Tag Archives: attack

Sysadmin: How to protect WordPress against “POST /wp-login.php” attacks

Wordpress attackDuring last few weeks I’ve witnessed repeated semi-successful attacks against WordPress sites. This attack is easy to recognize – server response is extremely slow and if you take a look at apache ‘server-status’ page you will see multiple ‘POST /wp-login.php’ requests from different IPs.
Read more »

Share Button

sysadmin: Brute Force Detection – first line of defense

Most of the hosting servers nowadays are plagued by brute force attacks – too many computers running some or other botnet, too many “no brainer” scan tools are available for the interested.
There are always somebody who doesn’t bother to select good password to secure his account on the server and that could potentially bring a lot of problems not only to him but to the whole hosting company as well – imagine brute-forced password used for SMTP AUTH to send massive amounts of SPAM from the compromised server?
Now there is lot of countermeasures invented for that and here I will explain which one I prefer and why.
Read more »

Share Button

Wordpress: spambots mating season

wp-spamDid anyone notice how quadrupled number of spam comments during last week? I usually check Comments->SPAM folder on daily basis and where usually was about 3-8 comments a day now no less then 70.
It’s interesting and educating to observe how spamming technologies and tools evolve over time – just a few weeks ago there was a wave of spam comments masquerading as pingbacks from completely unrelated blogs, then (mostly from russian origins) spam comments containing couple of paragraphs of text from some text book, now almost every other spam comment contains url from gravatar.com site.
Thanks to the excellent anti-captcha plugin nobody ever sees these comments on my blog except me, in spam folder, and if a real person will decide to leave the comment he will not need to strain his vision trying to recognize graphical captcha (I hate it too).

Share Button

.htaccess anti-RFI mod_rewrite rules

RFI – Remote File Inclusion (or “nesting” – though last term is not so widely used, and it’s not the same as XSS I beleive) is very serious security threat – especially in webhosting environment where there is no time and manpower available to audit and vet all customers PHP scripts. Let’s see if there are other ways to reduce the threat

Read more »

Share Button