1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Wordpress under attack, any advice?

Discussion in 'Content Thieves and other Evil Doers' started by brickharbor, Jan 9, 2018.

    Jan 9, 2018
  1. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    Throughout the day today, someone has been sending 40-60 requests per minute to try and get into my site from 10pm to now 20:46 GMT it's still going on.

    I have the Cerber plugin installed but I don't feel like that's enough, does anyone have any advice on what I could do to make it even harder for whoever it is trying to get in?

    Wordpress under attack, any advice?: Screen Shot 2018-01-09 at 20.47.12.png,Jan 9, 2018
     
  2. Jan 9, 2018
  3. colinsunderland

    colinsunderland Experienced Member webby MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    If thats the only 2 IP's block them in the htaccess file
     
  4. Jan 9, 2018
  5. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    There's been 2669 unique IP's so far!
     
  6. Jan 9, 2018
  7. colinsunderland

    colinsunderland Experienced Member webby MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    Using SSH do something like this

    iptables -I INPUT -p tcp —dport 80 -i eth0 -m state —state NEW -m recent —set
    iptables -I INPUT -p tcp —dport 80 -i eth0 -m state —state NEW -m recent —update —seconds 180 —hitcount 3 -j DROP
    iptables-save >/etc/iptables.up.rules

    Which will drop any connection if the same IP tries 3 times within 3 minutes, it won't stop it completely but should slow them down massively

    Edit : have a look here for more info on it - he uses 10 and 1 minute but principle is the same

    You must register/login in order to see the link.
     
    maxd, Betreels Casino and brickharbor like this.
  8. Jan 9, 2018
  9. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    Thank you! I'll give it a try
     
  10. Jan 9, 2018
  11. Webzcas

    Webzcas Winter is Coming!

    Occupation:
    Webmaster
    Location:
    Block S25, South Stand, Ashton Gate, BS3
    Download and install wordfence. This will do what Colin suggested, but can be configured via the admin panel.
     
  12. Jan 10, 2018
  13. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    I couldn't work out how to do what Colin suggested, just installed Wordfence cheers
     
  14. Jan 10, 2018
  15. colinsunderland

    colinsunderland Experienced Member webby MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    You need SSH access which you probably don't have if its a shared server, sorry I couldn't be more help but I don't use wordpress
     
  16. Jan 10, 2018
  17. dunover

    dunover Unofficial T&C's Editor CAG PABnononaccred PABnonaccred mm3 webmeister

    Occupation:
    International Money Launderer
    Location:
    the bus shelter, opposite GCHQ Benhall
    For a DOS attack it would be pathetic, sounds more like blackhat SEO is being placed on your site. You'll find most is from Russia, or bots they have control of.
     
  18. Jan 10, 2018
  19. colinsunderland

    colinsunderland Experienced Member webby MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    Surely it was a hack attempt, as the target was the login?
     
  20. Jan 10, 2018
  21. lnspin

    lnspin Senior Member webmeister

    Occupation:
    Webmaster - Mygamblinglife.com
    Location:
    WorldWide
    change the wp-login page to something else, then install wordfence and have it insta block anyone who accesses that page
     
  22. Jan 10, 2018
  23. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    Someone who knows more than me had a look and said it was just a script someone is running to hack into the site.

    Yup it looks that way.

    Whitelisted myself and blocked every IP trying to access wp-admin/login/XML etc. Got 1426 lockouts so far and it's still going!

    Why anyone would want to get into my site is completely beyond me, I'm not getting that much traffic or making that much money from it and it's a thin site. Weird.
     
  24. Jan 10, 2018
  25. conker

    conker CM Advisory Group admin - Meister Minions Manager CAG MM webmeister

    Occupation:
    Marketer
    Location:
    UK
    I wouldn't be taking it personally, they are not focused on your website alone. There are a lot of scammers out there trawling the web with bots to find weak and vulnerable wp sites. Typically their aim is to inject their spammy links, cause mischief or add crap content that ranks for 5 minutes.

    We invested in the Premium version of wordfence, about $60 a year and haven't looked back. Even the free version will work wonders.
     

Share This Page