Web bots attacking

19 replies [Last post]
Offline
Joined:
05/22/2008

If you use wordpress for your site you may want to consider this plug in: BruteProtect.

Web bots have been attacking many of my sites today and they are running so slow for editing I could scream!! My hosting company told me one of my sites has had over 5000 log in attempts in the past hour!!!

Of course, strong new passwords should be used. Do not use admin as your log in...that is particularly vulnerable.

swirt's picture
Offline
Joined:
05/17/2008

I highly recommend the plugin "Better WP Security"  When fully configured, it stops brute force attacks and Much Much more. 

Offline
Joined:
05/22/2008

Only one issue from my hosting company about using this plug in: "changing the mysql table prefix seems a little risky"  I don't know anything about that.

swirt's picture
Offline
Joined:
05/17/2008

It simply renames the tables from the standard "wp_tablename" to something unique so that hackers can't get to your database by exploiting known table names.

 

Back up your database first as a precaution, then have the plugin rename them.   Unless this is some kind of managed hosting, you should  be fine.

gillumhouse's picture
Offline
Joined:
05/22/2008

The guy I have doing my computer now thinks my chrome has been compromised. We cannot disable pop-up[s and i am getting a big red box supposedly from Microsoft Security Essentials teling me I have a some stuff trying to get in my system and need to do a system clean. Running a full scam for malware shows nothing. He thinks we should uninstall Chrome and re-install it.  IF we uninstall, will I lose the files I had restored when I had the latest fiasco with my system or will all those files still be there and just the Chrome go bye-bye until re-installed. I hope you understand my reluctance to DO anything.

 

Oh Computer Wise Ones, will I be OK with an uninstall/re-install?

Madeleine's picture
Offline
Joined:
09/29/2011

Generally speaking, uninstalling a program like Chrome won't delete the bookmarks you have saved. They will be there when you do the reinstall.

Not sure what other files you would have that would use Chrome other than bookmarks.

__________________

Everyday, for good or ill, we intersect with some else's story and become a part of it.

 

Offline
Joined:
05/22/2008

Removing chrome won't have any effect on your computer files...you will probably just lose your bookmarks etc. But back them up and then import them back in when your re-install it.

And I ask..do you have all your computer files backed up somewhere other than on your computer. If you do there is no problems.  I just did a total back up of everything on my system yesterday. No big deal you just have to do it.

Do you have anti virus / anti malware  etc on your computer?  I certainly hope so.

gillumhouse's picture
Offline
Joined:
05/22/2008

I have Carbonite backing everything up daily  I spent enough years in IT to know always back up. (My years were on mainframe, not PC and have been away from it for 20 years so am WAY out of date.)

I have Microsoft Security Essentials taking care of the virus/malware issues I hope. In today's world I think hope is all you have. I think the BIG RED BOX is a look-alike thing and not the real magilla from SE. When I get back from Kenova (have a consulting gig) Tuesday I will call Kevin to do the uninstall/re-install.

Offline
Joined:
05/22/2008

I would never just depend on microsoft products. I use Norton Internet Security and Advance System Care / Malware

Offline
Joined:
08/18/2011

Microsoft Security Essentials was quite good many years ago.  But now it is really poor software and I strongly recommend replacing it as it does not provide adequate protection.

Offline
Joined:
05/22/2008

Thanks will check into this one.

Arks's picture
Offline
Joined:
05/22/2010

I'm using "Better WP Security" that Swirt recently recommended. It locks out IP addresses that have too many failed log in attempts and has blocked a LOT in the last few days. It has a lot of settings I don't understand, though. One thing I did in its settings changed all my page names without me realizing it until someone told me none of my menus and links were working.

I changed that setting back to where I used to have it and the menus worked again. So I've learned not to tinker with things I don't understand!

__________________

All saints can do miracles, but few of them can keep hotel. ~ Mark Twain

 

Offline
Joined:
05/22/2008

With this one you don't have to do anything. You just get a free API code and it is done. It puts an arithmetic problem on the log in screen...sort of like on this site to prove your are human. It may do something else but my hosting company told me to install it on several test sites so they can see if it actually helps. We'll see.

Madeleine's picture
Offline
Joined:
09/29/2011

So, how the heck do we protect ourselves when google publishes our log in info? If 'admin' is verboten, and I've changed my log in name, it's not much use if it's now visible to anyone who wants to find it.

Offline
Joined:
08/18/2011

As long as you have a very strong password you don't have to worry much about a bot figuring out the password by brute force (repeated guessing).  Also nearly every bot out there goes after accounts named 'admin' and aren't smart enough to detect any other usernames.

My best guess as far as Google publishing your log in info is your WordPress theme has author pages enabled?  Usually by default the URL for the author page would include your username and the page would have some basic user info on the page.

Madeleine's picture
Offline
Joined:
09/29/2011

How do I disable that?

Offline
Joined:
05/22/2008

Read this...maybe it will tell you has to do with permalinks I think. I have not seen anything like that in your theme. I will check another site using it and see if I can find anything.

http://codex.wordpress.org/Author_Templates

Offline
Joined:
05/22/2008

That is just what I said. Don't use admin as a log in.

For some more details check this site: http://www.wptavern.com/bruteprotect-protecting-against-brute-force-attacks

Offline
Joined:
05/22/2008

exactly where has google published your log in info?

Madeleine's picture
Offline
Joined:
09/29/2011

EmptyNest wrote:

exactly where has google published your log in info?

I sent you an email...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.