topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 1:05 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Wordpress and Hackers  (Read 15191 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Wordpress and Hackers
« on: August 20, 2014, 02:44 PM »
So, since I started really securing my sites... I don't know what to do with the data.

Evil doers (presumably) are getting locked out quite frequently.  I get the data on where and who they are.  But... what do I do with that data?  And is it even worth it?  I've been hacked once, on one domain.  And yes, it was annoying.  But a quick restore, and I was back up and running.

Reporting all of these idiots seems like more trouble than that.

One example... and I'm not redacting anything, because I'm just pissed like that...

Spoiler
This is the full research report for 95.132.113.5, which is an IP address.

Whois Server
whois.ripe.net
Status
ALLOCATED
Contact Email

Registrant
UKRTELNET-ADSL
UKRAINE

Administrative Contact
Remiga Alexander
JSC UKRTELECOM
18, Shevchenko blvd, Ukraine, Kiev
Telephone: 380 44 2881072

Technical Contact
Remiga Alexander
JSC UKRTELECOM
18, Shevchenko blvd, Ukraine, Kiev
Telephone: 380 44 2881072


Why would anyone even *want* to try to hack my site that I barely update?

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Wordpress and Hackers
« Reply #1 on: August 20, 2014, 06:46 PM »
Why would anyone even *want* to try to hack my site that I barely update?
To insert malware-installation code in the site, of course.
vi vi vi - editor of the beast

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #2 on: August 20, 2014, 07:23 PM »
Perhaps there's portions of the following that might be applicable?

  The Scrap Value of a Hacked PC, Revisited

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Wordpress and Hackers
« Reply #3 on: August 20, 2014, 08:21 PM »
^ A much better, more complete answer than the tiny insignificant portion of it I noted.  :P
vi vi vi - editor of the beast

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #4 on: August 20, 2014, 09:53 PM »
... but both of you are concentrating on the throwaway comment rather than the question?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Wordpress and Hackers
« Reply #5 on: August 20, 2014, 10:01 PM »
I've noticed a couple spikes in attacks lately. Lots of brute force attacks - useless - I don't even know my passwords - they're just insanely long.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #6 on: August 20, 2014, 10:21 PM »
... but both of you are concentrating on the throwaway comment rather than the question?

Opinions similar to "not worth the trouble" are what I'm familiar with (though from experiences that are perhaps outdated) -- no good ideas regarding what the situation is like these days.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #7 on: August 21, 2014, 03:14 AM »
Have you considered the idea that they don't want to attack you? And that they don't have any idea that they are doing it? That they could be the victim of malware?

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Wordpress and Hackers
« Reply #8 on: August 21, 2014, 05:29 AM »
You could try to pull the relevant "responsible" entities by IP and/or domain and send a report to the abuse address, but my experience is that nothing will happen. So it really depends on how valuable you rate your time and how annoyed you get.

And that they don't have any idea that they are doing it?

Entirely possible, either through an infection on the attacker's box or through trying out a new malware construction set and turning it loose.
vi vi vi - editor of the beast

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #9 on: August 21, 2014, 06:09 AM »
Have you considered the idea that they don't want to attack you? And that they don't have any idea that they are doing it? That they could be the victim of malware?

It's possible.  But since all of the attacks originate from the same general area (the Ukraine), but not the same IP... is that likely?

You could try to pull the relevant "responsible" entities by IP and/or domain and send a report to the abuse address, but my experience is that nothing will happen. So it really depends on how valuable you rate your time and how annoyed you get.


This is what I figured the answer would be.  I also feel like taking that route would be being 'part of the problem', i.e. no one reports... so what's the reporting system good for.  I've just not reported anyone in a while... so didn't know if the abuse reports had gotten any better in resolution.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #10 on: August 21, 2014, 04:56 PM »
I wonder if it's even legit.  When I registered my domain I spent a couple of extra bucks to generate dummy whois info.  Probably a waste of $2 but I thought I might get phone calls if my home info came up.

Looking up favessoft.com it shows it registered to
Julius Caesar, LLC

I wouldn't waste anymore of your time on it.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #11 on: August 21, 2014, 05:22 PM »
They actually got through enough to sort of screw things up.  I fixed it easy enough... but I did some more securing and moved the root of the wp site... it's inconvenient, but it should secure it a bit more.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #12 on: August 21, 2014, 05:47 PM »
For something with that level of exposure, I'd rename the admin account to something that was meaningful only to me. Then to be a total ass I'd create a bogus (HoneyPot) account with the default admin name that triggered an event to log as much information about said visitor as a browser session allows.

...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page... :D

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #13 on: August 21, 2014, 07:38 PM »
It's not just renamed, it's deleted.  I always make my account first as an admin, then delete the admin account.

But that last part is inspired... :)

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #14 on: August 22, 2014, 06:05 AM »
WordPress is known for its random security issues, but so are all larger web projects I know.

"Secure" your WP by renaming your wp-content folder and removing meta info from the log-in. I guess that already helps a lot.
And don't use too many plug-ins without having checked their code.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #15 on: August 23, 2014, 01:13 PM »
What Tuxman said is true.
It is a target because of its wide use, already mentioned stuff for example there are tools that change wp-login to something else, limit login attempts, disallow php execution in some directories. All will help but it will never be 100%, of course.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #16 on: August 23, 2014, 06:02 PM »
...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page...

Are you kidding? I don't allow any more than 2 failed attempts in an hour before I block the IP.



By the way, anyone wanting their Wordpress site secured the right way and don't really have a clue how to do it, contact me to discuss it.

It will take me about 3-5 hours of work, total time.  I'll give you more and charge you less than anyone else on the internet.

My website isn't quite finished (still needs FAQ & About page), but I have hung up my shingle for it, complete with testimonials from some familiar faces.  :)



« Last Edit: March 15, 2019, 10:57 PM by app103, Reason: removed link to old site that no longer exists »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #17 on: August 23, 2014, 06:20 PM »
...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page...

Are you kidding? I don't allow any more than 2 failed attempts in an hour before I block the IP.


No - for an environment that is actually user friendly - I'm not. The average user that forgot their password will typically try between 3 and 5 passwords a minute. The typical automated attack will try between 2 and 5 times a second. So yes, erring on the side of caution so as not to risk piss of customers/clients/visitors ... I'd say 10 tries in a minute ensures their is indeed some funny business going on.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #18 on: August 23, 2014, 06:23 PM »
Are you kidding? I don't allow any more than 2 failed attempts in an hour before I block the IP.



By the way, anyone wanting their Wordpress site secured the right way and don't really have a clue how to do it, contact me to discuss it.

It will take me about 3-5 hours of work, total time.  I'll give you more and charge you less than anyone else on the internet.

My website isn't quite finished (still needs FAQ & About page), but I have hung up my shingle for it, complete with testimonials from some familiar faces.  :)





Didn't know about this, very cool app  :)

Spoiler
Expect tweets and stuff about it :D

« Last Edit: March 15, 2019, 10:58 PM by app103 »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #19 on: August 23, 2014, 09:47 PM »
Didn't know about this, very cool app  :)

Thank you.  :)

It was a spinoff from an idea that mouser had, that didn't quite get off the ground, where I was going to team up with another DC member, to offer managed hosting of secured Wordpress sites. They would have handled all the server/hosting related stuff and I would have handled all the Wordpress setup and maintenance stuff, among other things.

Since it didn't pan out as expected, I decided to take my part of it and offer it to the public, without the hosting portion. I kind of put it all on the back burner shortly after setting up that site, when I landed a fantastic long term freelance job that takes up a large chunk of my free time. (so don't promote it too heavily, please)
« Last Edit: August 23, 2014, 10:05 PM by app103 »

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #20 on: August 24, 2014, 12:14 AM »
Understood :)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Wordpress and Hackers
« Reply #21 on: August 24, 2014, 11:21 AM »
And don't use too many plug-ins without having checked their code.

While this is 110% solid advice, it's really hard for most people to do this. Very few people, and even few programmers, are qualified to actually determine security vulnerabilities. It's not easy.

Could I do it? Yes. How long would it take me? FOREVER!

I understand enough to track down issues. But I'll never actually do it because it's simply far too time consuming.

There's the actual code itself, which is relatively simple to check for things like SQL injection, etc.

Then there's the checking of the actual PHP methods, and so on down the line. NIGHTMARE!!!

My rule of thumb here is to use only commonly used plug-ins with a record of security. I have to blindly trust them because checking is too expensive for me.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #22 on: August 24, 2014, 11:46 AM »
My rule of thumb here is to use only commonly used plug-ins with a record of security. I have to blindly trust them because checking is too expensive for me.

I usually try to replace plug-ins by simple functions.php snippets around twice a year. Works well. I know it sounds a bit harsh, but if you don't understand PHP, you shouldn't install WordPress. Better use the wordpress.com hosting service.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #23 on: August 24, 2014, 12:00 PM »
My rule of thumb here is to use only commonly used plug-ins with a record of security. I have to blindly trust them because checking is too expensive for me.

I usually try to replace plug-ins by simple functions.php snippets around twice a year. Works well. I know it sounds a bit harsh, but if you don't understand PHP, you shouldn't install WordPress. Better use the wordpress.com hosting service.

That's not going to auto-magically protect someone from installing a defectoid plugin, or guarantee security. It might get you updates a little faster...but until a need for said update is known, you're still going to be just as exposed as any other vanilla install.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Wordpress and Hackers
« Reply #24 on: August 24, 2014, 12:02 PM »
Wordpress.com didn't let you install custom plug-ins last time I checked.