Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
Like Tree5Likes
  • 2 Post By bleau canon
  • 1 Post By James1968
  • 1 Post By Daddyfinco

Thread: One of our websites attacked this morning

  1. #1
    Senior Member bleau canon's Avatar
    Join Date
    Mar 2011
    Location
    Appalachia Blue Ridge Mts.
    Posts
    620
    Member #
    27201
    Liked
    195 times

    One of our websites attacked this morning

    This is a heads up for keeping your website secured.

    This morning one of our personal business websites came under attack from an Ukrainian IP number. Here is the file they were attacking.

    September 4, 2020 3:14am 45.10.88.238 (Ukraine) Blocked for Directory Traversal - wp-config.php in query string: download=../../../wp-config.php

    In 10 minutes it received 520 attacks from the above IP number to that file. Our in-office support team blocked the IP number in cPanel when they saw the attack taking place. No matter how long it would have lasted if they didn't block the IP number and what would of happened if we didn't have Wordfence installed on the site.

    Wordfence is the one that caught it and started blocking the attack.

    The site never went down and is still up and running just fine.

    So, I'll say again, make sure you have security in place to stop an attack like that. You might would want to block that IP number also, and keep your site updated anytime a new plugin, theme, or WP version update has come out.
    Last edited by bleau canon; Sep 04th, 2020 at 02:54 PM.
    delstu and Daddyfinco like this.
    Bleau
    "Give the gift of life, Adopt a child, And an Animal"

  2.  

  3. #2
    Junior Member
    Join Date
    Sep 2020
    Posts
    1
    Member #
    61979
    Liked
    1 times
    Thank you for letting us know and keeping us reminded. It's important to remember about security of the website to make sure nobody attacks it. Once in a while it happens that someone tries to break in...
    bleau canon likes this.

  4. #3
    Junior Member
    Join Date
    Jul 2020
    Posts
    3
    Member #
    61847
    Liked
    1 times
    Quote Originally Posted by bleau canon View Post
    This is a heads up for keeping your website secured.

    This morning one of our personal business websites came under attack from an Ukrainian IP number. Here is the file they were attacking.

    September 4, 2020 3:14am 45.10.88.238 (Ukraine) Blocked for Directory Traversal - wp-config.php in query string: download=../../../wp-config.php

    In 10 minutes it received 520 attacks from the above IP number to that file. Our in-office support team blocked the IP number in cPanel when they saw the attack taking place. No matter how long it would have lasted if they didn't block the IP number and what would of happened if we didn't have Wordfence installed on the site.

    Wordfence is the one that caught it and started blocking the attack.

    The site never went down and is still up and running just fine.

    So, I'll say again, make sure you have security in place to stop an attack like that. You might would want to block that IP number also, and keep your site updated anytime a new plugin, theme, or WP version update has come out.
    I really love WordFence. The plugin helps prevent these desperate attackers from having their way. You especially need it more if your WordPress website is popular.

    Thanks for the update
    bleau canon likes this.

  5. #4
    Junior Member
    Join Date
    Sep 2020
    Posts
    15
    Member #
    61988
    Liked
    1 times
    Wordfence + Invisible Google captcha + Cloudflare is all protection one website needs, plus good hosting provider with good server firewall protection.

    If you have paid plan on Wordfence, then Wordfence blocks IP automatically after few tries, so no one needs to do it manually and adds IP on the black list.

    Sent from my K7 using Tapatalk
    Last edited by Soul Grinder; Sep 10th, 2020 at 07:13 PM.

  6. #5
    Senior Member bleau canon's Avatar
    Join Date
    Mar 2011
    Location
    Appalachia Blue Ridge Mts.
    Posts
    620
    Member #
    27201
    Liked
    195 times
    Quote Originally Posted by Soul Grinder View Post
    Wordfence + Invisible Google captcha + Cloudflare is all protection one website needs, plus good hosting provider with good server firewall protection.

    If you have paid plan on Wordfence, then Wordfence blocks IP automatically after few tries, so no one needs to do it manually and adds IP on the black list.

    Sent from my K7 using Tapatalk
    All of our sites are on premium Wordfence. The attacked stopped at once when we blocked the ip number in the site's cPanel. It was also blocked on the dedicated server the site is on. I wouldn't count on WF completely stopping an attack like that one was. It doesn't hurt to take more precautions.
    Bleau
    "Give the gift of life, Adopt a child, And an Animal"

  7. #6
    Junior Member
    Join Date
    Sep 2020
    Posts
    15
    Member #
    61988
    Liked
    1 times
    Quote Originally Posted by bleau canon View Post
    All of our sites are on premium Wordfence. The attacked stopped at once when we blocked the ip number in the site's cPanel. It was also blocked on the dedicated server the site is on. I wouldn't count on WF completely stopping an attack like that one was. It doesn't hurt to take more precautions.
    But when WF blocks IP and locks it out it adds deny to that IP in htaccess, then when you ban someone's IP through cpanel you are rewriting the same thing in htaccess. So your server administrator didn't nothing except rewrite what WF set. If hacker is good he would use more proxies and VPN but after every 5 tries he would be locked out for 1-2 hours and if he continues all those IPs would be archived under deny in htaccess and added to WF blacklist. Just ask your server administrator to configure WF to better settings instead letting you running it on default.

    Sent from my K7 using Tapatalk
    Last edited by Soul Grinder; Sep 14th, 2020 at 02:02 PM.

  8. #7
    Senior Member bleau canon's Avatar
    Join Date
    Mar 2011
    Location
    Appalachia Blue Ridge Mts.
    Posts
    620
    Member #
    27201
    Liked
    195 times
    Quote Originally Posted by Soul Grinder View Post
    But when WF blocks IP and locks it out it adds deny to that IP in htaccess, then when you ban someone's IP through cpanel you are rewriting the same thing in htaccess. So your server administrator didn't nothing except rewrite what WF set. If hacker is good he would use more proxies and VPN but after every 5 tries he would be locked out for 1-2 hours and if he continues all those IPs would be archived under deny in htaccess and added to WF blacklist. Just ask your server administrator to configure WF to better settings instead letting you running it on default.

    Sent from my K7 using Tapatalk
    Which server admin should I point that out to? We have three and getting ready to start the process to hire two more.
    Bleau
    "Give the gift of life, Adopt a child, And an Animal"


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:05 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com