Wordpress Brute Force Attack

[SolidShellSecur]

We sent an alert out last night to all our clients about this and wondering what everyone thinks about this and how are you protecting your clients from this and have you recommended anything to them as to what to do.

REF:
http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br

 

[easyhostmedia]

further details and instructions to help are available here

http://blog.resellerclub.com/2013/04/12/global-attack-on-wordpress-sites/

 

[eyal_tst]

We:

- change default directory of wp-admin
- user != admin
- use web server authentication

Best

 

[easyhostmedia]

We:

- change default directory of wp-admin
- user != admin
- use web server authentication

Best

yes these are security measures, which will prevent them getting into your installs, but it will not actually stop attacks as people will still try and get into your sites as they are just bothered you have a WP site

 

[bunnykins]

I got an email about this, this morning. I was like wow and I just deleted it because I don't use wordpress at the moment.

 

[HostLeet]

Yes, we sent out a notice to all clients about this issue as well, and advised them how to secure their WP installations. We also forced any WP site using the default username 'admin' to be changed to something else, for all servers. :thumbup:

 

[paradiseweb]

Sent out a notice as well, not too much of a pain since I am still on the small side.

 

[mikho]

Can't see this being any different then usual hacking attempts, it comes and goes the amount of attempts but with a few simple adjustments this can be more secure. Not saying that it won't happen, anything can happen. It will only be more secure.

Some of the things one can do is:
* change the path to wp-admin
* not using admin as login
* long random password
* not enabling "drop database " in mysql for the database user.
* not enabling "drop table" in mysql for the database user.
* backup!
* keep wordpress up2date (including themes and plugins)
* remove plugins and themes not used.
* restrict wordpress user access.


that's only some of the measures one can take.

 

[rowebca]

We sent an alert out last night to all our clients about this and wondering what everyone thinks about this and how are you protecting your clients from this and have you recommended anything to them as to what to do.

REF:
http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br

I really don't trust cloudflare, cloudflare is collecting money from both, the attackers and the victims.

Look here: http://arstechnica.com/security/201...of-service-attack-that-targeted-ars-technica/

 

[bunnykins]

I really don't trust cloudflare, cloudflare is collecting money from both, the attackers and the victims.

Look here: http://arstechnica.com/security/201...of-service-attack-that-targeted-ars-technica/

That makes me worried about using cloudflare. I got cloudflare to reduce spam. It has not reduced it and the other day I got attacked big time by spammers. That might have happened regardless if I had cloudflare or not though.

 

[easyhostmedia]

TwBooter runs behind the CloudFlare

that has 100% NOTHING to do with Cloudflare. It's like you using Cloudflare on your site and then start spamming, the spamming would have nothing to do with Cloudflare, just like if you dont use Cloudflare and start spamming, is it your providers fault because they give you the IP.

also the WP brute force had nothing to do with Cloudflare this was an attack on Wordpress, just that Cloudflare like many others in that they sent out warnings to their clientbase.

 

[bunnykins]

Now that makes since.

 

[easyhostmedia]

More info is available here http://blog.resellerclub.com/2013/04/12/global-attack-on-wordpress-sites/ and if you need a tutorial on how to secure your WP sites then read this http://www.hostingdiscussion.com/we...secure-your-wordpress-website.html#post165901

 

[rowebca]

that has 100% NOTHING to do with Cloudflare. It's like you using Cloudflare on your site and then start spamming, the spamming would have nothing to do with Cloudflare, just like if you don't use Cloudflare and start spamming, is it your providers fault because they give you the IP.

All I am trying to say (I am not blaming CloudFlare) is that if a user is doing spam from my network of course I'll remove the account ASAP. And think if CloudFlare is protecting DDos attacks who will make money from a DDos attack ? Think a little bit....

Imagine how many security companies are making big money from DDos attacks so yes our days DDos is a necessity !!!

It is like when you have a problem , but you are eliminate just the effect not the real cause.

Regards

 

[easyhostmedia]

And think if CloudFlare is protecting DDos attacks who will make money from a DDos attack ?

Cloudflare is not protecting DDos attacks. Any site can have Cloudflare enabled if the server has Cloudflare set up. It is not upto Cloudflare which site enables them.

Also i have cloudflare on our server and on all my sites and it does not cost anything, so how are they making money from charging nothing.

Clouidflare have nothing to do with these attacks on Wordpress, just because you dont like Cloudflare its no good blaming them for attacks on WP.

 

[rowebca]

Clouidflare have nothing to do with these attacks on Wordpress, just because you dont like Cloudflare its no good blaming them for attacks on WP.

In my way of doing a job I never judge something if I like or no, I am sorry if I made you think I don't like CloudFlare. It is just my opinion, nothing else. They are doing money for sure, I am not so naive to believe they are doing all this for free, look at the "business CloudFlare".



Regards

 

[easyhostmedia]

In my way of doing a job I never judge something if I like or no, I am sorry if I made you think I don't like CloudFlare. It is just my opinion, nothing else. They are doing money for sure, I am not so naive to believe they are doing all this for free, look at the "business CloudFlare".



Regards

I have had Cloudflare offered on my servers for several years now and never had a client take their paid option and I think this will most likely be the same with a majority of hosts.

but either way non of the attacks on WP has anything to do with Cloudflare, so lets get this thread back on topic

 

[suppoB]

We sent an alert out last night to all our clients about this and wondering what everyone thinks about this and how are you protecting your clients from this and have you recommended anything to them as to what to do.

REF:
http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br

I came across a professional answer (the details can be found here <URL snipped>) which iPage provided for its clients regarding the WordPress "Brute Force" Attack.

I must say that every respecting hosting company should provide their clients with detailed information in case some global issues can influence the sites' stability. I guess iPage did their best and informed all the customers beforehand.

 

[easyhostmedia]

I came across a professional answer (the details can be found here <URL snipped>) which iPage provided for its clients regarding the WordPress "Brute Force" Attack.

I must say that every respecting hosting company should provide their clients with detailed information in case some global issues can influence the sites' stability. I guess iPage did their best and informed all the customers beforehand.

But all that is just information about the attach, which many host have provided clients. we with the help of others have placed on our own KB a step by step guide to securing any WP install

 

[storminternet]

Here you go for Hardening WordPress