1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Wordpress under attack, any advice?

Discussion in 'Content Thieves and other Evil Doers' started by brickharbor, Jan 9, 2018.

    Jan 9, 2018
  1. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    Throughout the day today, someone has been sending 40-60 requests per minute to try and get into my site from 10pm to now 20:46 GMT it's still going on.

    I have the Cerber plugin installed but I don't feel like that's enough, does anyone have any advice on what I could do to make it even harder for whoever it is trying to get in?

    Wordpress under attack, any advice?: Screen Shot 2018-01-09 at 20.47.12.png,Jan 9, 2018
     
  2. Jan 9, 2018
  3. colinsunderland

    colinsunderland Experienced Member MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    If thats the only 2 IP's block them in the htaccess file
     
  4. Jan 9, 2018
  5. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    There's been 2669 unique IP's so far!
     
  6. Jan 9, 2018
  7. colinsunderland

    colinsunderland Experienced Member MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    Using SSH do something like this

    iptables -I INPUT -p tcp —dport 80 -i eth0 -m state —state NEW -m recent —set
    iptables -I INPUT -p tcp —dport 80 -i eth0 -m state —state NEW -m recent —update —seconds 180 —hitcount 3 -j DROP
    iptables-save >/etc/iptables.up.rules

    Which will drop any connection if the same IP tries 3 times within 3 minutes, it won't stop it completely but should slow them down massively

    Edit : have a look here for more info on it - he uses 10 and 1 minute but principle is the same

    You must register/login in order to see the link.
     
    maxd, Betreels Casino and brickharbor like this.
  8. Jan 9, 2018
  9. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    Thank you! I'll give it a try
     
  10. Jan 9, 2018
  11. Webzcas

    Webzcas Winter is Coming! Staff Member

    Occupation:
    Webmaster
    Location:
    Block S25, South Stand, Ashton Gate, BS3
    Download and install wordfence. This will do what Colin suggested, but can be configured via the admin panel.
     
  12. Jan 10, 2018
  13. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    I couldn't work out how to do what Colin suggested, just installed Wordfence cheers
     
  14. Jan 10, 2018
  15. colinsunderland

    colinsunderland Experienced Member MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    You need SSH access which you probably don't have if its a shared server, sorry I couldn't be more help but I don't use wordpress
     
  16. Jan 10, 2018
  17. dunover

    dunover Unofficial T&C's Editor Staff Member CAG PABnononaccred PABnonaccred PABinit mm3 webmeister

    Occupation:
    International Money Launderer
    Location:
    the bus shelter, opposite GCHQ Benhall
    For a DOS attack it would be pathetic, sounds more like blackhat SEO is being placed on your site. You'll find most is from Russia, or bots they have control of.
     
  18. Jan 10, 2018
  19. colinsunderland

    colinsunderland Experienced Member MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    Surely it was a hack attempt, as the target was the login?
     
  20. Jan 10, 2018
  21. lnspin

    lnspin Senior Member webmeister

    Occupation:
    Webmaster - Mygamblinglife.com
    Location:
    WorldWide
    change the wp-login page to something else, then install wordfence and have it insta block anyone who accesses that page
     
  22. Jan 10, 2018
  23. brickharbor

    brickharbor Full Member webmeister

    Location:
    UK
    Someone who knows more than me had a look and said it was just a script someone is running to hack into the site.

    Yup it looks that way.

    Whitelisted myself and blocked every IP trying to access wp-admin/login/XML etc. Got 1426 lockouts so far and it's still going!

    Why anyone would want to get into my site is completely beyond me, I'm not getting that much traffic or making that much money from it and it's a thin site. Weird.
     
  24. Jan 10, 2018
  25. conker

    conker CM Advisory Group admin - Meister Minions Manager CAG MM webmeister

    Occupation:
    Marketer
    Location:
    UK
    I wouldn't be taking it personally, they are not focused on your website alone. There are a lot of scammers out there trawling the web with bots to find weak and vulnerable wp sites. Typically their aim is to inject their spammy links, cause mischief or add crap content that ranks for 5 minutes.

    We invested in the Premium version of wordfence, about $60 a year and haven't looked back. Even the free version will work wonders.
     
    chayton likes this.
  26. Jun 23, 2018
  27. Webzcas

    Webzcas Winter is Coming! Staff Member

    Occupation:
    Webmaster
    Location:
    Block S25, South Stand, Ashton Gate, BS3
    This thread is a few months old, but nonetheless I am resurrecting. I have just written a write up about Wordfence and what you get from the free version and also the benefits of shelling out $99 a year for the Premium version.

    Seriously, if you generate revenue from a website that you manage and it utilises Wordpress, you need to install the Wordfence plugin.

    Wordfence Security Plugin for Wordpress Powered Websites
     

Share This Page