[Ipg-smz] wordpress attack
Christine Hall
christine at fossforce.com
Fri Oct 26 15:33:37 UTC 2018
Same here, Tom. I've had one of my sites on "I'm under attack" mode in
CloudFlare for about two weeks now.
Also use a good security plugin such as WordFence and set it to enforce
a timeout of 15 to 20 minutes for any login attempt that fails 3 to 5
times. This reduces the effectiveness of brute force attacks down to
about zero.
Christine Hall
Publisher & Editor
FOSS Force: Keeping tech free
http://fossforce.com
On 10/26/18 11:05 AM, Tom Henderson wrote:
> Greetings Guilders,
>
> One of my honeypot sites has been under attack for a week. I've written
> this up, but it'll be a while before it sees the light of HTML.
>
> Here's a quick warning for Wordpress users: don't use an administrator
> that has the word admin in its name. Over 400 different IPs have been
> using variations on that name, then a dictionary attack until the site
> times out in failures. Create an administrator user with a tough to
> guess name, peppered with characters. Then delete the admin user that's
> there by default. Once they start, they do not relent, and complaints to
> ISPs in Laos and Albania go unanswered-- two of eleven ISPs infected
> with this botnet.
>
> Crawlers also look for the names of posters, and I suspect that an
> attack of individual $poster_name is next. It's methodical, and fun to
> watch.
>
> Summary: no "admin" string in your administrative logon name; do not let
> that administrative user post anything so that its name is unknown to
> crawlers.
>
> Tom
>
More information about the Ipg-smz
mailing list