Duckduckgo

Hi verityr,

Sorry for late reply.

Wikipedia says that DuckDuckGo is an Internet search engine. So I think someone search your site on DDG using words “html verityregistry.com” as query string.

To identify if the referrals are aimed to hack your site or not, please see the logs of “Login form” in this plugin. For example, the following is a hacking footprint:


Request:
POST[80]:/wp-login.php
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) ...
HTTP headers:
...
$_POST data:
log=admin,pwd=01234567,wp-submit,redirect_to,testcookie


But the following is not:


Request:
GET[80]:/wp-login.php
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) ...
HTTP headers:
...
$_POST data:

The most difference is the “method”, which means “POST” or “GET”. To hack a username and password of your site, the attacker must use “POST” method. But if someone search your site and visit your wp-login.php out of mere curiosity just typing it into his/her browser, then the method should be “GET”.

In any case, strong password and the ability to limit the number of login attempts are easy but still efficient way to protect your site. If you want more adamantine solution, I recommend 2 factors authentication.

Note: I recomment to put “log,pwd” into “$_POST keys to be recorded with their values in logs” at “Record settings” on settings tab. Then you can find what username and password are POSTed by the attacker.

If you have any points to be worried about, please give me your view. Or close this issue and also “blocking my own country“.

Thanks.

Thank you for all your help. All of the IPs coming from Duckduckgo have POST in the logs (POST[80]:/wp-login.php). This is all new to me. I’ve never had a site that was under constant attack, but just from specific groups, such as Ukraine, Russia, Netherlands and Duckduckgo. Are they finding my site in the Duckduckgo search engine and then trying to login? I’m just curious how Duckduckgo is being associated. Thanks again.

Hi,

After updating woocommerce from 2.4.12 to 2.4.13 the woocommerce advanced notification doesn’t work anymore. Customers are notified but the vendors don’t. I’m using the listify theme.

I have restore the backup I have made before the update but the advanced notification doesn’t work. I also have activate the twenty sixteen theme only with the woocommerce, woocommerce bookings, woocommerce bookings and also with the essential plugins (WP job manager, Job manager products).

I Still receive a copy of the on the e-mail configured under settings – general.

Any one have a idea what could be!?

Thanks in advance!

Bruno

Hi verityr,

I’m just curious how Duckduckgo is being associated.

Me too ??

The point of your issue is that you want to block hackers comming from your country. You already decided to use .htaccess for this purpose (thanks for closing the previous issue). And you made me decide to give an UI to this plugin for changing the maximus number of failed login attempts which is 5 by default in the next release. If you change it to ‘0’, subsequent attempts to the first login fail will always be blocked during a certain period. It means anybody can’t mistake their user name and password but it is slightly useful to reduce the risk of your site being hacked.

You know Geo Blocking is helpless for one’s own country. That’s why I give the limiting login attempts and WP-ZEP to this plugin.

Thanks for opening the last and this issue. I hope you keep using this plugin!

Yes, I want to keep ALL hackers away. It all messes up my statistic, which are mostly hackers. Something I noticed about all of these IPs in my Logs under Login is that duckduckgo all have the ISP amazon technologies and amazonaws. Is amazonaws a disguise for amazon?

Thanks again,

Jennifer

OK, this issue may help you. Amazon aws opens their ranges of IPs at https://ip-ranges.amazonaws.com/ip-ranges.json and Example 7 can be added into your theme’s functions.php to block attacks from Amazon servers. Fortunately, DDG announces they use Amazon EC2, and their bot is here.

Would you kindly put the code of Example 7 into your functions.php and let me know the result?

Thanks.

I will do that as soon as they start attacking my site again. Unfortunately I can’t check it out now because I haven’t seen a Duckduckgo IP in 2 days. Can you leave this thread open for a few days so I can wait to see if they come back? I don’t know why all of a sudden they stopped. Maybe they gave up? ??

Maybe they gave up? ??

I hope so ??

Sorry for my marking this issue resolved but I think you can post here at any time. If you can’t, please open a new issue. I always keep watching this forum.

I appreciate your cooperation!

Oh ok, I didn’t know you could mark it resolved and I could come back. ??

So, they didn’t give up, they’re back. I’ve never edited functions.php before. Do I copy and paste everything in Example 7 into it, and is there a special place to put it?

Thanks again in advance!

Hi Jennifer,

You should use an appropriate text editor. Copy & paste the code at the end of your theme’s functions.php (actually, anywhere you like). Then upload it to your server.

Or please use theme edirtor directly on the dashboard.

Don’t forget to backup your original functions.php.

Good luck!

I added it. I’ll be back in a few days to let you know if it’s working! ?? Thank you,

Jennifer

I’m back. ?? I saw one Duckduckgo referral this morning. When I went to the logs, I noticed a difference, there is an “extra” in the result column. What do you think? Thank you,

Jennifer

Hi Jennifer,

Congratulation!! The “extra” means it was blocked by extra IP address which is included from the list of amazon aws servers.

I really appreciate your cooperation. This is the first case that proved Example 7 works correctly.

Please keep using it. And I’d like to hear from you how useful (or unuseful) it is after a month or so.

Thanks again !!

Oh, awesome! I will keep my eye on it and come back in a few weeks. Thank you,

Jennifer