Daniel Cid
Forum Replies Created
-
@rogerwyopipeline: Mind double checking if things are working now?
Awesome!
There is a difference between injected spam and deep-hidden spam/phishing/backdoors. Those are not accessible by the remote scanner and won’t be flagged.
Plus, the plugin is free and open source, so patches are always welcome to make it better.
thanks,
Yes, that’s likely a good idea. Don’t think this error would come from our plugin, but might be good to try. At least you will know it is not it.
thanks,
If you have a captcha on wp-login, it means the attackers are using xmlrpc for the brute force. More details here:
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
You can disable xmlrpc or maybe try to add some protection before your login / xmlrpc pages. Our paid WAF (CloudProxy) does that, but you can try ModSecurity + OSSEC as well and go with the full open source route.
thanks,
You probably misunderstood what the plugin does.
1-It does not protect your site against attacks.
2-It does not detect backdoors or deep-hidden spam injections or phishing.
3-It does not make up for other bad security choices you made (like keeping WordPress outdated).
Basically, all the plugin does is complement your security posture and give visibility to what is happening inside the WordPress core (via the audit logs). The malware scanner is tied to sitecheck (sitecheck.sucuri.net) and all it does is an external scan:
https://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html
Hope it clarifies.
It might be easier to go to:
And scan the site directly from there. If your site has malware, it may try to break / block our plugin from running locally.
thanks,
It seems like a coincidence that it happened after the plugin install. It could be your site was just “discovered” by bots and they started attacking it or something else is going on.
It might be good to check what else happened around the same time you installed the plugin and if any other work was done there.
thanks,
Forum: Plugins
In reply to: Website Firewall like SucuriWe use our own product to protect our sites:
https://sucuri.net/website-firewall/
A cloud-based WAF (Website Firewall) that can be easily deployed on any site. Hope it helps.
thanks!
That’s great to hear. Do you know how they got in? Did you had a weak password or an outdated plugin?
thanks,
Thanks for sending it over. We are getting it fixed for the the next version.
Likely via xmlrpc. That’s where most brute force attempts are happening lately:
https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
thanks!
We are seeing a big wave of brute force attacks lately. We even shared some stats here about it:
https://sucuri.net/security-reports/brute-force/
Best way is to restrict access to wp-login/xmlrpc only to white listed IP addresses or add some captcha in front of it. If you use a WAF/Website firewall, it should address those for you as well.
thanks!
Is there anything on your error log files that you can paste to us?
Hopefully that will give us a clue on what is going on.
thanks,
It should be all fixed now.
The cert expired last night, but we fixed it this morning. I apologize for the trouble.
thanks!