Web bots attacking

Advertise with us
Shop deals on ebay
shop deals on amazon
Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
E

EmptyNest

Well-known member
Joined
May 22, 2008
Messages
8,741
Reaction score
1
If you use wordpress for your site you may want to consider this plug in: BruteProtect.
Web bots have been attacking many of my sites today and they are running so slow for editing I could scream!! My hosting company told me one of my sites has had over 5000 log in attempts in the past hour!!!
Of course, strong new passwords should be used. Do not use admin as your log in...that is particularly vulnerable.
 
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it.
 
Madeleine said:
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it..
Click to expand...
exactly where has google published your log in info?
 
EmptyNest said:
Madeleine said:
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it..
Click to expand...
exactly where has google published your log in info?
.
Click to expand...
EmptyNest said:
exactly where has google published your log in info?
Click to expand...
I sent you an email...
 
I'm using "Better WP Security" that Swirt recently recommended. It locks out IP addresses that have too many failed log in attempts and has blocked a LOT in the last few days. It has a lot of settings I don't understand, though. One thing I did in its settings changed all my page names without me realizing it until someone told me none of my menus and links were working.
I changed that setting back to where I used to have it and the menus worked again. So I've learned not to tinker with things I don't understand!
 
Arkansawyer said:
I'm using "Better WP Security" that Swirt recently recommended. It locks out IP addresses that have too many failed log in attempts and has blocked a LOT in the last few days. It has a lot of settings I don't understand, though. One thing I did in its settings changed all my page names without me realizing it until someone told me none of my menus and links were working.
I changed that setting back to where I used to have it and the menus worked again. So I've learned not to tinker with things I don't understand!.
Click to expand...
With this one you don't have to do anything. You just get a free API code and it is done. It puts an arithmetic problem on the log in screen...sort of like on this site to prove your are human. It may do something else but my hosting company told me to install it on several test sites so they can see if it actually helps. We'll see.
 
Madeleine said:
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it..
Click to expand...
As long as you have a very strong password you don't have to worry much about a bot figuring out the password by brute force (repeated guessing). Also nearly every bot out there goes after accounts named 'admin' and aren't smart enough to detect any other usernames.
My best guess as far as Google publishing your log in info is your WordPress theme has author pages enabled? Usually by default the URL for the author page would include your username and the page would have some basic user info on the page.
 
DH22 said:
Madeleine said:
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it..
Click to expand...
As long as you have a very strong password you don't have to worry much about a bot figuring out the password by brute force (repeated guessing). Also nearly every bot out there goes after accounts named 'admin' and aren't smart enough to detect any other usernames.
My best guess as far as Google publishing your log in info is your WordPress theme has author pages enabled? Usually by default the URL for the author page would include your username and the page would have some basic user info on the page.
.
Click to expand...
That is just what I said. Don't use admin as a log in.
For some more details check this site: http://www.wptavern.com/bruteprotect-protecting-against-brute-force-attacks
 
DH22 said:
Madeleine said:
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it..
Click to expand...
As long as you have a very strong password you don't have to worry much about a bot figuring out the password by brute force (repeated guessing). Also nearly every bot out there goes after accounts named 'admin' and aren't smart enough to detect any other usernames.
My best guess as far as Google publishing your log in info is your WordPress theme has author pages enabled? Usually by default the URL for the author page would include your username and the page would have some basic user info on the page.
.
Click to expand...
How do I disable that?
 
Madeleine said:
DH22 said:
Madeleine said:
So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it..
Click to expand...
As long as you have a very strong password you don't have to worry much about a bot figuring out the password by brute force (repeated guessing). Also nearly every bot out there goes after accounts named 'admin' and aren't smart enough to detect any other usernames.
My best guess as far as Google publishing your log in info is your WordPress theme has author pages enabled? Usually by default the URL for the author page would include your username and the page would have some basic user info on the page.
.
Click to expand...
How do I disable that?
.
Click to expand...
Read this...maybe it will tell you has to do with permalinks I think. I have not seen anything like that in your theme. I will check another site using it and see if I can find anything.
http://codex.wordpress.org/Author_Templates
 
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more.
 
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it. IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.
Oh Computer Wise Ones, will I be OK with an uninstall/re-install?
 
gillumhouse said:
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it. IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.
Oh Computer Wise Ones, will I be OK with an uninstall/re-install?
.
Click to expand...
Removing chrome won't have any effect on your computer files...you will probably just lose your bookmarks etc. But back them up and then import them back in when your re-install it.
And I ask..do you have all your computer files backed up somewhere other than on your computer. If you do there is no problems. I just did a total back up of everything on my system yesterday. No big deal you just have to do it.
Do you have anti virus / anti malware etc on your computer? I certainly hope so.
 
EmptyNest said:
gillumhouse said:
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it. IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.
Oh Computer Wise Ones, will I be OK with an uninstall/re-install?
.
Click to expand...
Removing chrome won't have any effect on your computer files...you will probably just lose your bookmarks etc. But back them up and then import them back in when your re-install it.
And I ask..do you have all your computer files backed up somewhere other than on your computer. If you do there is no problems. I just did a total back up of everything on my system yesterday. No big deal you just have to do it.
Do you have anti virus / anti malware etc on your computer? I certainly hope so.
.
Click to expand...
I have Carbonite backing everything up daily I spent enough years in IT to know always back up. (My years were on mainframe, not PC and have been away from it for 20 years so am WAY out of date.)
I have Microsoft Security Essentials taking care of the virus/malware issues I hope. In today's world I think hope is all you have. I think the BIG RED BOX is a look-alike thing and not the real magilla from SE. When I get back from Kenova (have a consulting gig) Tuesday I will call Kevin to do the uninstall/re-install.
 
gillumhouse said:
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it. IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.
Oh Computer Wise Ones, will I be OK with an uninstall/re-install?
.
Click to expand...
Generally speaking, uninstalling a program like Chrome won't delete the bookmarks you have saved. They will be there when you do the reinstall.
Not sure what other files you would have that would use Chrome other than bookmarks.
 
gillumhouse said:
EmptyNest said:
gillumhouse said:
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it. IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.
Oh Computer Wise Ones, will I be OK with an uninstall/re-install?
.
Click to expand...
Removing chrome won't have any effect on your computer files...you will probably just lose your bookmarks etc. But back them up and then import them back in when your re-install it.
And I ask..do you have all your computer files backed up somewhere other than on your computer. If you do there is no problems. I just did a total back up of everything on my system yesterday. No big deal you just have to do it.
Do you have anti virus / anti malware etc on your computer? I certainly hope so.
.
Click to expand...
I have Carbonite backing everything up daily I spent enough years in IT to know always back up. (My years were on mainframe, not PC and have been away from it for 20 years so am WAY out of date.)
I have Microsoft Security Essentials taking care of the virus/malware issues I hope. In today's world I think hope is all you have. I think the BIG RED BOX is a look-alike thing and not the real magilla from SE. When I get back from Kenova (have a consulting gig) Tuesday I will call Kevin to do the uninstall/re-install.
.
Click to expand...
I would never just depend on microsoft products. I use Norton Internet Security and Advance System Care / Malware
 
EmptyNest said:
gillumhouse said:
EmptyNest said:
gillumhouse said:
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it. IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.
Oh Computer Wise Ones, will I be OK with an uninstall/re-install?
.
Click to expand...
Removing chrome won't have any effect on your computer files...you will probably just lose your bookmarks etc. But back them up and then import them back in when your re-install it.
And I ask..do you have all your computer files backed up somewhere other than on your computer. If you do there is no problems. I just did a total back up of everything on my system yesterday. No big deal you just have to do it.
Do you have anti virus / anti malware etc on your computer? I certainly hope so.
.
Click to expand...
I have Carbonite backing everything up daily I spent enough years in IT to know always back up. (My years were on mainframe, not PC and have been away from it for 20 years so am WAY out of date.)
I have Microsoft Security Essentials taking care of the virus/malware issues I hope. In today's world I think hope is all you have. I think the BIG RED BOX is a look-alike thing and not the real magilla from SE. When I get back from Kenova (have a consulting gig) Tuesday I will call Kevin to do the uninstall/re-install.
.
Click to expand...
I would never just depend on microsoft products. I use Norton Internet Security and Advance System Care / Malware
.
Click to expand...
Microsoft Security Essentials was quite good many years ago. But now it is really poor software and I strongly recommend replacing it as it does not provide adequate protection.
 
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
Only one issue from my hosting company about using this plug in: "changing the mysql table prefix seems a little risky" I don't know anything about that.
 
EmptyNest said:
swirt said:
I highly recommend the plugin "Better WP Security" When fully configured, it stops brute force attacks and Much Much more..
Click to expand...
Only one issue from my hosting company about using this plug in: "changing the mysql table prefix seems a little risky" I don't know anything about that.
.
Click to expand...
It simply renames the tables from the standard "wp_tablename" to something unique so that hackers can't get to your database by exploiting known table names.
Back up your database first as a precaution, then have the plugin rename them. Unless this is some kind of managed hosting, you should be fine.
 

Latest posts

Back
Top