My site being attacked

  • Hi

    My new clients site was hacked before I installed wordfence. I am sure there is still some malicious code but my mandate was just to make sure it was not handing out malware to visitors as it was.

    At the moment every day it is having multiple login attamepts from all over the planet.

    I want to know, when I delete WP, delete the DB and start the site completely fresh, with a new theme and manually readding the content.

    Has the URL been added to some sort of a list and will it continue to get these hack attempts or once it is clean and new, will they stop?

    Thanks

    https://www.ads-software.com/plugins/wordfence/

Viewing 6 replies - 1 through 6 (of 6 total)

  • before you delete your site – suggest you contact your webhost and ensure mod_sec is running to block multiple login attempts

    Thread Starter daveonearth

    (@daveonearth)

    Thank you.

    So if Bots are currently tageting this URL, is it on some sort of a bot list? Will the attempts carry on once the site is free from any Malware and mal code.

    I doubt that there is a list of sites or if there is, there must be bots that look for and find WordPress sites. My sites get attacked even if they never had any malware. https://www.wordfence.com homepage shows a map of attacks in real-time.

    If you don’t have other users who have to login to the same site, the botnet blocker I wrote about is very effective. You have to change the settings after installing.

    IQ Block Country is another good plug-in to block access to the front-end and backend from foreign countries.

    The paid version of Wordfence also allows you to block foreign countries and is a better choice since it provides other services with only one plug-in and it’s not expensive.

    In addition to Wordfence, I use Cloudflare. It has some security options (including country blocking) and does a pretty good job of filtering out attacks.

    Hi

    Being on a list is a very open ended question and hard for anyone to answer. Is it possible? Yes. But like others have stated, most of these bots just run on auto-pilot. Deleting the site and starting over is not going to stop the attacks from coming, lists, when are created are often associated with IPs or Domain names. Unless you change both, you’ll likely still the issue, and if you do start over it’ll only be a matter of time before your site gets hit again.

    If your concern is stopping it outright then you’ll want to look Website Firewalls like those provided by CloudFlare, Sucuri or Incapsula. All edge level services that will make the noise go away.

    Thanks

    Bots and automated hacking attempts are a fact of life.

    In recent weeks there have been a big spike in attempts to hack the xmlrpc.php files of WP installations https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

    There is no silver bullet or “magic answer” that fits every situation – each server set up and wordpress site requirements are different.

    If you are on a shared server hosting account, your webhost should really have some server security e.g. firewall to prevent excessive traffic from bots (most decent hosts do). If you are on a VPS etc, you might have to find the answer yourself – e.g. a combination of solutions to try to mitigate the high traffic from bots, yet allow legitimate users through.

    There are several plugins out there that claim to help with this, though I’ve never really found them much good. A better solution is cloudflare or similar, but it comes at the expensive of additional time and technical understanding.

    Personally, I have found good results by using mod_sec rules and CSF on my VPS. This is where a decent webhost comes in handy as they can advise.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘My site being attacked’ is closed to new replies.