Has Anyone Seen Any Increase In WP Hijacking Attempts?
Hi,
Has anyone seen any increase in hijacking attempts of their WP installations from St.Petersburg, Russia?
It seems this guy is using the typical Admin brute force password gen.
He doesn't even care to change his IP address even after 16 attempts in a span of 2 hours. This IP address is a static IP and not from an ISP user, therefore could be a bot script he started to use for selected sites.
I have checked that this IP range was blacklisted for spam in only 2 out of 75 spamhaus database. This is negligible, therefore has been reserved for quite a while and had just been released.
The owner of this full IP range is from Lublin, Poland for a dedicated server he placed in St.Peterburg, Russia. I have yet to decide whether to pursue this matter further. Waiting for another wave of attempts in 24 hours.
So, please be aware, just in case it is the start of a new wave of hijacking attempts to weak WP installations.
My advice is never use username Admin for your WP admin role because this would always be the INITIAL ATTEMPT. Use some other usernames. This would be your first line of defence against hijacking attempts.
The next attempt would be SQL injection to see PHP and SQL error. Therefore, do not use WP as the prefix for your database tables. Use something else and obscure.
This WF blog could be useful for a start-up knowledge in protecting your WP installations.
Have a nice weekend.
Has anyone seen any increase in hijacking attempts of their WP installations from St.Petersburg, Russia?
It seems this guy is using the typical Admin brute force password gen.
He doesn't even care to change his IP address even after 16 attempts in a span of 2 hours. This IP address is a static IP and not from an ISP user, therefore could be a bot script he started to use for selected sites.
I have checked that this IP range was blacklisted for spam in only 2 out of 75 spamhaus database. This is negligible, therefore has been reserved for quite a while and had just been released.
The owner of this full IP range is from Lublin, Poland for a dedicated server he placed in St.Peterburg, Russia. I have yet to decide whether to pursue this matter further. Waiting for another wave of attempts in 24 hours.
So, please be aware, just in case it is the start of a new wave of hijacking attempts to weak WP installations.
My advice is never use username Admin for your WP admin role because this would always be the INITIAL ATTEMPT. Use some other usernames. This would be your first line of defence against hijacking attempts.
The next attempt would be SQL injection to see PHP and SQL error. Therefore, do not use WP as the prefix for your database tables. Use something else and obscure.
This WF blog could be useful for a start-up knowledge in protecting your WP installations.
Have a nice weekend.
Read my Blog: DigitalDeepak.com
@ Bangalore, India.
We help businesses manage cyber risk and compliance requirements.
We help businesses manage cyber risk and compliance requirements.