The Huge attack on WordPress sites

by bob100
13 replies
I have been getting emails in an attempt at marketing wordpress plugins to alleviate a supposed huge wordpress attack happening.

link here: Huge attack on WordPress sites could spawn never-before-seen super botnet | Ars Technica

if you are doing it right in the first place your wordpress based sites will not be subject to this attack.

It is based on people who make their default admin login name "admin"

I have for years been changing my admin name to a word and number combination.

if you want to do this in very basic form make it admin95 or similar.

The marketing emails speak of a cheap plugin to stop such an attack. They say even if you have changed your admin login name you are still subject to huge bandwidth loss due to this. I don't see this as much of an issue because every server I got and every wordpress based site I got has always been subject to these sorts of attacks day in and day out. On my servers I just use IP TABLES and block every other country except the USA based IP address range. This won't work for some people who cant do this at the server level or who want traffic from other countries.

I have worked with a programmer to modify and help develop a totally free plugin that can combat repeated admin login attempts.

It is called ecSTATic. The part I participated in developing was the email stats it sends out every day. This program does mainly stats but it also has security functions built in.

Direct link: WordPress › ecSTATic « WordPress Plugins

In your plugin install section simply enter the word ecSTATic in the search box and you can automatically install it. One word of warning, it comes with firefox pre-fetch blocking enabled. This has caused me problems in the past and this is enabled by default, I suggest you disable it from the start in the settings section.

This program when properly setup can and will block repeated login attempts.

I like it because it emails me my website stats every day automatically.

I have no affiliation with this plugin and it is totally free with no upgraded paid version. I even tried to convince the programmer to develop a paid version and allow me to market it for him and he laughed me off. He makes his $$ other ways and is just not interested in the problems that come with such a money making effort due to support issues.

So this plugin is totally free and it rocks.

Hope if you need it and use it, it helps you.

Enjoy.

Bob
#attack #huge #sites #wordpress
  • Profile picture of the author Michael71
    Actually one of my blogs is under an attack.

    But I only get mails from Wordfence plugin that IP's were blocked

    Example:

    Code:
    A user with IP address xx.xx.xx.xx has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username to try to sign in.
    User IP: xx.xx.xx.xx
    Running also mod_evasive my server is still sleeping... 0.25 load
    Signature

    HTML/CSS/jQuery/ZURB Foundation/Twitter Bootstrap/Wordpress/Frontend Performance Optimizing
    ---
    Need HTML/CSS help? Skype: microcosmic - Test Your Responsive Design - InternetCookies.eu

    {{ DiscussionBoard.errors[8017308].message }}
  • Profile picture of the author timpears
    Hope this work like you say it does. Thanks.
    Signature

    Tim Pears

    {{ DiscussionBoard.errors[8017720].message }}
  • Profile picture of the author Jr180180
    Wow! Very interesting. This plugin has a TON of great features! Adding this one to the arsenal. Thank you for posting this.
    Signature

    Sharing the love!

    Easy-to-Install Wordpress Plugin - SMS Points System
    Get started on DigitalOcean with DOCasts!

    {{ DiscussionBoard.errors[8018157].message }}
  • Profile picture of the author SteveSRS
    wordpress + wordfence + well configured server (nginx +csf) does the trick for me.. (and of course cleaning up WP a bit on the obvious stuff)..

    I agree with OP the tactics on selling that particular paid plugin are on the border to state it nicely but I'll bet they did sell a whole bunch
    {{ DiscussionBoard.errors[8022307].message }}
  • Profile picture of the author dids
    it just encouraged me to have a massive cleanup on my servers. need to remember to keep ontop of things
    {{ DiscussionBoard.errors[8022387].message }}
  • Profile picture of the author so11
    the admin attack is one of thousands out there...

    there is XSS, SQL injections, authentication and session management, insecure reference, cross-site forgery, invalidated inputs... these are just most common ones that can bring your site down, get your info stolen, or get defaced.

    What do you do to combat them? Do you install a plugin to cover each of them?
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[8022464].message }}
    • Profile picture of the author saxatwork
      Originally Posted by so11 View Post

      the admin attack is one of thousands out there...

      there is XSS, SQL injections, authentication and session management, insecure reference, cross-site forgery, invalidated inputs... these are just most common ones that can bring your site down, get your info stolen, or get defaced.

      What do you do to combat them? Do you install a plugin to cover each of them?
      I think there is yet a plugin which is designed to combat most of such attacks due to their varied nature. Besides, many of these can't be fixed just by using plugins. Some of these are server level issues, and some could be with inherent issues with the wordpress core itself like it is with any other application.

      If someone would develop such a fix-all plugin, I hope they call it "the jinx".

      The best bet right now would be to make sure that you are all updated (wordpress, installed plugins and themes) to the latest Wordpress core (3.5.1) and compatible. Read somewhere today that only about "30.5%" of the wordpress installations available all over the world are updated to the latest. Which means the rest are still vulnerable and available for "the picking".
      Signature

      "Be Still Like A Mountain And Flow Like A Great River"

      {{ DiscussionBoard.errors[8026105].message }}
      • Profile picture of the author so11
        Originally Posted by saxatwork View Post

        I think there is yet a plugin which is designed to combat most of such attacks due to their varied nature. Besides, many of these can't be fixed just by using plugins. Some of these are server level issues, and some could be with inherent issues with the wordpress core itself like it is with any other application.

        If someone would develop such a fix-all plugin, I hope they call it "the jinx".

        The best bet right now would be to make sure that you are all updated (wordpress, installed plugins and themes) to the latest Wordpress core (3.5.1) and compatible. Read somewhere today that only about "30.5%" of the wordpress installations available all over the world are updated to the latest. Which means the rest are still vulnerable and available for "the picking".
        I agree with you... my question was completely rhetorical. The point I was trying to make is that it is important to understand what issue you are trying to address and only then install plugins or make configurations.

        And as there are no such plugin that can fix everything, it is important to adopt good security practices and assess your security configurations to identify potential issues...This is the only way you can really know what should be done to be secure...

        Signature
        www.groupesoloviev.com
        We help businesses manage cyber risk and compliance requirements.
        {{ DiscussionBoard.errors[8027689].message }}
  • Profile picture of the author Matt Kendo
    how do you change the default login name if you accidently left it as admin when you first started the site?
    {{ DiscussionBoard.errors[8026052].message }}
    • Profile picture of the author saxatwork
      Originally Posted by Matt Kendo View Post

      how do you change the default login name if you accidently left it as admin when you first started the site?
      One of two things, unless someone can tell me a third...

      1) If you are handy with your database (phpmyadmin), access your wordpress tables, look for the wp_users table, edit the row where the username is "admin", and change it to whatever you want. Don't change anything else.

      -- OR --

      2) Login as admin to your site, create a new user, give it Admin privileges and delete the old one.

      I'd say the second one is easier for most people.
      Signature

      "Be Still Like A Mountain And Flow Like A Great River"

      {{ DiscussionBoard.errors[8026085].message }}
      • Profile picture of the author RobinInTexas
        Originally Posted by saxatwork View Post

        One of two things, unless someone can tell me a third...

        1) If you are handy with your database (phpmyadmin), access your wordpress tables, look for the wp_users table, edit the row where the username is "admin", and change it to whatever you want. Don't change anything else.

        -- OR --

        2) Login as admin to your site, create a new user, give it Admin privileges and delete the old one.

        I'd say the second one is easier for most people.
        The second way is preferred, an the original admin is user 1 which is a slight vulnerability.
        Signature

        Robin



        ...Even if you're on the right track, you'll get run over if you just set there.
        {{ DiscussionBoard.errors[8028845].message }}
  • Profile picture of the author RobinInTexas
    I've been installing Wordfence and it has settings that you can tell it to
    1. ignore an ip... mine (you can list several)
    2. block any other ip after X failed login attempts and I set X at one

    If you have several people logging in that might be a problem or you might raise the threshold higher than one.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8029756].message }}

Trending Topics