[lug] web site advice needed
georges at mhsoftware.com
Thu Sep 12 09:59:27 MDT 2013
On 9/11/13 8:20 PM, Sean Reifschneider wrote:
> On 09/11/2013 11:59 AM, karl horlen wrote:
>> sure. i always make backups.
> Also, FYI, the sites we've seen get Wordpress exploits weren't ones that
> had been a little lax on security updates, they were locations that hadn't
> done Wordpress updates in years...
I've seen two problems with Wordpress. Updates were not getting done,
and somehow, an attack program was able to modify the template code to
include viagra spam in the pages when they were being crawled by googlebot.
The 2nd I've seen is that there are robots out there actively
brute-forcing wordpress logins. The attacks come simultaneously from
many hosts, and are intense enough that it basically knocks my server
off-line. After I figured out what the problem was, I secured the
wp-login.php page with an IP Address restriction. Another way would have
been to require basic authentication for the page and wp-admin. This
week, I'm seeing 1700 attempts for this hack. If I didn't have the page
secured, I'm sure I would be seeing 10's or 100's of thousands.
If you're running wordpress, you should look at your logs for post
requests to wp-login.php.
MH Software, Inc.
More information about the LUG