Brute Force Attacks – Bloggers Beware!

Share

Blogger beware

So, you want to be a blogger. You organize, memorize and set up your incredibly unique pages on your new website. You even figured out how to do it all by yourself. Everything is exactly how you envisioned it. You keep working hard to make your content high quality, to make it stand out, to make it user friendly to rise in the SEO rankings. Lucky for you (and the rest of us who are technologically challenged) there are websites that help,is create websites. WordPress, Squarespace, Weebly – all of these allow you to personalize and keep up to date with all sorts of great plug ins or add ons. Your site stands out, it is a personal reflection of you, your business, blog or otherwise. You’re all Ste. You go live, and BAM! Your traffic shoots up. You’re ecstatic because you are in your way to making it big, right? Well, maybe. You learn the hard way that you need to be vigilant and watch your stats. Common lowlife theives ing hackers want your site. The golden currency of the Internet in quality content. They need your choice, juicy, incredible content to lure the unsuspecting visitor once they’ve gained control of your site. Nervous? You should be.

Brute force attacks are becoming incredibly common against any CMS (content management system, for those like me who were clueless a minute ago). Let’s review. You created an awesome website. You have published quality, interesting and unique content. In a few short weeks you have followers, and that means traffic. Some of these are little cyberbots. You’re not afraid of those Google or Yahoo bits, they’re just scanning. But beware those nasty, little spiders from cyberspace who have only one main function – to penetrate and take over your site.  These little bots extend their webby bot fingers to break into as many websites as possible by guessing their passwords. If they can find a match, they waste no time in taking over and whisking control of your precious hard work. Feeling violated? You should. These hacks use your site to distribute malware, viruses spam and links from your amazing and unique content to spoof and porn websites.

Let’s face it, the hackers have no idea if you’re truly vulnerable or imagenot. If you have a website, you need to always be on the lookout for anomalies. Watch for suspicious activity in your traffic, views, hits and database. If your stats spike suddenly in an unusual fashion, I sincerely hope you’ve made it, but chances are, you have a big problem in your hands. You will want to make sure you are locked down as tightly as possible. Make your passwords random, long, unique and difficult to guess, especially for your database. That’s the golden treasure for hackers, now, they have it all! The bits start small, and progress through the most common 200-300 passwords in a heartbeat.  Look at the following example, taken from sucuri’s own internal monitoring of their site. They were able to see the pattern the bots took:

user: admin,pass: admin

user: admin, pass:123456

user: admin, pass:123123

user: admin, pass:112233  …..and so on and so on.

The best way to limit you vulnerability is to keep your WordPress account updated at all times. This includes your plug-ins, but be aware, that not all software developers (plug-in companies) notify users of their open vulnerabilities. They try to hide the fixing of the issues, and sometimes, the  issues cannot be resolved, and you are open to attack.

So what should you be looking at if your traffic suddenly spikes? After the initial glee that you’re making it (and I sincerely hope you are), take a look at your database codes. If there are too many hits or page reads for the amount of visitors, there’s a good bet you were the victim of a break in or attempted hack.  Keep a close eye on the following:

admin-ajax.phpWatch these

wp-config.php

admin.pho

admin-post.php

All of mine were targeted. I had 266 attacks in one day, and I promise, I’m not doing the happy dance. You and I both need to understand it’s not personal. They don’t give one whit about us or our content. It’s all about harvesting websites to use for nefarious, evil hacker plots. With so many WordPress users, it’s easy for them to trigger mass attacks on WP sites. Keep in mind fellow blogger, artist, writer, etc. that the more popular and successful you and your site become, the more likely you will become a target. As your awesome site rises in the search engines,mane your site content becomes popular and sought out, the more likely these spider hackers will attempt to break into your site. The cyber spiders look for your site. They report the numbers, sell your information, and POOF! You’re a goner.

i have mentioned before in my article on site scrapers, about monitoring IP addresses. Be vigilant, be careful. My latest attackers copied my home IP so it appeared I was hacking myself. I hadn’t even been to the site all day. It turns out that it was made available from one of the security plugins I installed to protect my site. If you’re using ithemes, NEVER white,it’s your IP address. It’s like an open invitation to these maniacal hacking thieves.

So why WordPress? Originally, the bots attacked using wp-login.php attempts. If they could pretend they were the admin/user, they could gain control of the site. But now, they have evolved.  There is something in the coding of our sites that read XMLRPC. I’m not IT trained, or code trained, but my guy tells me that it makes it harder to detect these hackers. The hackers can be successful because many of the calls in WordPress implementation (nothing I understand here) require a username and password. If your web monitoring IT guy or gal sees a lot of “WP.getusersBlogs” or “WP.getComments” you have most likely been victimized and attacked. Hopefully, you’re protection is deeper and you’re still safe. These bots will not only try using “admin” to get in as I mentioned earlier, but will now seek out your domain name and the real admin as well.  Demon hackers

 

Now that you’re sufficiently freaked out, I have a list of the 7 most popular plug ins that will almost definitely get you hacked. (they’re usually fixing issues, so that’s something myou might check on)

  1. Slider Revolution
  2. Updraft Plus
  3. Fancy Box for WordPress
  4. Easy Media Gallery
  5. WP Ultimate CSV Importer
  6. All-in-One Security Plug-In
  7. WordPress Download Managers

An added note: I saw a mention about Jetpack and Yoast as well

OK, so now, what’s your plan of action? Short of watching your stats 24/7 and having someone awesome monitoring your site ; all activity, database and incoming IP addresses, what are your options?

Be vigilant. Make sure your passwords are random and not easily figured out. Mix it up bloggers!

Back up your database. Your database is golden, it holds all your articles, reader comments, and more. Back it up every day or two if you post regularly and have normal traffic.

Keep an eye on Sucuri’s blog. They crawl all over the WordPress forums and document the latest issues and problems for those running a WordPress site.

Also valuable is WordPress’ own Vulnerability Database. It’s updated quite often.

There are many ways to block these Brute Force Attack, including a new plug in on WordPress. However, rember that these hackers are constantly evolving. Sucuri’s says blocking at the edge (ask your IT guy) will be your preferred method until all the lug ins are secured. Use a good firewall and keep an eye on all activity. One of the biggest flaws with WordPress and others like it is that we relinquish control. Since we untechnologically savvy people build our sites based in the easy logins, we make it too easy for the bits to come by and grab our site. Watch out for the third party plug ins. Remember, if something seems too good be true, it probably is.  Learn how to prot ct yourself from site scrapers and hackers. Watch out for weirdness. It’s not always a cool new trend.

have you been hacked? Stalked, vitamins by cyberspiders? Share your experience and solutions in the comments. Thanks and stay caffeinated .☕️

Share

1 Comment

  1. It would appear that because of WordPress’s success and the failure of many websites to maintain the latest versions of fixes and patches in security along with not using a strong password protection and changing it on a regular basis have attracted all of the same elements that led to all those message boards [similar to CMS web pages in concept and storage] failing years ago.

1 Trackback / Pingback

  1. WordPress and the dangers of websites – Intruder Alert

Comments are closed.