One of our websites attacked this morning

**bleau canon** · Sep 04th, 2020, 02:50 PM

This is a heads up for keeping your website secured.

This morning one of our personal business websites came under attack from an Ukrainian IP number. Here is the file they were attacking.

September 4, 2020 3:14am 45.10.88.238 (Ukraine) Blocked for Directory Traversal - wp-config.php in query string: download=../../../wp-config.php

In 10 minutes it received 520 attacks from the above IP number to that file. Our in-office support team blocked the IP number in cPanel when they saw the attack taking place. No matter how long it would have lasted if they didn't block the IP number and what would of happened if we didn't have Wordfence installed on the site.

Wordfence is the one that caught it and started blocking the attack.

The site never went down and is still up and running just fine.

So, I'll say again, make sure you have security in place to stop an attack like that. You might would want to block that IP number also, and keep your site updated anytime a new plugin, theme, or WP version update has come out.

**Web Design Forums** · Sep 04th, 2020 02:50 PM

**James1968** · Sep 09th, 2020, 08:40 AM

Thank you for letting us know and keeping us reminded. It's important to remember about security of the website to make sure nobody attacks it. Once in a while it happens that someone tries to break in...

**Daddyfinco** · Sep 10th, 2020, 05:15 PM

Originally Posted by bleau canon

This is a heads up for keeping your website secured.

This morning one of our personal business websites came under attack from an Ukrainian IP number. Here is the file they were attacking.

September 4, 2020 3:14am 45.10.88.238 (Ukraine) Blocked for Directory Traversal - wp-config.php in query string: download=../../../wp-config.php

In 10 minutes it received 520 attacks from the above IP number to that file. Our in-office support team blocked the IP number in cPanel when they saw the attack taking place. No matter how long it would have lasted if they didn't block the IP number and what would of happened if we didn't have Wordfence installed on the site.

Wordfence is the one that caught it and started blocking the attack.

The site never went down and is still up and running just fine.

So, I'll say again, make sure you have security in place to stop an attack like that. You might would want to block that IP number also, and keep your site updated anytime a new plugin, theme, or WP version update has come out.

I really love WordFence. The plugin helps prevent these desperate attackers from having their way. You especially need it more if your WordPress website is popular.

Thanks for the update

**Soul Grinder** · Sep 10th, 2020, 07:09 PM

Wordfence + Invisible Google captcha + Cloudflare is all protection one website needs, plus good hosting provider with good server firewall protection.

If you have paid plan on Wordfence, then Wordfence blocks IP automatically after few tries, so no one needs to do it manually and adds IP on the black list.

Sent from my K7 using Tapatalk

**bleau canon** · Sep 14th, 2020, 01:23 PM

Originally Posted by Soul Grinder

Wordfence + Invisible Google captcha + Cloudflare is all protection one website needs, plus good hosting provider with good server firewall protection.

If you have paid plan on Wordfence, then Wordfence blocks IP automatically after few tries, so no one needs to do it manually and adds IP on the black list.

Sent from my K7 using Tapatalk

All of our sites are on premium Wordfence. The attacked stopped at once when we blocked the ip number in the site's cPanel. It was also blocked on the dedicated server the site is on. I wouldn't count on WF completely stopping an attack like that one was. It doesn't hurt to take more precautions.

**Soul Grinder** · Sep 14th, 2020, 01:57 PM

Originally Posted by bleau canon

All of our sites are on premium Wordfence. The attacked stopped at once when we blocked the ip number in the site's cPanel. It was also blocked on the dedicated server the site is on. I wouldn't count on WF completely stopping an attack like that one was. It doesn't hurt to take more precautions.

But when WF blocks IP and locks it out it adds deny to that IP in htaccess, then when you ban someone's IP through cpanel you are rewriting the same thing in htaccess. So your server administrator didn't nothing except rewrite what WF set. If hacker is good he would use more proxies and VPN but after every 5 tries he would be locked out for 1-2 hours and if he continues all those IPs would be archived under deny in htaccess and added to WF blacklist. Just ask your server administrator to configure WF to better settings instead letting you running it on default.

Sent from my K7 using Tapatalk

**bleau canon** · Sep 14th, 2020, 08:56 PM

Originally Posted by Soul Grinder

But when WF blocks IP and locks it out it adds deny to that IP in htaccess, then when you ban someone's IP through cpanel you are rewriting the same thing in htaccess. So your server administrator didn't nothing except rewrite what WF set. If hacker is good he would use more proxies and VPN but after every 5 tries he would be locked out for 1-2 hours and if he continues all those IPs would be archived under deny in htaccess and added to WF blacklist. Just ask your server administrator to configure WF to better settings instead letting you running it on default.

Sent from my K7 using Tapatalk

Which server admin should I point that out to? We have three and getting ready to start the process to hire two more.

Thread: One of our websites attacked this morning

LinkBack

Thread Tools

Search Thread

Display