[Ipg-smz] wordpress attack
VM Brasseur
vmb at vmbrasseur.com
Fri Oct 26 15:15:24 UTC 2018
About a year ago I installed the Wordfence plugin on my sites:
https://www.wordfence.com/
So far I've only been using the free version and have been *very* happy with it. Not only does it automatically block a lot of stuff, I can also ban login attempts using certain usernames.
(using this in addition to Tom's suggestions should take care of most/all attacks)
--V
> On 26 Oct 2018, at 08:05, Tom Henderson <thenderson at extremelabs.com> wrote:
>
> Greetings Guilders,
>
> One of my honeypot sites has been under attack for a week. I've written this up, but it'll be a while before it sees the light of HTML.
>
> Here's a quick warning for Wordpress users: don't use an administrator that has the word admin in its name. Over 400 different IPs have been using variations on that name, then a dictionary attack until the site times out in failures. Create an administrator user with a tough to guess name, peppered with characters. Then delete the admin user that's there by default. Once they start, they do not relent, and complaints to ISPs in Laos and Albania go unanswered-- two of eleven ISPs infected with this botnet.
>
> Crawlers also look for the names of posters, and I suspect that an attack of individual $poster_name is next. It's methodical, and fun to watch.
>
> Summary: no "admin" string in your administrative logon name; do not let that administrative user post anything so that its name is unknown to crawlers.
>
> Tom
>
> --
> Tom Henderson
> ExtremeLabs, Inc.
> +1 317 250 4646
> Twitter: @extremelabs
> Skype: extremelabsinc
>
>
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
More information about the Ipg-smz
mailing list