[lug] web site advice needed

George S. georges at mhsoftware.com
Thu Sep 12 09:59:27 MDT 2013

On 9/11/13 8:20 PM, Sean Reifschneider wrote:
> On 09/11/2013 11:59 AM, karl horlen wrote:
>> sure.  i always make backups.
> Also, FYI, the sites we've seen get Wordpress exploits weren't ones that
> had been a little lax on security updates, they were locations that hadn't
> done Wordpress updates in years...

I've seen two problems with Wordpress. Updates were not getting done, 
and somehow, an attack program was able to modify the template code to 
include viagra spam in the pages when they were being crawled by googlebot.

The 2nd I've seen is that there are robots out there actively 
brute-forcing wordpress logins. The attacks come simultaneously from 
many hosts, and are intense enough that it basically knocks my server 
off-line. After I figured out what the problem was, I secured the 
wp-login.php page with an IP Address restriction. Another way would have 
been to require basic authentication for the page and wp-admin. This 
week, I'm seeing 1700 attempts for this hack.  If I didn't have the page 
secured, I'm sure I would be seeing 10's or 100's of thousands.

If you're running wordpress, you should look at your logs for post 
requests to wp-login.php.

George Sexton
MH Software, Inc.
303 438-9585

More information about the LUG mailing list