Michael Rawlins

Just about me, and stuff

WordPress installations under attack

by Categories: Internet, Social Media #Tagged: , , , , , , ,

I was checking my syslogs yesterday and I noticed a lot entries that started with the word ALERT and seemed to relate to someone or something trying to force their way in to some of my sites. Entries like:

  • ALERT – tried to register forbidden variable
  • ALERT – ASCII-NUL chars not allowed within request variables – dropped variable

I also saw a lot of FTP action in there:

Feb 10 05:38:25 web1 pure-ftpd: (?@120.36.50.XX) [INFO] New connection from 120.36.50.XX
Feb 10 05:38:26 web1 symbiosis-check-ftp-password: Non-existent domain “couk” from 120.36.50.XX for ftp service
Feb 10 05:38:26 web1 symbiosis-check-ftp-password: ftp login failure from IP: 120.36.50.XX username: “couk”
Feb 10 05:38:29 web1 pure-ftpd: (?@120.36.50.XX [WARNING] Authentication failed for user [couk]
Feb 10 05:38:29 web1 pure-ftpd: (?@120.36.50.XX) [INFO] Logout.

I run the excellent Wordfence plugin on my sites to help bolster the security of them, I read their blog from time to time and this morning came across their post from yesterday

Large distributed brute force attack underway

It seems that there has been an increase in attacks on WordPress sites over the past day or so, the blog says

Starting at 11am EST this morning we saw a roughly 30 times increase in the volume of brute force attacks across WordPress websites running the WordPress.org software. The attack ramped up so quickly that we initially questioned the data we were seeing and immediately deployed code to verify that the reports we were receiving were accurate and not an attack on our own systems. Within a few seconds it became clear that the attack was in fact real and being reported from across the universe of WordPress websites.

Even though Wordfence does a good job of keeping my sites safe, seeing this has made me go back to check and update my security settings all the usual things that you should do with WordPress

  • Strong passwords on all user accounts
  • Strong passwords for FTP & SFTP*
  • Security housekeeping for user accounts & plugins

Now is as good time as any to check your WordPress security before it is too late. 10 minutes now will save you a world of pain rebuilding sites.

*I’ve removed SFTP access on some sites, I can turn it back on as and when I need it.

Comments

Instagrams

mike_rawlins

Link to display lightbox
Instagram post 2186627375018280250_404855 A Manchester Bee pin from the lovely Current Mrs R #bee #manchester #hometown #hometownpride #centeroftheuniverse #manbeeco

A Manchester Bee pin from the lovely Current Mrs R
#bee #manchester #hometown #hometownpride #centeroftheuniverse #manbeeco ...

13 0
Link to display lightbox
Instagram post 2176393728617283679_404855 The boys 😍 Jake & Elwood @bluesbeagles Jake has had his stitches out and is on the road to recovery. #beagle #beaglesofinstagram #dailybeagle #instabeagle #instabeagles

The boys 😍 Jake & Elwood @bluesbeagles Jake has had his stitches out and is on the road to recovery. #beagle #beaglesofinstagram #dailybeagle #instabeagle #instabeagles ...

25 1
Link to display lightbox
Instagram post 2174001325900100688_404855 Frosty morning dog walk. Only Elwood, Jake @bluesbeagles isn't allowed to do a full walk yet. #cold #frost #beagle #beaglesofinstagram #field #turriff #aberdeenshire #scotland #winter

Frosty morning dog walk. Only Elwood, Jake @bluesbeagles isn't allowed to do a full walk yet. #cold #frost #beagle #beaglesofinstagram #field #turriff #aberdeenshire #scotland #winter ...

12 0