WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
Alot of ODD activity (6 posts)

  1. demoman2k10
    Member
    Posted 1 month ago #

    As of late I'm seeing alot of this in my LiveTraffic Page.

    An unknown location at IP 192.3.111.130 left http://technojunkyard.net/news/ and tried to access non-existent page http://technojunkyard.net/news/register

    /register and /login as well as others.
    Neither of these locations exist on the site.

    Anyone know how to stop or slow this activity down?

    Blocking the IP seem's not to deter them at all either. It is producing an LOAD on the server as well. As I've started getting some notifications that the site has dropped offline.

    Any suggestions would be appreciated.

    https://wordpress.org/plugins/wordfence/

  2. mountainguy2
    Member
    Posted 1 month ago #

    First, try renaming/deleting wp-signup.php, that's a basic security step. Letting random hackers "sign up" is one of the lamest WordPress features imaginable.

    Next, install wSecure Authentication plugin and tweak it.

    It sounds like you might have done this, but I should repeat.

    These are not the only walls of defense, but are a good start. WordPress is flawed when it comes to security. You have to spend time to make up for that.

    Next, put your worst offenders as blocked in .htaccess, once that is done the server load is minimal.

    As another step, install IQ Country Block plugin and on the _Front End_ block all countries that you have no need to show your blog to. On the back end in same plugin, block ALL countries except your location as an admin.

    After you do all that, see if you get things under control. If not, install a blocked bad referrers list in your .htaccess.

    You might also check with your website host and see if they're doing anything to block bad traffic. If not, prepare to be attacked.

    'best, MTN

  3. mountainguy2
    Member
    Posted 1 month ago #

    P.S., note that WordPress admin has nearly nothing to help with this sort of stuff. Flawed junk made by idealistic programmers who are more concerned with the color of the admin background than they are with criminal hackers who could easily be shut down if only the Open Source folks put their attention to it. Let's hope that changes. Soon. MTN

  4. mountainguy2
    Member
    Posted 1 month ago #

    Oh, and install WordFence and see if it works for you. Didn't for me, but whatever, it seems to work for most folks. MTN

  5. demoman2k10
    Member
    Posted 1 month ago #

    Yeah my report came from wordfence. Most of those things already have been done. The renaming is why they are getting a non-existent page. It's all done via AJAX now. And I've got a huge list already in the .htaccess. I've not started blocking countries yet but very near however the worst offenders seem to being coming in without a country showing so obviously are using a proxy service or bouncing thru stuff to arrive.

  6. mountainguy2
    Member
    Posted 1 month ago #

    You can't avoid them hitting your server unless your hosting company has optional blocking at another level. I've found the overhead is minimal from all this once all the blocking techniques are use, though I have had the equivalent of two DDOS attacks due to so many bots, Yandex and other stuff hitting me all at once. When that happened my server company used their security system to install a big list of IP numbers blocked in my root .htaccess. Took a few hours but it worked. After a year or so I deleted the block list as it was slowing down server response time by a few tenths of a second. Basically, this is what WordFence does, only they have a huge IP list they're able to keep current through their crowd sourcing.

    Another thing I do is quite a bit of country IP blocking in an .htaccess file that's in my wp_admin folder. This doesn't affect site speed for visitors, but blocks zillons of bad guys at the server access level so they just get an error.

    Turkey, Russian Federation, Brazil and Ukraine are good ones to block in .htaccess. I sometimes block China as well, but doing so results in thousands of lines added .htaccess and it gets a bit ridiculous.

    BEYOND ALL THAT my understanding is that the best way to deal with these issues is to pay for top-end robust hosting that can handle data storms from bots/hackers, then just harden WordPress without blocking anyone, and do good backups. Much less time involved, site runs faster, and you don't end up with false positives blocking legit readers. This gets expensive real quick.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.