugins/websitedefender-wordpress-security/

    ULTIMATE BLOG SECURITY
    http://www.ultimateblogsecurity.com/wordpress-plugin
    http://wordpress.org/extend/plugins/ultimate-security-checker/

    THEME AUTHENTICITY CHECKER
    http://builtbackwards.com/projects/tac/

    http://wordpress.org/extend/plugins/tac/


    I also use w3 total cache in conjunction with cloudfare CDN as cloudflare also offer security features.
    http://www.w3-edge.com/wordpress-plugins/w3-total-cache/
    http://wordpress.org/extend/plugins/w3-total-cache/

    https://support.cloudflare.com/entries/22065108-does-cloudflare-have-a-wordpress-plugin
    https://www.cloudflare.com/features-security

    http://wordpress.org/extend/plugins/cloudflare/

    To manage the database I use :
    CLEAN OPTIONS
    http://www.mittineague.com/dev/co.php
    http://wordpress.org/extend/plugins/clean-options/

    WP DB MANAGER
    http://lesterchan.net/portfolio/programming/php/#wordpress-wp-dbmanager
    http://wordpress.org/extend/plugins/wp-dbmanager/


    WP CLEANUP
    http://boliquan.com/wp-clean-up/
    http://wordpress.org/extend/plugins/wp-clean-up/


    There doesn't seem to be any conflicts with these plugins and they seem to work well together.

    I used to have an interest in hacking and computer security so can tell you that if a professional hacker wants to get in they can and they will eventually as there is no such thing as 100% security.
    The only thing we can do is plug the holes.
    If it is not a professional and just some script kiddie with some tools then they can be blocked and made to think they are wasting their time and eventually they will move on to another target.
     
    • Thanks Thanks x 4
    Last edited: Feb 28, 2013
  19. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,467
    Likes Received:
    7,615
    Cheers man I appreciate the effort you put into that. I take it wordpress security is a passion for you !!

    Using all those plug ins at the same time not slow down your site ?
     
  20. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,543
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    It has a minimal effect on loading speeds but with W3 total cache and cloudflare CDN it doesn't affect it too much.

    Like I said I am also under attack at the moment, the site they are targeting is pretty crap as I haven't done much work to it so they might actually be after another site on the same server.

    The thing is once they have access they can hide and instal anything and just be a pain in the arse or cause more serious problems.

    You don't need to run all they plugins I suggested, just have a look through and see which ones you are comfortable with.

    Also I have heard good things about the following plugins but have not tested them personally so you might want to check them out too.

    http://wordpress.org/extend/plugins/better-wp-security/
    http://wordpress.org/extend/plugins/bulletproof-security/
    http://wordpress.org/extend/plugins/sucuri-scanner/
     
    • Thanks Thanks x 1
    Last edited: Feb 28, 2013